Critical Information Infrastructure Protection

European Definitions

Council Communication COM(2011)163 final

No definition provided[1].

Other International Definitions


Critical Information Infrastructure Protection (CIIP) is defined as all activities aimed at ensuring the functionality, continuity and integrity of CII in order to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident. [2]

National Definitions

Czech Republic

Critical Information Infrastructure Protection (CIIP) is a subset of CIP. CIIP focuses on the protection of systems and assets including components such as telecommunications, computers/software, Internet, satellites, fibre optics etc., and on interconnected computers and networks, and the services they provide. [3]


The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations. [4]


Protezione delle infrastrutture critiche informatizzate (CIIP): azioni tese ad innalzare il livello di sicurezza, affidabilità e correttezza di tutte quelle infrastrutture critiche che utilizzano, in tutto o in parte, una qualunque infrastruttura informatica per il loro monitoraggio, la loro gestione o il loro controllo; includendo, naturalmente, nel novero delle infrastrutture critiche anche quelle informatiche e specificatamente Internet. [5]


In order to continuously provide CII services and to avoid serious effects on the public welfare and socioeconomic activities from IT outages resulting from natural disasters, cyber-attacks or other causes, all stakeholders should protect CII by reducing the risk of IT outages as much as possible and by ensuring prompt recovery from IT outages. [6]


Mbrojtja e infrastrukturës kritike të informacionit (MIKI): Programet dhe aktivitetet e pronarëve, operatorëve, prodhuesve, përdoruesve dhe autoriteteve rregullatore të infrastrukturës, të cilat kanë për qëllim të ruajnë performancën e infrastrukturave kritike të informacionit në rast të dështimit, sulmit apo aksidenteve mbi një nivel të definuar minimal të shërbimeve, si dhe që synojnë shkurtimin e kohës së rikuperimit dhe tkurrjen e dëmeve. [7]

Critical Information Infrastructure Protection (CIIP): The programs and activities of infrastructure owners, operators, manufacturers, users, and regulatory authorities which aim at keeping the performance of critical information infrastructures in case of failures, attacks or accidents above a defined minimum level of services and aim at minimising the recovery time and damage. [8]

CIIP should therefore be viewed as a cross-sector phenomenon rather than being limited to specific sectors. CIIP should be closely coordinated with Critical Infrastructure Protection from a holistic perspective.

Russian Federation

безопасность критической информационной инфраструктуры - состояние элементов критической информационной инфраструктуры и критической информационной инфраструктуры в целом, при котором проведение в отношении ее компьютерных атак не влечет за собой тяжких последствий.

Critical information infrastructure security is the state of critical information infrastructure and critical information infrastructure as a whole, in which the holding in respect of its computer attacks do not entail grave consequence. [9]

Good Practices

  1. The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers. [10]
  2. Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers. [11]
  3. Critical Information Infrastructure Protection (CIIP). [12]

