A comprehensive instrument for identifying critical information infrastructure services

Abstract

The identification of Critical Information Infrastructure (CII) services has become a top priority for governments and organizations, and is a crucial component of a sound cyber security policy. As the interconnectivity of essential services spreads, the probability of disruptions increases as does the vulnerability of all Critical Infrastructure (CI) sectors. The impact of an undue interruption of essential services may initiate a devastating cascading effect and the collapse of a country’s infrastructures system. The purpose of this work is to propose a framework for countries that are in the process of defining CII or that wish to reassess their definitions to enhance security measures. This paper proposes a methodology that supports the escalated identification of CII services on the basis of two analytical components: the identification of main stakeholders; and, an illustrative framework called the 360-DEGREE-FEEDBACK that seeks to apply a comprehensive and beneficial framework for security and analyses. This study combines qualitative and quantitative methods, benchmarking theoretical contributions, and relying mainly on documentary analysis and secondary statistical data from official sources.