Legal Framework for Protection of Critical Information Infrastructure

Abstract

Many utilities have adopted digital technologies to bring the required efficiency in their operations and meet the stakeholder requirements. As part of these digitization initiatives, the organizations have implemented multiple state of the art technologies which have helped them to improve and deliver quality services. Although implementation of latest technologies have brought numerous advantages to the utilities but it has also brought a unique challenge in the form of Cybersecurity. As power distribution utilities host nation’s Critical Information Infrastructure, it becomes imperative for utilities to ensure all required measures are in place to protect them from any kind of misadventure from Cyber adversaries. In view of above, many utilities have implemented various controls covering all aspects of People, Process and Technology. But it seems that a gap still exists which is not covered by standard approach. A survey of recent cyber-attacks on CII has revealed that a lot of advance and modern utilities have been a successful target of such malicious campaigns. The reason for utilities to become victim of such campaigns seems to be due to lack of legal framework for protection of Critical Information Infrastructure. It is also required that accountability for protection of CII at multiple stages should be recognized along with stringent review mechanisms. This paper shall focus on approaches adopted by various cyber instruments to curb crimes and what strategy needs to be adopted by nations to protect CII from falling victim to malicious campaigns by cyber adversaries who are based out of different geopolitical location.