The government’s Digital Security Agency has given an explanation detailing the Critical Information Infrastructure (CII). On Saturday, October 29, Digital Security Agency Director (Operations) Tarek M. An explanation was given in the notification signed by Barkatullah. It is said in the notification that there is no impediment to the release of information from any kind of weakness, poor management of the important information infrastructure in the media. So-called cyber security experts deceive journalists with various false claims.
The Department of Information and Communications Technology issued a notification on Oct. 2 declaring 29 sensitive government institutions nationwide as critical information infrastructure under the Digital Security Act. According to the notification from the Digital Security Agency, there are two words in the Bengali dictionary – infrastructure and infrastructure. In general, “infrastructure” refers to visible structures such as buildings, bridges, power stations, markets, etc. And the word “infrastructure” means “the basis of any activity or system”.
In the Digital Security Act 2018, “critical information infrastructure” means any external or virtual information infrastructure declared by the government to control, process, transmit or store data or electronic information and which, if damaged or endangered – (a) public safety; or may harm economic security or public health, (a) national security or national integrity or sovereignty. It should be noted here that critical information is limited within the infrastructure (IT infrastructure). The government has declared 29 institutions as critical information infrastructures in accordance with the provisions mentioned in Section 15 of the Digital Security Act 2018 to ensure that operations are carried out in accordance with internationally recognized standards and used when operating. of these infrastructures.
The Chief Executive shall, from time to time, inspect the Critical Information Infrastructure and submit a report thereon to the Government to ensure that the provisions of the Digital Security Act are duly followed. The Bangladesh Standards and Testing Institution (BSTI) declared all these ISO standards as national standards before the enactment of the Digital Security Act 2018. It is also said that the ‘Critical Information Infrastructure Digital Security Protection Guidelines, 2021’ has been issued to ensure that Critical Information Infrastructures like Bangladesh Bank meet all these standards to manage and put implementation of infrastructures based on information and communication technologies like other countries in the world. Annexes 1 to 5 of these guidelines include the good practices to follow, the data transmission table, the initial evaluation form, the final evaluation form, the list of supporting documents and the risk register, etc. preparation and storage.
There is no possibility of hampering media workers or journalism anywhere. That being said, there is also a provision for the declaration of critical information infrastructures in neighboring countries. To standardize the management and operation of this Critical Information Infrastructure, the government of Bangladesh, like other countries, has declared a Critical Information Infrastructure. The Department of Information and Communication Technology has trained more than 4,000 civil servants at home and abroad through the Bangladesh Computer Council.
In addition to training, 3 cyber exercises are organized each year from 2020 to perfect the knowledge acquired on cyber security and the Information and Communication Technologies Department has set up a cutting-edge cyber offer at the Military Institute of Science and Technology (MIST) through the Bangladesh Computer Council. This cyber range offers students and law enforcement the opportunity to train through simulations to deal with cyber security emergencies. Critical Information Infrastructure – There is a difference between CII and KPI stating that the Critical Information Infrastructure statement only ensures adherence to national standards in the secure management and operation of IT dependent networks.
The important information infrastructure here is not the organization, but the information technology based network, data center, etc. under its jurisdiction is limited to the transmission of information. On the other hand, the management controls the access of individuals to the organizations KPIs declared by the government, the code of conduct of security guards and other related matters. The Ministry of Defense and the Ministry of the Interior are responsible for announcing and managing KPIs.