Article Image

How Does the Centre for the Protection of National Infrastructure (CPNI) Protect UK National Security?

June 22, 2021

Centre for the Protection of National Infrastructure (CPNI) Protects UK National Security We continue to learn significant lessons amidst the extreme hardships organizations collectively faced during the past year. One key fact is the protection of people will, and should, come above all else. Where health, safety, and security was simply “protocol” in the past, such policies are now at the forefront of people’s minds. They are vital to instilling confidence as restrictions reduce and worldwide lockdowns end in line with the progress of vaccination programs. Instating the right infrastructure to properly protect people and provide peace is far from straightforward. Today, we face an ever-expanding threat landscape spanning physical and digital spheres, the combating of which requires continual ingenuity in order to stay one step ahead. But with so many varied solutions on the market, how can organizations identify the innovations to best meet their health, safety, and security needs? The Centre for the Protection of National Infrastructure (CPNI) In the United Kingdom, this responsibility lies with the Centre for the Protection of National Infrastructure (CPNI) – the government authority providing protective security advice to the country’s national infrastructure. 

How Does the Centre for the Protection of National Infrastructure (CPNI) Protect UK National Security?

With its policies informed by the National Security Strategy, National Risk Register, and Counter Terrorism Strategy, the role of the Centre for the Protection of National Infrastructure is simple: to protect UK national security by reducing the country’s vulnerability to a variety of threats such as terrorism, sabotage, and espionage. 
This purpose is delivered to a broad variety of stakeholders. The UK CNPI works with key partners in policy, industry,and academia, its insights spanning physical, personnel, and cybersecurity. A significant part of its remit is recommending state-of-the-art physical security equipment meeting only the most stringent certification requirements. Identiv CPNI Diagram

How Do I Become Compliant with the UK CNPI?

All products compliant with the Centre for the Protection of National Infrastructure are listed in its Catalogue of Security Equipment (CSE), provided to help security practitioners identify appropriate and effective physical security equipment. Each of these products are evaluated against specific CPNI security standards. Identiv’s suite of advanced access control solutions is approved for use in some of the world’s most security-sensitive organizations, including many UK government agencies, with many of our approved products listed on CSE.  Our Hirsch physical access control system (PACS) solution, for example, provides highly scalable, end-to-end physical security from the door to the server cluster, making it ideal for mission-critical environments where deep encryption standards are paramount. The question for many companies is, how do they achieve Centre for the Protection of National Infrastructure compliance with their products? The organization stipulates two key criteria need to be met:
  1. The product must achieve a rating in accordance with a CPNI recognized test standard and must be documented within a compliant Test Report or assessment.
  2. The testing must be compliant and take place at an independent accredited test house.
This testing is vital. Upon completion, the Centre for the Protection of National Infrastructure convenes a panel of experts to assess the results of the evaluation. Successful products are then awarded a grading for two criteria: Class Rating and Protection Level.  Securing a rating is by no means an easy endeavor.
“It must be stressed that CPNI are assessing products for use in high security environments. As a result, the evaluations carried out are well above the standard expected of a ‘normal’ security product. Relatively few products pass, so even the ‘lowest’ CPNI grading still points to a very capable product.” The Centre for the Protection of National Infrastructure

CPNI UK’s Class Rating and Protection Level

Read on to see how the UK CPNI’s Class Rating and Protection Level differ.  A Class Rating is given to a product capable of defending against a surreptitious attack, where a party will usually seek to gain access to classified material for nefarious reasons. This can include the theft of information, denial of service, installation of malicious software, or other cyberattacks.  These attackers will try to go undetected. The Class Rating is based on a product’s ability to detect this threat. A CPNI Protection Level is given to a product capable of demonstrating resistance to a forced attack. Here, the attacker's goal is to bypass, break, or defeat a product in one way or another to gain entry, a typical example being a terrorist attack.  As a result, Protection Level is based on the product’s ability to delay or even prevent the attack.  Not all products in the Centre for the Protection of National Infrastructure’s CSE rate in both areas. Some products may only relate to or be classified by one of these ratings.  For the best level of protection, companies must opt to leverage a combination of Protection Level and Class Rating products to achieve a sound level of security. Layered security is vital to the strength of any overall security posture. Learn more about CPNI compliance and connect with Identiv’s EMEA team of physical security experts, visit emea.identiv.com. For more information about our complete suite of advanced access control solutions, contact us today at sales@hirschsecure.com or +1 888.809.8880. CPNI Identiv Products