Critical National Infrastructure
National Infrastructure are those facilities, systems, sites, information, people, networks and processes, necessary for a country to function and upon which daily life depends. It also includes some functions, sites and organisations which are not critical to the maintenance of essential services, but which need protection due to the potential danger to the public (civil nuclear and chemical sites for example).
In the UK, there are 13 national infrastructure sectors: Chemicals, Civil Nuclear Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water. Several sectors have defined ‘sub-sectors’; Emergency Services for example can be split into Police, Ambulance, Fire Services and Coast Guard.
Each sector has one or more Lead Government Department(s) (LGD) responsible for the sector, and ensuring protective security is in place for critical assets.
Not everything within a national infrastructure sector is judged to be ‘critical’. The UK government’s official definition of CNI is:
‘Those critical elements of national infrastructure (facilities, systems, sites, property, information, people, networks and processes), the loss or compromise of which would result in major detrimental impact on the availability, delivery or integrity of essential services, leading to severe economic or social consequences or to loss of life.’
CPNI is focussed on providing advice and assistance to those who have responsibility for protecting these most crucial elements of the UK’s national infrastructure from national security threats.
Responsibility for the protection of the CNI IT networks, data and systems from cyber attack sits with the UK’s new National Cyber Security Centre (NCSC). CPNI works in partnership with the NCSC so that collectively we deliver holistic advice that takes into account all aspects of protective security.