India Issues A Directive For Reporting Cyber Incidents

The Indian government has issued new directives requiring organisations to report cyber security incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.

The policy will come into effect within 60 days. It will have far-reaching ramifications as to how the entities mentioned above collect and store, the period for which it will be stored and the mandatory need to share it with the government in case of a breach.

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country set out in the provisions of section 70B of the Indian  Information Technology Act, 2000.  

  • CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. 
  • CERT-In also regularly issues advisories to organisations and users to enable them to protect their data/information and ICT infrastructure. 
  • CERT-In calls for information from service providers, intermediaries, data centres and corporate organisations to coordinate response activities and emergency measures. 

This requirement was originally promoted by CERT-In after it  identified specific gaps causing difficulties in security incident analysis and response, and how to more actively address them. These measures and various other provisions were published and were integrated into section 70B of the Information Technology (IT) Act, 2000, so they are part of the Indian law, entering into force in 60 days.

The ministry of electronics and information technology has underlined its first ever cyber security policy, asking service providers, intermediaries, data centres, body corporates and government organisations to  report any breaches or leaks within six hours of them being flagged. “Any service provider, intermediary, data centre, body corporate and government organisation shall  report cyber incidents to CERT-In .. within six hours of finding such incidents or being brought to notice about such incidents,” the policy says.

Incident Reporting

A “cyber incident” is defined under the Information Technology Rules as “any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation.”

Examples of cyber incidents that must be reported include:

  • Compromise of critical systems.
  • Targeting scanning.
  • Unauthorized access to computers and social media accounts.
  • Attacks against servers and network appliances like routers and IoT devices.
  • Website defacements, malware deployments, identity theft, DDoS attacks, data breaches, leaks rogue mobile apps.

The most significant requirement is that any Internet service provider, intermediary, data centre, or government organisation, shall report these incidents to CERT-In within six hours of their discovery

Also included are malicious code attacks (such as the spreading of viruses, worm, Trojan, bots, spyware, ransomware or cryptominers), attacks on servers (such as database, mail DNS and network devices); identity theft, spoofing and phishing attacks; data breach; data leak; and attacks or malicious/suspicious activities affecting cloud computing systems/servers/software/applications.

India.gov:    Hindustan Times:    BleepingComputer:    Lexology:    The Hacker News:    National Law Review:      

You Might Also Read: 

Cyber Security Standards For Critical Infrastructure:


 

« A History Of Cyber Security
Anonymous Launch An Attack On Rosneft »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Pyramid Computer

Pyramid Computer

Pyramid Computer provides custom enterprise solutions for Industrial PC, Imaging, Network, Security, POS, Indoor Positioning and Automation.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology (NIST)

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

SureVine

SureVine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

Servian

Servian

Servian is one of Australia's leading IT consultancies, with expertise in cloud, data, machine learning, DevOps and cybersecurity.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.