The BGD E-Government under the Bangladesh Computer Council has clarified its position on the dispute over the publication of the recently announced list of Digital Information Infrastructure. The clarification is as follows:
In the Digital Security Act, 2018, “Critical Information Infrastructure” means any external or virtual information infrastructure as declared by the Government which controls, processes, transmits or stores any data or any electronic information and which if damaged or jeopardizes public safety or may adversely affect the economic security or public interest and national security or state integrity or sovereignty.
Note here that critical information is limited to infrastructure (IT infrastructure). Section 15 of the Digital Security Act, 2018 to ensure compliance with internationally recognized and used (ISO/IEC/BDS 17025, 15489, 20000, 27001, 27005, 27037, 27041, 27042, 27043, 27050) standards while operating these infrastructures The government has declared 29 institutions as critical information infrastructures in compliance with the provisions mentioned in The Director General shall, from time to time, inspect and inspect any critical information infrastructure to ensure that the provisions of the Digital Security Act are being duly complied with and submit a report to the Government. Bangladesh Standards and Testing Institution (BSTI) ISO all these standards Digital Security Act, 2018 announced national standards before formulation. ‘Critical Information Infrastructure Digital Security Protection Guidelines, 2021′ has been issued to ensure the management and implementation of information and communication technology-based infrastructure management and implementation supervision like other countries in the world by following all these standards to avoid accidents like Bangladesh Bank. Appendix 1 to 5 of this guideline covers the preparation and preservation of Best Practices, data transmission table, initial evaluation form, final evaluation form, list of supporting documents and risk register etc. in the prescribed form. There are no media personnel or resources to obstruct journalism anywhere. However, it is observed that some so-called cyber security experts are misleading the journalists with various false statements. 2021′ has been issued. Appendix 1 to 5 of this guideline covers the preparation and preservation of Best Practices, data transmission table, initial evaluation form, final evaluation form, list of supporting documents and risk register etc. in the prescribed form. There are no media personnel or resources to obstruct journalism anywhere. However, it is observed that some so-called cyber security experts are misleading the journalists with various false statements. 2021’ has been issued. Appendix 1 to 5 of this guideline covers the preparation and preservation of Best Practices, data transmission table, initial evaluation form, final evaluation form, list of supporting documents and risk register etc. in the prescribed form. There are no media personnel or resources to obstruct journalism anywhere. However, it is observed that some so-called cyber security experts are misleading the journalists with various false statements.
Provisions for declaration of critical information infrastructure are also in place in other countries including neighboring countries. Bangladesh government like other countries has declared critical information infrastructure to standardize the management and operation of this critical information infrastructure. After the unexpected incident of Bangladesh Bank, such information infrastructures were identified and the skills of the officials of these information infrastructures were developed for training, appropriate management and disaster management. After all these preliminary activities, the government has released the list of important information infrastructure as per the law.
It is noted here that Information and Communication Technology Department has provided training to more than 4000 (four thousand) officials in the country and abroad through Bangladesh Computer Council. In addition to training, 3 cyber drills are being organized annually from 2020 to impart knowledge on cyber security and the Department of Information and Communication Technology has set up a state-of-the-art cyber range at the Military Institute of Science and Technology (MIST) through the Bangladesh Computer Council. This cyber range provides opportunities for students and law enforcement agencies to practice through simulations in dealing with cyber security emergencies.
There is a difference between Critical Information Infrastructure (CII) and Key Point Installation (KPI). The Declaration of Critical Information Infrastructure only ensures adherence to national standards for the secure management and operation of information technology dependent networks. The important information infrastructure here is not the organization, but the information technology-based network, data center etc. under its jurisdiction is limited to the transmission of information. On the other hand, government-declared Key Point Installation (KPI) controls the management of personnel access to organizations, code of conduct of security guards and other related matters. Ministry of Defense and Ministry of Home Affairs are responsible for announcing and managing Key Point Installation (KPI). There is no impediment to media disclosure of information about any weakness, mismanagement, etc. by the critical information infrastructure.