The IT Law Wiki


The critical information infrastructure (CII) is

[a]ny physical or virtual information system that controls, processes, transmits, receives or stores electronic information in any form including data, voice, or video that is:
  • Vital to the functioning of critical infrastructure;
  • So vital to the United States that the incapacity or destruction of such systems would have a debilitating impact on national security, national economic security, or national public health and safety; or
  • Owned or operated by or on behalf of a State, local, tribal, or territorial government entity.[1]


It includes the systems, services, networks and infrastructures that form a vital part of a nation's economy and society, either providing essential goods and services or constituting the underpinning platform of other critical infrastructures. CII includes the public telephone network, the Internet, and terrestrial and satellite wireless networks. They are regarded as critical information infrastructures since their disruption or destruction would have a serious impact on vital societal functions.

CII underpins the vast majority of physical infrastructure and is increasing as these infrastructures are linked together. The complex nature of large distributed networks makes the cyber layer extremely difficult to assess and analyse discretely, but relatively easy to compromise given the ever-expanding attack surface (i.e. connected devices).[2]


Risks to the CII include man-made attacks, natural disasters and technical failures. The high dependence on CIIs, their cross-border interconnectedness and interdependencies with other infrastructures, as well as the vulnerabilities and threats they face raise the need to address their security and resilience in a systemic perspective as the frontline of defense against failures and attacks.

The rise of the Internet as a key CII requires particular attention to its resilience and stability. The Internet, thanks to its distributed, redundant design has proven to be a very robust infrastructure. However, its phenomenal growth has produced a rising physical and logical complexity and the emergence of new services and uses. It is fair to question the capability of the Internet to withstand the rising number of disruptions and cyberattacks.