The declaration of 29 key government institutions as critical information infrastructures (CII) will not obstruct journalism in any way, the ICT Division has said.

In a statement issued yesterday, it said, “There is no hindrance in disclosing information about any weakness, mismanagement, etc, by the media under declaration of CII by ICT Division, rather media reporting will be helpful for the authorities to take appropriate measures to strengthen cyber defence.” 

On October 2, the government issued a gazette declaring 29 institutions, including the Prime Minister’s Office, central and state-owned banks, and the national identity and immigration departments, as “critical information infrastructure”, officially declaring illegal access to their information as a punishable offence.

This was done in purview of the Digital Security Act, which states that offences like illegal access can be dealt with punishments as strict as life imprisonment.

While the law does not define what constitutes “illegal access”, the ICT Division clarified the term in yesterday’s statement.

“The Digital Security Act protects only intrusion to CII network, storage, servers by hackers to steal money, information etc.

“The intrusion under the DSA-2018 refers only to the illegal entry with the intent of hacking in the physical or virtual IT Infrastructure,” it read.

Signed by Tarique M Barkatullah, director of Bangladesh Computer Council, the statement said “declaring critical information infrastructure is limited to the securing of the information technology infrastructure”.

“There is a difference between Critical Information Infrastructure [CII] and Key Point Installation [KPI],” said the statement.

“The declaration of the Critical Information Infrastructure only ensures adherence to national standards for the secure management and operation of information technology dependent networks.

“The important information infrastructure here is not the organisation, but the information technology-based network, data centre, data transmission etc. only.”

The statement further read, “On the other hand, the government-declared Key Point Installation [KPI] controls the management of personnelaccess to organizations, code of conduct of security guards, and other related matters. The Ministry of Defense and Ministry of Home Affairs are responsible for announcing and managing the key point installations.

“The declaration of CIIs is necessary to check the recurrence of the Bangladesh Bank-like heist, loss of credit and debit card information of citizens, disruptions of utility services etc,” it added.

Earlier on October 19, the Editors’ Council had issued a statement stating that the declaration of CII will create and “added pressure and obstacle” in gathering information by journalists in Bangladesh.