OECD - Protection of Critical Information Infrastructures
OECD - Recommendation of the Council on the Protection of Critical Information Infrastructures, 2008.
The OECD Council Recommendation on the Protection of Critical Information Infrastructures provides a high level policy framework for the development of a national policy and international cooperation for CIIP.
The Recommendation reflects a shared understanding of the concept of Critical Information Infrastructures (CII) and of how national CII are identified across countries. It calls for the introduction and maintenance of effective policy frameworks to implement the OECD Security Guidelines in relation to the protection of CII and makes recommendations with respect to the protection of CII at the domestic level and across borders.
The Recommendation focuses on how governments should demonstrate leadership and commitment regarding CIIP, manage risks to CII and work in partnership with private sector. It also calls for bilateral and multilateral cooperation at regional and global levels, for example to share knowledge and experience, develop a common understanding and share information.
This Recommendation builds on the findings of a comparative analysis of policies in seven OECD countries in 2006-2007. At that time, the concept of CII was emerging and there was no agreement across countries on what it meant. Some countries did not even use these terms at all. The comparative analysis helped develop a shared understanding of the concept.
The report also analysed commonalities and differences across countries in areas such as how the policies are developed, what they include, risk management practices, strategies to mitigate vulnerabilities and monitor threats, roles and responsibilities, cross-border co-operation, public-private co-operation and information sharing at international level.
In December 2013, the OECD Committee on Digital Economy Policy (CDEP, formerly ICCP) agreed to start its review of the Recommendation in December 2014.