The National Computer Emergency Response Team (NCERT) has released Critical Information Infrastructure (CII) Guidelines, which have been distributed to all federal ministries and departments.
Sources told Propakistani that NCERT has also written to these ministries and divisions, urging them to identify critical infrastructure in line with the new guidelines.
According to sources, Critical Information Infrastructure (CII) includes assets, networks, systems, processes, information, and functions essential to the nation. The incapacitation or destruction of these elements would significantly impact national security and the economic and social well-being of citizens. CIIs are characterized by essential interdependencies and critical information flows.
Under the national cybersecurity policy, NCERT defines CII as any computer system or network vital for national security or the economic and social well-being of citizens. Federal ministries and divisions are tasked with identifying critical infrastructure base
d on NCERT’s guidelines. Public sector organizations will compile lists of such infrastructure and submit them to NCERT, which will then designate them as CII under CERT Rules 2023.
According to CERT rules, the National CERT will recommend both public and private infrastructure for critical infrastructure status to the relevant authorities when necessary.
The National CERT is responsible for developing grading criteria to classify public CIIs and will offer services according to these rankings. Additionally, the National CERT will coordinate and support private-sector CII organizations in handling security incidents.
The CERT rules stipulate that the concerned ministry designate public or private infrastructure as critical, in line with the relevant clauses of the Prevention of Electronic Crimes Act (PECA) and the National Cyber Security Policy (NCSP). These designations will be reviewed annually. Any infrastructure can be declared CII based on its sensitivity or criticality and the potential impact of its
compromise.
The National CERT may recommend to the Ministry of IT and Telecommunication (MoITT) or the relevant ministry to designate public or private infrastructure as critical.
A dedicated CII CERT will be established to develop grading criteria for public CII and manage them according to these rules and the National Cyber Security Policy. The CII CERT will also support private-sector CII organizations in handling security incidents. Until an independent CII CERT is established by MoITT or the concerned ministry, the National CERT will serve as the interim CII CERT.
Source: Pro Pakistani