The government has declared 29 organisations Critical Information Infrastructure under the Digital Security Act to protect digital asset.
The law has provisions to penalise illegal access to computers, digital devices or networks to breach the information system and obstruct the management of data within the infrastructure.
According to the Digital Security Act, Critical Information Infrastructure means any external or virtual information infrastructure declared by the government that controls, processes, circulates or preserves any information-data or electronic information and, if damaged or critically affected, may adversely affect public safety or financial security or public health and national security or national integrity or sovereignty.
The organisations named in a notice issued by the ICT Division on Monday are:
Prime Minister's Office
National Board of Revenue
Bangladesh Data Center Company Ltd
Department of Immigration and Passports
National Data Center of Bangladesh Computer Council
Bangladesh Telecommunication Regulatory Commission
National Identity Registration Wing of Election Commission Secretariat
Central Procurement Technical Unit
Rooppur Nuclear Power Plant Establishment Project
Biman Bangladesh Airlines
Bangladesh Telecommunication Company Ltd
Bangladesh Water Development Board
Power Grid Company of Bangladesh
Titas Gas Transmission and Distribution Company Ltd
Bangabandhu Satellite Company Ltd
Civil Aviation Authority Bangladesh
Birth and Death Registration unit of the Office of the Registrar General
Central Depository Bangladesh Ltd
Bangladesh Securities and Exchange Commission
Dhaka Stock Exchange
Chattogram Stock Exchange
Section 15 of the Digital Security Act allows the government to declare any computer system, network or information infrastructure Critical Information Infrastructure.
The following section states directors general of the digital security agency shall monitor and inspect any Critical Information Infrastructure when necessary to ensure whether the provisions of the act are properly complied with, and submit a report to the government.
It further mandates the declared Critical Information Infrastructures to submit an inspection report to the government every year and communicate the subject matter of the report to the director general.
The law allows a director general to launch an inquiry if he thinks that activity of an individual in any matter within his jurisdiction is threatening or detrimental to any critical information infrastructure.
It also stipulates inspection and examination of safety of any Critical Information Infrastructure by a digital security expert.
It states anyone causing or trying to cause damage to a Critical Information Structure or render it inactive intentionally through illegal access will be doing an offence.
The law defines illegal access as “making or abetting to make illegal access to any computer, computer system or computer network” and “making or abetting to make illegal access with intent to commit an offence”.
It says illegal access to a Critical Information Infrastructure will be punished with imprisonment for a maximum term of seven years, or a fine not exceeding Tk 2.5 million, or both.
Accessing the systems illegally with the intent of harming it will carry a prison term for a maximum of 14 years, or a fine not exceeding Tk 10 million, or both.
A second or further attempt to breach the system illegally will be met with imprisonment for life, or fine not exceeding Tk 50 million, or both.