Bangladesh declares 29 organisations Critical Information Infrastructure

The government has declared 29 organisations Critical Information Infrastructure under the Digital Security Act for the safety of data.

The law has provisions to penalise illegal access to computers, digital devices or networks to breach the information system and obstruct the management of data within the infrastructure, reports bdnews24.com.

According to the Digital Security Act, Critical Information Infrastructure means any external or virtual information infrastructure declared by the government that controls, processes, circulates or preserves any information-data or electronic information and, if damaged or critically affected, may adversely affect public safety or financial security or public health and national security or national integrity or sovereignty.

The organisations named in a notice issued by the ICT Division on Monday are:

• President’s office

• Prime Minister's Office

• National Board of Revenue

• Bangladesh Data Center Company Ltd

• Bridges Division

• Department of Immigration and Passports

• National Data Center of Bangladesh Computer Council

• Bangladesh Telecommunication Regulatory Commission

• National Identity Registration Wing of Election Commission Secretariat

• Central Procurement Technical Unit

• Rooppur Nuclear Power Plant Establishment Project

• Biman Bangladesh Airlines

• Immigration Police

• Bangladesh Telecommunication Company Ltd

• Bangladesh Water Development Board

• Power Grid Company of Bangladesh

• Titas Gas Transmission and Distribution Company Ltd

• Bangabandhu Satellite Company Ltd

• Civil Aviation Authority Bangladesh

• Birth and Death Registration unit of the Office of the Registrar General

• Bangladesh Bank

• Sonali Bank

• Agrani Bank

• Janata Bank

• Rupali Bank

• Central Depository Bangladesh Ltd

• Bangladesh Securities and Exchange Commission

• Dhaka Stock Exchange

• Chattogram Stock Exchange

Section 15 of the Digital Security Act allows the government to declare any computer system, network or information infrastructure Critical Information Infrastructure.

The following section states directors general of the digital security agency shall monitor and inspect any Critical Information Infrastructure when necessary to ensure whether the provisions of the act are properly complied with, and submit a report to the government.

It further mandates the declared Critical Information Infrastructures to submit an inspection report to the government every year and communicate the subject matter of the report to the director general.

The law allows a director general to launch an inquiry if he thinks that activity of an individual in any matter within his jurisdiction is threatening or detrimental to any critical information infrastructure.

It also stipulates inspection and examination of safety of any Critical Information Infrastructure by a digital security expert.

It states anyone causing or trying to cause damage to a Critical Information Structure or render it inactive intentionally through illegal access will be doing an offence.

The law defines illegal access as “making or abetting to make illegal access to any computer, computer system or computer network” and “making or abetting to make illegal access with intent to commit an offence”.

It says illegal access to a Critical Information Infrastructure will be punished with imprisonment for a maximum term of seven years, or a fine not exceeding Tk 2.5 million, or both.

Accessing the systems illegally with the intent of harming it will carry a prison term for a maximum of 14 years, or a fine not exceeding Tk 10 million, or both.

A second or further attempt to breach the system illegally will be met with imprisonment for life, or fine not exceeding Tk 50 million, or both.