National Critical Information Infrastructure Identification Methodology

Challenge

Knowing and protecting national critical information infrastructures is one of the core pillars of national cybersecurity. Each government has a duty to protect the provision of essential services to its citizens, and as many of these services today are reliant on information systems, their reliability and security are high on national agenda.

But how does the government know which information systems are so important that their disruption is simply intolerable and stricter security measures and higher protection is required?

Solution

Methodology for identification of national critical information infrastructure was developed and put into law. The methodology was successfully applied to produce a list of national critical information infrastructures, which was subsequently approved by the Cabinet.

Services provided

Assessment of methodologies for identification of critical information infrastructures and their protection practices in two EU countries;
Identification and assessment of national laws and regulations governing national critical information infrastructures and identification of gaps;
Development of criticality criteria;
Identification of roles and responsibilities for identification of national critical information infrastructures, including in the private sector;
Development of methodology for Critical Information Infrastructure identification and classification;
Assistance to the Client to put the Methodology into law;
Development of action plan for Critical Information Infrastructure identification and classification;
Development of guidance on the methodology application;
Training on the application of methodology to the relevant public and private organizations.