Translate page into
« Go back to list

Centre for the Protection of National Infrastructure (CPNI)

Practice image
Practice provided by
If you are a public official, please sign in to see the contact details of the innovator.

Type of organisation: The UK’s Centre for the Protection of National Infrastructure

Country: United Kingdom

Level of government: Central government

Type of practice: Legal instrument or regulation

Type of hazard or threat:

Risk management theme: Crisis management & preparedness, Risk assessment, Risk prevention & mitigation

The Centre for the Protection of National Infrastructure (CPNI) protects national security by providing advice to the UK national infrastructure organisations, covering physical, personnel and cyber security. To achieve protective security in the national infrastructure sectors, the CPNI supports vulnerability reduction efforts to terrorism and other threats, keeping the UK's essential services (delivered by communications, emergency services, energy, finance, food, government, health, transport and water sectors) safer. Without these servcies, the UK could suffer serious consequences, including severe economic damage, grave social disruption, or even large scale loss of life. CPNI advice primarily targets critical national infrastructure organisations, which are crucial to the continued delivery of essential services to the UK. CPNI works both with private and public sector partners. Key partners include as the National Technical Authority for Information Assurance (CESG) and the police - National Counter Terrorism Security Office (NaCTSO) and the Counter Terrorism Security Advisor (CTSA) network, as well as critical national infrastructure businesses and organisations. CPNI was formed on 1 February 2007 from the merger of the National Infrastructure Security Co-ordination Centre (NISCC) and the National Security Advice Centre (NSAC). NISCC used to provide advice to companies operating in critical national infrastructure, while NSAC was a unit within MI5 that provided security advice to other parts of the UK government.

Why the good practice was developed

National critical infrastructure is recognised as “‘those critical elements of infrastructure” (namely assets, facilities, systems, networks or processes and the essential workers that operate and facilitate them), the loss or compromise of which could result in: a) major detrimental impact on the availability, integrity or delivery of essential services – including those services, whose integrity, if compromised, could result in significant loss of life or casualties – taking into account significant economic or social impacts; and/or b) significant impact on national security, national defence, or the functioning of the state. Achieving protective security, i.e. 'putting in place, or building into design, security measures or protocols such that threats may be deterred, detected, or the consequences of an attack minimised', in critical infrastructure is therefore crucial to prevent severe economic damage, social disruption or large scale loss of lives.


  • Support vulnerability reduction efforts to terrorism and other threats in the UK’s critical infrastructure

  • Address major threats as identified in the UK National Security Strategy, i.e. espionage, terrorism, cyber and other threats

  • Provide security advice and security planning services to critical infrastructure operators

  • Protect national security



Service quality


User satisfaction

Results not available yet


In recent years, the CPNI has issued periodic warnings about increasing levels of cybercrime. Securing digital systems, including open wireless access points, implementing strong firewalls and encrypting communications are all important priorities, analogous to securing physical property and facilities.

Lessons Learned

  • TBD