National Critical Information Infrastructure Protection Centre (NCIIPC)

In the recent times, there is an increasing stress upon cyber security at the international level. This is so because cyber-attacks are happening at the international level and all the countries are facing this threat. Countries are trying to coordinate cyber security initiatives at national and international levels. However, cyber security in India is still not up to the mark. India is increasingly facing cyber-attacks and cyber threats from foreign nationals.

For instance, cyber terrorism against India, cyber warfare against India, cyber espionage against India and cyber-attacks against India have increased a lot. Previously, we did not have a strong cyber law to deter cyber-attacks and cyber-crimes. Further, we had no cyber security laws in India as well.

In the verge of finding a strong solution to this, a national critical information infrastructure protection centre (NCIIPC) of India was been proposed & brought into existence. It intends to ensure critical infrastructure protection and critical ICT infrastructure protection in India.

Ministry of communication and information technology (MCIT) has already taken certain initiatives in this regard. For instance, a central monitoring system (CMS) project of India has been launched by MCIT to monitor and intercept electronic communications, messages and information. Further, a national telecom network security coordination board (NTNSCB) of India has also been proposed to strengthen the national telecom security of India.

Similarly, the home ministry of India has also launched national intelligence grid (Natgrid) project of India, crime and criminal tracking networks and systems (CCTNS) project of India, national counter terrorism centre (NCTC) of India, etc. These projects intend to strengthen the intelligence gathering and counter terrorism capabilities of India.

The cyber law of India must be suitably amended, perhaps repealed, to make a more robust and stringent cyber law of India. We need dedicated cyber security legal framework in India and cyber forensics laws in India.

What is NCIIPC?

National Critical Information Infrastructure Protection Centre (NCIIPC) is an organisation of the Government of India created through a gazette notification based in New Delhi, India, it is designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection.

NCIIPC has broadly identified many critical sectors, few of them are as follows: 

• Power & Energy
• Banking, Financial Institutions & Insurance
• Information and Communication Technology
• Transportation
• Government (except those under the Ministry of Defence)
• Strategic Public Enterprises
• States and Union Territories

What NCIIPC does?

It takes all necessary measures to facilitate protection of Critical Information Infrastructure from unauthorized access, modification, use, disclosure, disruption, incapacitation or distraction through coherent coordination, synergy and raising information security awareness among all stakeholders. 

Operations of NCIIPC:

• They protect and deliver advice that aims to reduce the vulnerabilities of critical information infrastructure, against cyber terrorism, cyber warfare and other threats.
• They identify all critical information infrastructure elements for approval by the appropriate Government for notifying the same.
• They coordinate, share, monitor, collect, analyse and forecast, national level threat to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.
• They evolve protection strategies, policies, vulnerability assessment and auditing methodologies and plans for their dissemination and implementation for protection of Critical Information Infrastructure.
• They develop/organise training and awareness programs as also nurturing and development of audit and certification agencies for protection of Critical Information Infrastructure.
• They issue guidelines, advisories and vulnerability or audit notes etc. relating to protection of critical information infrastructure and practices, procedures, prevention and response in consultation with the stake holders, in close coordination with Indian Computer Emergency Response Team and other organisations working in the field or related fields.
• In the event of any threat to critical information infrastructure the National Critical Information Infrastructure Protection Centre may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure.
• Undertaking research and development and allied activities, providing funding (including grants-in-aid) for creating, collaborating and development of innovative future technology for developing and enabling the growth of skills, working closely with wider public sector industries, academia and with international partners for protection of Critical Information Infrastructure.

NCIIPC has also been instrumental in declaring two major entities as protected – systems of the Aadhar unique identification project and the Long Range Identification and Tracking (LRIT) system of the Ministry of Shipping. The agency has also started approaching various sectors to create guidelines that can set standards for private and public sector entities across the board.

Would like to add that with the establishment of the National Critical Information Infrastructure Protection Centre (NCIIPC) in 2014, India has taken an important measure towards strengthening its cybersecurity which maintains a 24x7 Help Desk to facilitate reporting of incidents. It plays a crucial role to coordinate the response of the various CII stake-holders in close cooperation with CERT-India.