National Critical Information Infrastructure Protection Centre (NCIIPC)

National Critical Information Infrastructure Protection Centre (NCIIPC) is the national agency responsible for protecting India’s Critical Information Infrastructure (CII) from cyber threats, cyber terrorism and cyber warfare. It functions under the National Technical Research Organisation (NTRO) and was established under Section 70A of the Information Technology Act 2000 amended in 2008. NCIIPC was officially created through a Gazette Notification in 2014 and is headquartered in New Delhi as the national nodal agency for CII protection.

National Critical Information Infrastructure Protection Centre Features

National Critical Information Infrastructure Protection Centre plays a central role in strengthening cyber resilience of critical sectors through coordination, policy support, threat monitoring and security awareness initiatives across India.

• Establishment: NCIIPC was established on 16 January 2014 under Section 70A of the Information Technology Act 2000 amended in 2008. It functions as a specialised unit of NTRO under the Government of India.
• National Nodal Agency Role: NCIIPC has been designated as the national nodal agency for protecting Critical Information Infrastructure across India. It coordinates cyber security measures for sectors whose disruption can severely impact national security, economy and public safety.
• Headquarters and Administrative Structure: The organisation is headquartered in New Delhi and operates under the National Technical Research Organisation. It works closely with ministries, critical sector organisations, public institutions, academia and international cyber security partners.
• Vision: The vision of NCIIPC is to facilitate safe, secure and resilient information infrastructure for critical sectors of the nation. It focuses on ensuring uninterrupted and reliable functioning of essential digital infrastructure systems.
• Mission: Its mission is to protect critical infrastructure from unauthorized access, disclosure, modification, disruption, incapacitation and destruction through coordination, synergy, information sharing and cyber security awareness among stakeholders.
• Critical Sector Protection Framework: NCIIPC identifies critical information infrastructure elements and recommends them for notification by the appropriate government authority. These infrastructures include protected systems essential for national governance and strategic functioning.
• Compliance and Security Standards: NCIIPC follows up with organisations for implementation of IT Rules, 2018 relating to Information Security Practices and Procedures for Protected Systems to improve overall cyber security posture and operational preparedness.
• Threat Intelligence and Advisory Mechanism: The centre provides alerts, advisories, threat intelligence, vulnerability information and situational awareness to organisations managing Critical Information Infrastructure and Protected Systems for preventive cyber defence measures.

National Critical Information Infrastructure Protection Centre Functions

National Critical Information Infrastructure Protection Centre performs strategic, operational and technical functions to safeguard critical digital infrastructure against evolving cyber threats and improve national cyber preparedness.

• Protection Against Cyber Threats: NCIIPC protects Critical Information Infrastructure against cyber terrorism, cyber warfare and other malicious cyber threats by reducing vulnerabilities and strengthening institutional cyber defence mechanisms across important sectors.
• National Threat Monitoring: It coordinates, monitors, collects, analyses and forecasts national level cyber threats to Critical Information Infrastructure for early warning systems, policy guidance and expertise sharing among concerned organisations.
• Strategic Leadership and Coordination: The organisation provides strategic leadership across government agencies to ensure coordinated response against cyber security threats affecting identified Critical Information Infrastructure and Protected Systems throughout the country.
• Development of Security Standards: NCIIPC assists in developing security plans, cyber protection standards, procurement processes, best practices and auditing methodologies for improving resilience and security preparedness of critical digital systems.
• Vulnerability Assessment and Auditing: It evolves cyber protection strategies, vulnerability assessment mechanisms and auditing methodologies for implementation and dissemination across organisations operating Critical Information Infrastructure in India.
• Research and Technological Development: NCIIPC undertakes research and development activities, supports innovative future technologies and collaborates with industries, public sector organisations, academia and international partners for cyber security advancement.
• Training and Awareness Programmes: The centre organises cyber security training sessions, awareness programmes and capacity building initiatives for employees and organisations managing Critical Information Infrastructure and Protected Systems across sectors.
• Incident Information Exchange: NCIIPC exchanges cyber incident information, threat intelligence and vulnerability details with Indian Computer Emergency Response Team (CERT In) and other organisations working in cyber security and related fields.
• Emergency Directions and Intervention: During threats to Critical Information Infrastructure, NCIIPC can seek information and issue directions to critical sectors or entities having direct impact on protected systems and national cyber security.

‹ ›

National Critical Information Infrastructure Protection Centre Initiatives

National Critical Information Infrastructure Protection Centre has launched multiple initiatives for cyber preparedness, vulnerability testing, skill development and operational exercises to strengthen India’s Critical Information Infrastructure security ecosystem.

• Critical Information Infrastructure Security Exercise: This national level exercise is conducted in two stages including Training cum Operational Exercise and Strategic Exercise. It trains officials of notified CIIs and important organisations of critical sectors for cyber incident preparedness.
• NCIIPC AICTE PENTATHON: NCIIPC partnered with AICTE to organise the NCIIPC AICTE PENTATHON for mainstreaming Vulnerability Assessment and Penetration Testing (VAPT) and encouraging young cyber security talent on an annual basis.
• Controlled Pentesting for CIIs: NCIIPC launched Controlled Pentesting to enrol ethical hackers, penetration testers and security professionals for conducting Vulnerability Assessment and Penetration Testing of India’s Critical Information Infrastructure systems.
• Revamped Internship Programme: The revamped internship programme provides opportunities to talented students and graduates to contribute through hands on projects related to Critical Information Infrastructure security and advanced interdisciplinary technological studies.
• Alerts and Advisory Services: NCIIPC regularly provides alerts, advisories, situational awareness reports, vulnerability information and cyber security guidance to organisations operating Critical Information Infrastructure and Protected Systems for preventive action.
• Capacity Building and Compliance Monitoring: The organisation conducts awareness sessions and follows up with organisations for compliance with Information Security Practices and Procedures for Protected Systems Rules, 2018 to strengthen national cyber resilience.