Critical Information Infrastructure
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Albania
- 1.3.2 Australia
- 1.3.3 Austria
- 1.3.4 Brazil
- 1.3.5 Bulgaria
- 1.3.6 Colombia
- 1.3.7 Croatia
- 1.3.8 Czech Republic
- 1.3.9 Estonia
- 1.3.10 Finland
- 1.3.11 India
- 1.3.12 Indonesia
- 1.3.13 Islamic Republic of Afghanistan
- 1.3.14 Japan
- 1.3.15 Lithuania
- 1.3.16 Norway
- 1.3.17 Qatar
- 1.3.18 Republic of Trinidad & Tobago
- 1.3.19 Russian Federation
- 1.3.20 South Africa
- 1.3.21 Turkey
- 1.3.22 Uganda
- 1.3.23 United Kingdom
- 1.3.24 United States
- 1.3.25 Uruguay
- 1.4 Standard Definition
- 2 See also
- 3 Notes
Definitions
European Definitions
Council Communication COM(2011)163 final
Council Directive 2016/1148
Other International Definitions
African Union
OECD
National Definitions
Albania
Australia
Austria
Brazil
Critical information Infrastructures are the subset of information assets that directly affect the achievement and continuity of state mission and the safety of society.
Bulgaria
Критична информационна инфраструктура са както мрежите, каналите и системите за управлението и поддържането им.
Colombia
Infraestructura crítica: Es el conjunto de computadores, sistemas computacionales, redes de telecomunicaciones, datos e información, cuya destrucción o interferencia puede debilitar o impactar en la seguridad de la economía, salud pública, o la combinación de ellas, en una nación). [10]
Croatia
Kritična komunikacijska i informacijska infrastruktura – komunikacijski i informacijski sustavi čiji bi poremećaj u funkcioniranju bitno poremetio rad pojedine ili više identificiranih nacionalnih kritičnih infrastruktura. [11]
Czech Republic
Within the field of cyber security, a critical infrastructure means an element or system of elements of the critical infrastructure in the sector of communication and information systems. [13]
Zákonem jasně vymezený komplex informačních systémů, jejichž nefunkčnost by měla závažný dopad na bezpečnost státu, ekonomiku, veřejnou správu a zabezpečení základních životních potřeb obyvatelstva.
Estonia
The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations.
Finland
India
Indonesia
Islamic Republic of Afghanistan
Japan
Lithuania
Ypatingos svarbos informacinė infrastruktūra – elektroninių ryšių tinklas ar jo dalis, informacinė sistema ar jos dalis, informacinių sistemų grupė ar pramoninių procesų valdymo sistema ar jos dalis, nepaisant to, ar jos valdytojas yra privatus ar viešojo administravimo subjektas, kuriuose įvykęs kibernetinis incidentas gali padaryti didelę žalą nacionaliniam saugumui, šalies ūkiui, valstybės ir visuomenės interesams. [21]
Norway
Kritisk IKT-infrastruktur defineres som kritisk infrastruktur for elektronisk kommunikasjon. [23]
Qatar
Criteria for being critical are:
- Identify the organization’s key core business processes and their dependency on assets owned and managed by the organization (e.g., power plant, refinery, general ledger, etc.);
- Use impact severity table to determine an impact score for the loss/non-functioning of each key asset; and
- Classify all assets as critical when the criticality score is greater than twenty (20) according to the impact criteria table in [24] [25].
Republic of Trinidad & Tobago
Russian Federation
критическая информационная инфраструктура Российской Федерации - совокупность автоматизированных систем управления КВО и обеспечивающих их взаимодействие информационно- телекоммуникационных сетей, предназначенных для решения задач государственного управления, обеспечения обороноспособности, безопасности и правопорядка, нарушение (или прекращение) функционирования которых может стать причиной наступления тяжких последствий. [27]
South Africa
Turkey
Kritik altyapılar: İşlediği bilginin gizliliği, bütünlüğü veya erişilebilirliği bozulduğunda, can kaybına, büyük ölçekli ekonomik zarara, ulusal güvenlik açıklarına veya kamu düzeninin bozulmasına, yol açabilecek bilişim sistemlerini barındıran altyapıları. [30] [31]
Uganda
United Kingdom
United States
DHS =
Critical information infrastructure (CII) is any physical or virtual information system that controls, processes, transmits, receives or stores electronic information in any form including
data, voice or video that is: (1) Vital to the functioning of critical infrastructure; (2) So vital to the United States that the incapacity or destruction of such
systems would have a debilitating impact on national security, national economic security, or national public health or safety; or (3) Owned or operated by or on behalf of a State, local, tribal, or territorial government entity. (Adapted from the Administration’s cyber legislative proposal)]. [34]
Uruguay
Standard Definition
IETF
See also
- Critical Information Infrastructure Protection
- Critical Infrastructure
- Critical Infrastructure Protection
Notes
- ↑ COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’
- ↑ [Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 (NIS Directive]
- ↑ AFRICAN UNION CONVENTION ON CYBER SECURITY AND PERSONAL DATA PROTECTION, LC12490, 27th June 2014
- ↑ OECD Recommendation of the Council on the Protection of Critical Information Infrastructures C(2008)35
- ↑ Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
- ↑ Critical Information Infrastructure Risk Management, VICTORIAN GOVERNMENT CIO COUNCIL, 2012
- ↑ Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Portaria Nº 34, de 5 de agosto de 2009. Conselho de Defesa Nacional, Secretaria Executiva (2009).
- ↑ „Кибер устойчива България 2020” - Republic of Bulgaria: national cyber security strategy "Cyber Resilient Bulgaria 2020"(2016)
- ↑ Lineamientos de política para la Ciberseguridad y Ciberdefensa, Conpes 3701 (2011) based on Resolución CRC 2258 from 2009.
- ↑ National Cyber Security Strategy draft (2015)
- ↑ Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Critical Information Infrastructure Protection Estonia
- ↑ Finlands' Cyber Security Strategy
- ↑ Section 70(1) of the Information Technology Act Ammendment (2008)
- ↑ Indonesia's National Cyber Security Strategy
- ↑ National Cyber Security Strategy of Afghanistan (2014)
- ↑ The Basic Policy of Critical Information Infrastructure Protection (3rd Edition), Japan (2015)
- ↑ GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 2011–2019
- ↑ LIETUVOS RESPUBLIKOS KIBERNETINIO SAUGUMO ĮSTATYMAS 2014 m. gruodžio 11 d. Nr. XII-1428 Vilnius
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ 24.0 24.1 QATAR National Cyber Security Strategy (May 2014) Cite error: Invalid
<ref>
tag; name "Qatar" defined multiple times with different content - ↑ 25.0 25.1 الاستراتيجية الوطنية للأمن السيبراني QATAR NCSS - Arabic version (May 2014) Cite error: Invalid
<ref>
tag; name "Q2" defined multiple times with different content - ↑ Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)
- ↑ NATIONAL SECURITY OF RUSSIA - Information security (February 3, 2012, № 803)
- ↑ South Africa Cyber Security Policy, Staatskoerant No. 32963, 10 Feb 2010
- ↑ Turkey's National Cyber Security Strategy and 2013-2014 Action Plan
- ↑ UlUSAL SİBER GÜVENLİk STRATEJİSİ VE
- ↑ 2016-2019 ULUSAL SİBER GÜVENLİK STRATEJİSİ
- ↑ National Information Security Policy (2011)
- ↑ Cyber Security in the UK, Postnote Number 389, September 2011
- ↑ Blueprint for a secure cyber future, DHS Nov 2011
- ↑ Decreto No. 451/009 item No. 3
- ↑ IETF RFC449 Internet Security Glossary 2