.svg)
16,599
edits
National Critical Information Infrastructure Protection Centre: Difference between revisions
National Critical Information Infrastructure Protection Centre (edit)
Revision as of 00:21, 26 September 2023
, 26 September 2023Updated the article +/-
imported>NCNL2020 |
Ajay Kumar (talk | contribs) m (Updated the article +/-) |
||
| Line 1: | Line 1: | ||
{{Short description|A unit of the National Technical Research Organisation (NTRO), India}} | |||
{{Use dmy dates|date=July 2019}} | {{Use dmy dates|date=July 2019}} | ||
{{Infobox government agency | {{Infobox government agency | ||
| Line 33: | Line 34: | ||
}} | }} | ||
'''National Critical Information Infrastructure Protection Centre (NCIIPC)''' is an organisation of the [[Government of India]] created under | '''National Critical Information Infrastructure Protection Centre (NCIIPC)''' is an organisation of the [[Government of India]] created under Section 70A of the [[Information Technology Act, 2000]] (amended 2008), through a gazette notification on 16 January 2014.<ref>{{Cite web|title=Archived copy|url=http://meity.gov.in/sites/upload_files/dit/files/downloads/itact2000/itbill2000.pdf#|url-status=dead|archive-url=https://web.archive.org/web/20170119125539/http://meity.gov.in/sites/upload_files/dit/files/downloads/itact2000/itbill2000.pdf#|archive-date=2017-01-19|access-date=2017-01-04}}</ref><ref name="tifrh.res.in">{{Cite web|title=Archived copy|url=http://cc.tifrh.res.in/webdata/documents/events/facilities/IT_act_2008.pdf#|url-status=dead|archive-url=https://web.archive.org/web/20170103170226/http://cc.tifrh.res.in/webdata/documents/events/facilities/IT_act_2008.pdf#|archive-date=2017-01-03|access-date=2017-01-03}}</ref><ref>{{Cite web |url=http://meity.gov.in/sites/upload_files/dit/files/S_O_18(E).pdf# |title=Archived copy |access-date=2017-01-02 |archive-url=https://web.archive.org/web/20170125024443/http://meity.gov.in/sites/upload_files/dit/files/S_O_18(E).pdf# |archive-date=2017-01-25 |url-status=dead }}</ref> Based in New Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information Infrastructure Protection.<ref>{{cite web|url=http://thehackernews.com/2017/01/protect-critical-infrastructure.html|title=NCIIPC: It's Time to Step Forward And Protect Our Critical Infrastructures from Cyber Attacks|publisher=}}</ref> It is a unit of the [[National Technical Research Organisation]] (NTRO) and therefore comes under the Prime Minister's Office (PMO).<ref>{{Cite web |url=https://www.nciipc.gov.in/documents/Guidelines_for_Identification_of_CII.pdf |title=Archived copy |access-date=21 July 2020 |archive-date=13 May 2020 |archive-url=https://web.archive.org/web/20200513045217/https://nciipc.gov.in/documents/Guidelines_for_Identification_of_CII.pdf |url-status=dead }}</ref> | ||
==Critical Information Infrastructure== | ==Critical Information Infrastructure== | ||
| Line 47: | Line 48: | ||
* Strategic & Public Enterprises | * Strategic & Public Enterprises | ||
Information Security Practices and Procedures for Protected System Rules, 2018 <ref>http://nciipc.gov.in/documents/Rules_procedures_new2018.pdf</ref><ref>{{cite web|url=http://www.digitalpolicy.org/nciipc-evolving-framework/|title=The NCIIPC & Its Evolving Framework - Digital Policy Portal|website=www.digitalpolicy.org}}</ref> | Information Security Practices and Procedures for Protected System Rules, 2018 <ref>{{Cite web |url=http://nciipc.gov.in/documents/Rules_procedures_new2018.pdf |title=Archived copy |access-date=22 October 2018 |archive-date=2 September 2018 |archive-url=https://web.archive.org/web/20180902005224/http://nciipc.gov.in/documents/Rules_procedures_new2018.pdf |url-status=dead }}</ref><ref>{{cite web|url=http://www.digitalpolicy.org/nciipc-evolving-framework/|title=The NCIIPC & Its Evolving Framework - Digital Policy Portal|website=www.digitalpolicy.org}}</ref> | ||
==Vision== | ==Vision== | ||
| Line 53: | Line 54: | ||
==Mission== | ==Mission== | ||
"To take all necessary measures to facilitate protection of Critical Information Infrastructure, from unauthorized access, modification, use, disclosure, disruption, incapacitation or | "To take all necessary measures to facilitate protection of Critical Information Infrastructure, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction through coherent coordination, synergy and raising information security awareness among all stakeholders. " <ref name="nciipc.gov.in"/> | ||
== Functions and Duties == | == Functions and Duties == | ||
* National nodal agency for all measures to protect nation's critical information infrastructure. | * National nodal agency for all measures to protect the nation's critical information infrastructure. | ||
* Protect and deliver advice that aims to reduce the vulnerabilities of critical information infrastructure, against cyber terrorism, cyber warfare and other threats. | * Protect and deliver advice that aims to reduce the vulnerabilities of critical information infrastructure, against cyber terrorism, cyber warfare and other threats. | ||
* Identification of all critical information infrastructure elements for approval by the appropriate Government for notifying the same. | * Identification of all critical information infrastructure elements for approval by the appropriate Government for notifying the same. | ||
* Provide strategic leadership and coherence across Government to respond to cyber security threats against the identified critical information infrastructure. | * Provide strategic leadership and coherence across Government to respond to cyber security threats against the identified critical information infrastructure. | ||
* Coordinate, share, monitor, collect, analyze and forecast, national level | * Coordinate, share, monitor, collect, analyze and forecast, national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts. The basic responsibility for protecting CII system shall lie with the agency running that CII. | ||
* Assisting in the development of appropriate plans, adoption of standards, sharing of best practices and refinement of procurement processes in respect of protection of Critical Information Infrastructure. | * Assisting in the development of appropriate plans, adoption of standards, sharing of best practices and refinement of procurement processes in respect of protection of Critical Information Infrastructure. | ||
* Evolving protection strategies, policies, vulnerability assessment and auditing methodologies and plans for their dissemination and implementation for protection of Critical Information Infrastructure. | * Evolving protection strategies, policies, vulnerability assessment and auditing methodologies and plans for their dissemination and implementation for protection of Critical Information Infrastructure. | ||
* Undertaking research and development and allied activities, providing funding (including grants-in-aid) for creating, collaborating and development of innovative future technology for developing and enabling the growth of skills, working closely with wider public sector industries, academia et al. and with international partners for protection of Critical Information Infrastructure. | * Undertaking research and development and allied activities, providing funding (including grants-in-aid) for creating, collaborating and development of innovative future technology for developing and enabling the growth of skills, working closely with wider public sector industries, academia et al. and with international partners for protection of Critical Information Infrastructure. | ||
* Developing or organising training and awareness programs as also nurturing and | * Developing or organising training and awareness programs as also nurturing and developing of audit and certification agencies for protection of Critical Information Infrastructure. | ||
* Developing and executing national and international cooperation strategies for protection of Critical Information Infrastructure. | * Developing and executing national and international cooperation strategies for protection of Critical Information Infrastructure. | ||
* Issuing guidelines, advisories and vulnerability or audit notes etc. relating to protection of critical information infrastructure and practices, procedures, prevention and response in consultation with the | * Issuing guidelines, advisories and vulnerability or audit notes etc. relating to protection of critical information infrastructure and practices, procedures, prevention and response in consultation with the stakeholders, in close coordination with Indian Computer Emergency Response Team and other organisations working in the field or related fields. | ||
* Exchanging cyber incidents and other information relating to attacks and vulnerabilities with Indian Computer Emergency Response Team and other concerned organisations in the field. | * Exchanging cyber incidents and other information relating to attacks and vulnerabilities with Indian Computer Emergency Response Team and other concerned organisations in the field. | ||
* In the event of any threat to critical information infrastructure the National Critical Information Infrastructure Protection Centre may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure. | * In the event of any threat to critical information infrastructure, the National Critical Information Infrastructure Protection Centre may call for information and give directions to the critical sectors or persons serving or having a critical impact on Critical Information Infrastructure. | ||
==Operations== | ==Operations== | ||
* NCIIPC maintains a 24x7 Help Desk to facilitate reporting of incidents. Toll Free No. 1800-11-4430. | |||
* Issues advisories or alerts and provide guidance and expertise-sharing in addressing the threats/vulnerabilities for protection of CII. | * Issues advisories or alerts and provide guidance and expertise-sharing in addressing the threats/vulnerabilities for protection of CII. | ||
* In the event of a likely/actual national-level threat, it plays a pivotal role to coordinate the response of the various CII | * In the event of a likely/actual national-level threat, it plays a pivotal role to coordinate the response of the various CII stakeholders in close cooperation with CERT-India. | ||
== Programs == | == Programs == | ||
NCIIPC runs a number of programs to engage with its | NCIIPC runs a number of programs to engage with its stakeholders. Some of them are as follows: | ||
* Responsible Vulnerability Disclosure Program (RVDP) | * Responsible Vulnerability Disclosure Program (RVDP) | ||
* Incident Response (IR) | * Incident Response (IR) | ||
| Line 94: | Line 96: | ||
NCIIPC releases its quarterly newsletter encompassing latest developments in the field of Critical Information Infrastructure(CII) and its protection along with various initiatives taken by NCIIPC to spread awareness and best practices and much more. | NCIIPC releases its quarterly newsletter encompassing latest developments in the field of Critical Information Infrastructure(CII) and its protection along with various initiatives taken by NCIIPC to spread awareness and best practices and much more. | ||
* [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Jul22.pdf July 2022] | |||
* [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Apr22.pdf April 2022] | |||
* [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Jan22.pdf January 2022] | |||
* [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Oct21.pdf October 2021] | |||
* [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Jul21.pdf July 2021] | * [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Jul21.pdf July 2021] | ||
* [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Apr21.pdf April 2021] | * [https://nciipc.gov.in/documents/NCIIPC_Newsletter_Apr21.pdf April 2021] | ||
| Line 138: | Line 144: | ||
[[Category:Cyberwarfare]] | [[Category:Cyberwarfare]] | ||
[[Category:Cyber Security in India]] | [[Category:Cyber Security in India]] | ||
[[Category:Computer security organizations]] | |||
[[Category:Indian intelligence agencies]] | |||