Critical Information Infrastructure Protection Initiative

The GFCE-Meridian initiative aims to support government policy makers with responsibility for Critical Information Infrastructure Protection (CIIP) to understand the implications and consequences of cybersecurity issues and to maintain an awareness of current developments. By working together in a global initiative, the initiators leverage their CIIP expertise for the benefit of a broader audience to help develop CIIP capabilities, particularly in developing countries. This initiative is run by the Meridian Community, a large group of officials from 60+ countries. Since 2005, with the help of the Meridian Coordinator, a different country volunteers each year to organise the Annual Meridian CIIP  Conference for government CIIP policy officials.

The Meridian Conference about CIIP capability development in Spain 2015

CIIP – a vital component of cyber security

CIIP is a vital component of cybersecurity that is sometimes overlooked in favour of more obvious aspects such as cybercrime and awareness-raising. Most countries understand the need to protect their critical infrastructures such as rail networks, power stations, airports etc, and any cross-border infrastructures such as gas pipelines and water supply systems. It is even more important however to protect the Critical Information Infrastructures such as telecommunications and data networks, financial systems and process control systems, because these don’t just cross borders, but are connected to every other part of the world, through the internet and other networks. That means they are all dependent on each other’s security, as the weakest link can cause vulnerabilities for many others. It is therefore of ever-increasing importance to us all.

So far there has been no GFCE initiative exclusively focused on CIIP policy. The Meridian Community can draw on its expertise, resources and experience to address this gap.

Access to CIIP expertise and the Meridian platform

Country participants of this initiative will automatically get access to the Meridian Community. This means access to the annual Meridian Conference, and subsequently the Meridian members’ portal (CIIP best practices , CIIP directory with expert contacts, etc). GFCE members who are already part of the Meridian Community are encouraged to participate in this initiative to improve knowledge sharing within the Meridian Community.

To cater to the needs of developing countries the GFCE-Meridian initiative includes brokering special sponsor or ‘Buddy’ relationships with current Meridian Community members. The annual Meridian conference format can also include a special workshop day directly preceding the Meridian conference to establish a baseline of CIIP knowledge, where required.

Deliverables

• Global Good Practices: Critical Information Infrastructure Protection (CIIP)
• The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers
• Companion Document to the GFCE-MERIDIAN GPGuide on CIIP

Expected outcomes in 2017 and beyond

• A CIIP Training Package for use as a ‘Roadshow’ or as part of a modular CIIP/Cybersecurity Awareness programme is due to be developed in late 2017-2018.
• The GFCE-Meridian Buddying programme is being trialled and will be further developed and promoted.

Participating members & partners

• Spain
• Switzerland
• Norway
• The Netherlands

Participation in this initiative is open to all members of the GFCE. In particular, developing countries are encouraged to participate.