Under the Information Technology (IT) Act, 2000, a “Protected System” refers to any computer resource which the government designates as critical to national security, defense, economy, public safety, or law enforcement.
These systems are considered so vital that unauthorized access to them is treated as a serious cyber offence, with strict legal penalties.
Legal Reference
Section 70 of the IT Act, 2000 deals with Protected Systems:
- The appropriate government (Central or State) can, by notification in the Official Gazette, declare any computer system or network as a “Protected System”.
- Only authorized personnel can access such systems.
- Violation of this provision is punishable under the Act.
Examples of Protected Systems
- Government or military databases and communication systems
- National power grid control systems
- Air traffic control and railway signalling networks
- Financial regulatory systems like those used by RBI or SEBI
- National identity databases (e.g., Aadhaar systems)
Who Manages Access to Protected Systems?
The government may authorize specific agencies, officials, or departments to manage access. It may also establish rules for:
- Granting, denying, or revoking access
- Security protocols and audits
- Monitoring and compliance checks
Penalty for Unauthorized Access
Under Section 70(5) of the IT Act, anyone who:
- Secures access to a protected system without authorization
- Downloads, copies, or extracts data
- Introduces malware
- Or causes disruption
Can face:
- Imprisonment up to 10 years
- Fine, or both
Purpose and Importance
Maintains trust in digital governance systems
Ensures critical infrastructure is protected from cyber attacks
Prevents espionage, sabotage, and data theft
Supports national security and public welfare
