Introduction
Critical information infrastructure protection (or ‘CIIP’) is a concept ‘du jour’ in many developed countries. Faced with the inherent vulnerability of critical information infrastructures to cyber-attacks, governments around the world have become preoccupied with their state of security.
The term ‘Critical Information Infrastructures’ (or ‘CII’) incorporates two terms: ‘Critical Infrastructures’ (or ‘CI’) and ‘Information Infrastructures’. According to the USA Patriot Act, ‘critical infrastructures’ are:
those systems and assets, whether physical or virtual, so vital to the US that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.
Considered to be critical infrastructures, for example, are telecommunications networks, power grids, water supply systems, banking and finance institutions, transportation systems, and oil and gas storage facilities and pipelines.
The term ‘Information Infrastructures’ usually describes the combination of computer and communications systems that serve as the underlying infrastructure for organisations, industries and the economy, including components such as telecommunications, computer hardware and software, the Internet and other computer networks, supervisory and control systems, telecommunication satellites, fibre optics and the like.
Altogether, critical information infrastructures are those parts of the information infrastructure that are essential for the continuity of critical infrastructure services. In other words, they are the communications and information networks, systems, software and facilities (including supervisory and controlling devices) underlying critical infrastructures.