A Framework for Determination of Critical National Information Infrastructure in Nigeria.

Abstract

Critical infrastructures (CI) at the national or organizational level is nowadays seen as both inclusive of and dependent on the Information Communications Technology (ICT) infrastructure for interconnecting and driving other infrastructures for sustained productivity, efficiency and growth. The interconnections that ICT facilitate through global and national networks however also make CI and Critical National Information Infrastructure (CNII) highly susceptible to malicious cyber-attacks sponsored by rival or antagonistic actors. Hence, nations must design and deploy strategic plans for CNII protection against such attacks. In Nigeria, the 2015 Cybercrimes (Prohibition and Prevention) Act empowers the President to designate and protect certain assets or services as CNII. However, there is currently no scientific framework or criteria in the country for determining which information assets, services and functions qualify as CNII. This paper presents a framework for identifying, characterizing and properly designating CNII in Nigeria based on descriptive, analytical and design research processes. The methodology entailed analysis and synthesis of concepts and ideas relating to CNII definitions, design, protection and management proposed or deployed for other countries. The outcome is a robust framework that defines logical steps for the identification, assessment and proper designation of CNI for Nigeria and possibly other developing countries. The research steps involved the characterization of CI, determination of CI dependencies on ICT, and measurement of the criticality of such dependencies. Planned future work would within the framework would then focus on the design and development of mathematical and computational constructs, algorithms to create automated tools for the computation, visualisation and comparison of the criticality metrics different components of CNII.