Towards Identifying Critical National Infrastructures in the National Cybersecurity Strategy Process

This white paper builds upon existing CNI/CII work within the GFCE and proposes some practical considerations and measures for how countries can develop approaches for identifying CNI/CII as part of their NCS development and implementation processes.

The paper addresses three foundational elements related to CNI/CII identification in the context of NCS development. A fourth section identifies areas where additional research is needed.
• Section I addresses potential approaches for identifying the ICT risk aspects of CNI/CII;
• Section II discusses potential approaches for formalizing the identification of CNI/CII in NCS and/or law and ways to build a national consensus around the need to protect the most important ICT assets;
• Section III identifies a range of potential governance structures for implementing CNI/CII portion as part of NCS implementation;
• Section IV identifies CNI/CII protection research needs.

This white paper was developed in 2021 by the GFCE’s Working Group B Cyber Incident Management and Critical Infrastructure Protection and the Working Group A Task Force Strategy & Assessments (S&A). The contributors include Abdul-Hakeem Ajijola, Giacomo Assenza, Marwan Ben Rached, James Boorman, Enrico Calandro, Rick Harris, Marc Henauer, Tadas Jakštas, Orhan Osmani, Andy Purdy, Roxana Radu, Milan Sekuloski, Carmen Valeria Solis Rivera, Ian Wallace and Carolin Weisser Harris.