Answer: The Information Technology Act of 2000 defines ‘Critical Information Infrastructure’ as a ‘computer resource, the incapacitation or destruction of which shall have debilitating im- pact on national security, economy, public health or safety’. The government, under the Act, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.

Need to secure critical information infrastructure(CII):

• Multiplier effect of disruption: IT resources form the backbone of countless critical operations in a country’s infrastructure, and given their interconnectedness, disruptions can have a cascading effect across sectors.
• For example: Failure at a major power grid can lead to prolonged outages crippling other sectors like healthcare, banking services, etc.
• Security of nation: As an attack on CII can undermine security of a nation by disrupting critical services dependent on access to information infrastructure.
• For example, Stuxnet computer virus disrupted the Iranian nuclear program by damaging centrifuges used to separate nuclear material
• To prevent cyber-attack and economic loss: In recent years, cyber-attacks on the CII of banks, hospitals, nuclear power plants, IITs have increased.
• In October 2020, due to a China linked cyber-attack, the electric grid supply to Mumbai suddenly broke down hitting the mega city’s hospitals, trains and businesses.

Institutional and legislative framework in India to guard against cyber threats:

• National Cyber Security policy (2013): The goal of this policy is to guarantee safe and reliable cyberspace for individuals, organizations, and the government.
• Computer Emergency Response Team (CERT-In): It operates as an automated cyber threat exchange platform to proactively collect, analyze and share tailored alerts with organizations across sectors for proactive threat mitigation actions by them.
• National Critical Information Infrastructure Protection Centre (NCIIPC): It is the nodal agency for taking all measures to protect the nation’s critical information infrastructure.
• National Cyber Coordination Centre (NCCC): It generates necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities.
• Indian Cyber Crime Coordination Centre (I4C): It provides a framework and eco-system for law enforcement agencies for dealing with Cybercrime in a coordinated and comprehensive manner.

In order to deal with challenges related to cyber security a division has been established under the Ministry of Home Affairs to deal with Cyber and Information Security. But apart from these a comprehensive cyber security strategy is need of hour to deal with emerging challenges related to it.