GFCE CIIP Capacity Framework
book
Nations increasingly depend on Information and Communication Technology (ICT) for the proper functioning of their national Critical Infrastructure (CI) and society at large. ICT, such as Operational Technology (OT) and Information Technology (IT), can be so critical to the well-being of a nation that their disruption poses a threat to national security and results in severe economic impact.
ICT that qualifies as such can be referred to as a national Critical Information Infrastructure (CII). Examples of elements that are part of CII include communication networks, data centres, industrial control systems and digital services within organisations that have been designated as critical to a nation. To prevent or mitigate disruptions of their Critical National Information Infrastructure (CNII), nations have to incorporate measures to protect it. Such measures are commonly referred to as Critical Information Infrastructure Protection (CIIP). CIIP can be defined as 'all activities aimed at ensuring the functionality, continuity and integrity of CII
to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident'. The purpose of this guide is twofold. Firstly, the framework supports the discussion on CIIP and the exchange of good practices by specifying the capacities that may be part of a CIIP approach. Secondly, it provides knowledge to policymakers on how to establish and maintain sustainable and efficient efforts to protect CII by outlining the required capacities.
ICT that qualifies as such can be referred to as a national Critical Information Infrastructure (CII). Examples of elements that are part of CII include communication networks, data centres, industrial control systems and digital services within organisations that have been designated as critical to a nation. To prevent or mitigate disruptions of their Critical National Information Infrastructure (CNII), nations have to incorporate measures to protect it. Such measures are commonly referred to as Critical Information Infrastructure Protection (CIIP). CIIP can be defined as 'all activities aimed at ensuring the functionality, continuity and integrity of CII
to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident'. The purpose of this guide is twofold. Firstly, the framework supports the discussion on CIIP and the exchange of good practices by specifying the capacities that may be part of a CIIP approach. Secondly, it provides knowledge to policymakers on how to establish and maintain sustainable and efficient efforts to protect CII by outlining the required capacities.
TNO Identifier
959103
Publisher
TNO
Collation
74 p.
Place of publication
Den Haag