Critical Information Infrastructure (CII) is the computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety.
In today’s digital age, Cll is interconnected across national borders. The functioning of essential services and critical sectors, such as energy, transportation, finance, healthcare, and communications, relies heavily on interconnected information systems and networks. Disruptions or compromises in one country’s CII can have cascading effects on other nations, leading to economic, social, and security implications. The global nature of CII necessitates international cooperation and coordination to ensure its proper functioning and resilience.
Cyber threats and attacks targeting CII are not limited to specific countries or regions. Cybercriminals, hacktivists, state-sponsored actors, and other malicious entities operate across borders, posing risks to CII globally. These shared threats necessitate collaborative efforts among nations to develop common strategies, share threat intelligence, and enhance cybersecurity capabilities.
In this context, G20 can play crucial role in establishing global norms in safeguarding the CII:

• Common definition and consensus over critical sectors: The G20 can arrive at common principles for the protection of critical infrastructure-first, establishing a common definition; next, building a broader consensus on the critical sectors; and finally, arriving at common principles for regulating critical infrastructure.
• Developing common standards/norms: The G20 can play a crucial role in promoting the development of international standards and norms for the protection of CII. It can encourage the collaboration of member states and relevant international organizations, such as the International Telecommunication Union (ITU) and the International Standards Organization (ISO), to develop consensus-based standards that address the specific needs and vulnerabilities of CII.
• International cooperation: The G20 countries can cooperate to prevent, mitigate, trace, and investigate cyber incidents and other malicious activities in cyberspace, and share information regarding such incidents if they target critical infrastructure.
• Capacity building: It can invest in research and development and build capacity in emerging technologies such as Al, drones, and space, and support low- and middle-income countries in accessing such research and technologies.
  • Further, the G20 countries can respond to requests for assistance from other states, whose critical infrastructure has been affected and encourage the application of certified security technologies as per international standards.
• Institutional mechanism: It can create an institutional mechanism for continuous research on and establishment of new standards for protecting critical infrastructure and assessing their implementation. Learnings should be drawn from initiatives like the Christchurch Call, which showcased the importance of public-private partnership in establishing a global order for a safe cyberspace.

Thus, by leveraging its global position, G20 can contribute to the development of a secure and resilient digital environment globally.