1. Who are CPNI?
CPNI is the UK’s national technical authority (NTA) for physical and personnel security, countering terrorism and hostile state activity to keep our country safe. Our core customers are the UK’s critical national infrastructure (CNI), government, and other high risk, sensitive sectors. Our advice delivery extends to other nationally important assets or events, including high-profile iconic targets, where impact of damage would be equally serious.
CPNI is one of the UK’s three NTAs that work closely together to provide holistic protective security advice. The others are:
- The National Cyber Security Centre (NCSC). The NCSC is the UK’s NTA for cyber security.
- The UK National Authority for Counter Eavesdropping (UKNACE). UKNACE is the UK’s NTA for technical security.
2. What is the CNI?
National Infrastructure is made up of the systems (people; processes; information; technology; facilities) necessary for a country to function and upon which daily life depends. Critical National infrastructure (CNI) is a sub-set of these systems that provides vital services to the UK, that if their operation were disrupted or compromised would have a significant impact on the country. CNI also includes some functions, sites and organisations which are not critical to the maintenance of essential services, but which need protection due to the potential danger to the public (civil nuclear and chemical sites for example).
There are 13 national infrastructure sectors: Chemicals, Civil Nuclear, Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water. Several sectors have defined ‘sub-sectors’; Emergency Services for example can be split into Police, Ambulance, Fire Services and Coast Guard.
Each sector has one or more Lead Government Department(s) (LGD) responsible for the sector, and ensuring protective security is in place for critical assets. The responsible LGD for some sectors may come from within one the Devolved Administrations.
3. I want to make a Freedom Of Information Act (FOIA) request.
CPNI is not a public body for the purposes of the Freedom of Information Act, so unfortunately we are unable to process these requests.
4. How is CNI designated?
The relevant Lead Government Department (LGD) for a sector is responsible for identifying and classifying CNI. However, for a System to be classified as CNI, it must meet the UK government’s official definition:
‘Those critical elements of infrastructure (namely assets, facilities, systems, networks or processes and the essential workers that operate and facilitate them), the loss or compromise of which could result in:
a) Major detrimental impact on the availability, integrity or delivery of essential services – including those services whose integrity, if compromised, could result in significant loss of life or casualties – taking into account significant economic or social impacts; and/or
b) Significant impact on national security, national defence, or the functioning of the state.’
If you think your organisation is responsible for CNI assets or capabilities you should approach your Lead Government department.
5. How do I get my product included in the Catalogue of Security Equipment?
Please supply a technical summary of your product to [email protected] and one of the team will make an initial assessment and contact you with further details.
6. How can I request editable versions of the security campaigns materials?
Please email your request to [email protected].
7. I am recieving a 403/404 error message on the CPNI website
Please clear your browsing history and close all browsers before trying again. If the problem persists, please email Enquiries SMB with a description of the problem.
8. How can I provide feedback on the CPNI website?
Scroll down to the bottom of the webpage to the blue banner 'Did you find this page useful?', once you have selected 'Yes' or 'No' a text box will appear for you to enter further comments. If a page does not have this banner please email Enquiries SMB with your feedback.