The Ministry of Electronics and IT (MeitY) has declared the IT resources of ICICI Bank, HDFC Bank and UPI managing entity NPCI as ‘critical information infrastructure’, implying any harm to them can have an impact on national security and any unauthorised person accessing these resources may be jailed for up to 10 years. The IT resources under CII include Core Banking Solution, Real Time Gross Settlement and National Electronic Fund Transfer (NEFT) comprising Structured Financial Messaging Server.
- The persons authorized to access IT resources of ICICI Bank, HDFC Bank, and NPCI are their designated employees, authorized team members of contractual managed service providers or third-party vendors who have been authorised by them for need- based access and any consultant, regulator, government official, auditor and stakeholder authorised by the entities on case-to-case basis.
- This decision, to put their IT resources under CII, has been taken due to cyber attacks which raised the need for a protected system by all the banks and financial institutions.
What does CII imply?
- It means any harm to this infrastructure can have an impact on national security and any unauthorized person accessing these resources may be jailed for up to 10 years, and also be liable to fine.
- The Central Government, under the IT Act, 2000, has the power to declare any data, database, IT network or communications infrastructure as CII to protect that digital asset.
- The National Critical Information Infrastructure Protection Centre (NCIIPC), established in 2014, is the nodal agency for taking all measures to protect India’s CII.
- NCIIPC will monitor and forecast national-level threats to CII for policy guidance, expertise sharing and situational awareness for early warning or alerts.