India Issues A Directive For Reporting Cyber Incidents

Uploaded on 2022-05-09 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The Indian government has issued new directives requiring organisations to report cyber security incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.

The policy will come into effect within 60 days. It will have far-reaching ramifications as to how the entities mentioned above collect and store, the period for which it will be stored and the mandatory need to share it with the government in case of a breach.

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country set out in the provisions of section 70B of the Indian  Information Technology Act, 2000.  

  • CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. 
  • CERT-In also regularly issues advisories to organisations and users to enable them to protect their data/information and ICT infrastructure. 
  • CERT-In calls for information from service providers, intermediaries, data centres and corporate organisations to coordinate response activities and emergency measures. 

This requirement was originally promoted by CERT-In after it  identified specific gaps causing difficulties in security incident analysis and response, and how to more actively address them. These measures and various other provisions were published and were integrated into section 70B of the Information Technology (IT) Act, 2000, so they are part of the Indian law, entering into force in 60 days.

The ministry of electronics and information technology has underlined its first ever cyber security policy, asking service providers, intermediaries, data centres, body corporates and government organisations to  report any breaches or leaks within six hours of them being flagged. “Any service provider, intermediary, data centre, body corporate and government organisation shall  report cyber incidents to CERT-In .. within six hours of finding such incidents or being brought to notice about such incidents,” the policy says.

Incident Reporting

A “cyber incident” is defined under the Information Technology Rules as “any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation.”

Examples of cyber incidents that must be reported include:

  • Compromise of critical systems.
  • Targeting scanning.
  • Unauthorized access to computers and social media accounts.
  • Attacks against servers and network appliances like routers and IoT devices.
  • Website defacements, malware deployments, identity theft, DDoS attacks, data breaches, leaks rogue mobile apps.

The most significant requirement is that any Internet service provider, intermediary, data centre, or government organisation, shall report these incidents to CERT-In within six hours of their discovery

Also included are malicious code attacks (such as the spreading of viruses, worm, Trojan, bots, spyware, ransomware or cryptominers), attacks on servers (such as database, mail DNS and network devices); identity theft, spoofing and phishing attacks; data breach; data leak; and attacks or malicious/suspicious activities affecting cloud computing systems/servers/software/applications.

India.gov:    Hindustan Times:    BleepingComputer:    Lexology:    The Hacker News:    National Law Review:      

You Might Also Read: 

Cyber Security Standards For Critical Infrastructure:


 

« A History Of Cyber Security
Anonymous Launch An Attack On Rosneft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

APWG

APWG

APWG is the international coalition unifying the global response to cybercrime across industry, government, law-enforcement and NGO communities.

CSIRT Panama

CSIRT Panama

CSIRT Panama is the national Computer Incident Response Team for Panama.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Bluink

Bluink

Bluink specializes in identity and access management and customer identity verification, using your smartphone as a strong authenticator and secure identity store.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Tapestry Technologies

Tapestry Technologies

Tapestry Technologies supports the Department of Defense in shaping its approach to cybersecurity.

Contechnet Deutschland

Contechnet Deutschland

Contechnet Deutschland started as a specialist in the area of IT disaster recovery and has since broadened its portfolio into information security and data protection.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Red Maple Technologies

Red Maple Technologies

Started and run by engineers from the UK Intelligence and Defence communities, Red Maple is a technical consultancy and product company.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.