Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AntoinetteHodes
Employee
Employee

Critical Infrastructures & reporting obligations

cni.jpg

   Figure 1: Overview of critical infrastructures. For example the SOCI acts (Australia) defined 11 critical infrastructure sectors. 

Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. https://en.wikipedia.org/wiki/Critical_infrastructure

The quality of life of EU citizens and their security, as well as the correct and efficient functioning of the internal market, depend on the provision of essential services through different critical infrastructures in a wide range of sectors. It is therefore imperative that critical infrastructures are adequately protected against a wide spectrum of threats, both natural and man-made, unintentional and with malicious intent. Where this fails and disruptions nevertheless follow, critical infrastructures must be resilient, i.e. able to recover quickly within an acceptable amount of time. As a reflection of the importance of this issue, the Commission adopted in 2006 the European Programme for Critical Infrastructure Protection (EPCIP), which sets out a European-level all-hazards framework for critical infrastructure protection (CIP).

In Germany we have Bundesamt für Sicherheit in der Informationstechnik (BSI). And in the UK we have Centre for the Protection of National Infrastructure (CPNI)

In the Netherlands, this is were I am based. We have the Incident Notification Obligation for Critical Infrastructures. The Security of Network and Information Systems Act lays down an obligation to notify NCSC-NL of any serious cyber security incidents that could cause social disruption. This incident notification obligation applies if you have been designated by your ministry as a vital operator with a duty to report, i.e. a provider of essential services or other designated critical infrastructure provider. Digital service providers must report the incident to the CSIRT-DSP of the Ministry of Economic Affairs and Climate Policy.

What should be reported about the incident?

  • Nature and scope
  • Starting time and detection time
  • possible consequences of the incident in-and outside of the Netherlands
  • Expected recovery period
  • If possible, the measures to prevent recurrence of the incident

Do you know your protection programs, warning information networks and reporting obligations? We are here to share knowledge, create awareness and help you! We love to contribute to a better and safer digital world.

 

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events