India Issues A Directive For Reporting Cyber Incidents

Uploaded on 2022-05-09 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The Indian government has issued new directives requiring organisations to report cyber security incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.

The policy will come into effect within 60 days. It will have far-reaching ramifications as to how the entities mentioned above collect and store, the period for which it will be stored and the mandatory need to share it with the government in case of a breach.

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country set out in the provisions of section 70B of the Indian  Information Technology Act, 2000.  

  • CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. 
  • CERT-In also regularly issues advisories to organisations and users to enable them to protect their data/information and ICT infrastructure. 
  • CERT-In calls for information from service providers, intermediaries, data centres and corporate organisations to coordinate response activities and emergency measures. 

This requirement was originally promoted by CERT-In after it  identified specific gaps causing difficulties in security incident analysis and response, and how to more actively address them. These measures and various other provisions were published and were integrated into section 70B of the Information Technology (IT) Act, 2000, so they are part of the Indian law, entering into force in 60 days.

The ministry of electronics and information technology has underlined its first ever cyber security policy, asking service providers, intermediaries, data centres, body corporates and government organisations to  report any breaches or leaks within six hours of them being flagged. “Any service provider, intermediary, data centre, body corporate and government organisation shall  report cyber incidents to CERT-In .. within six hours of finding such incidents or being brought to notice about such incidents,” the policy says.

Incident Reporting

A “cyber incident” is defined under the Information Technology Rules as “any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation.”

Examples of cyber incidents that must be reported include:

  • Compromise of critical systems.
  • Targeting scanning.
  • Unauthorized access to computers and social media accounts.
  • Attacks against servers and network appliances like routers and IoT devices.
  • Website defacements, malware deployments, identity theft, DDoS attacks, data breaches, leaks rogue mobile apps.

The most significant requirement is that any Internet service provider, intermediary, data centre, or government organisation, shall report these incidents to CERT-In within six hours of their discovery

Also included are malicious code attacks (such as the spreading of viruses, worm, Trojan, bots, spyware, ransomware or cryptominers), attacks on servers (such as database, mail DNS and network devices); identity theft, spoofing and phishing attacks; data breach; data leak; and attacks or malicious/suspicious activities affecting cloud computing systems/servers/software/applications.

India.gov:    Hindustan Times:    BleepingComputer:    Lexology:    The Hacker News:    National Law Review:      

You Might Also Read: 

Cyber Security Standards For Critical Infrastructure:


 

« A History Of Cyber Security
Anonymous Launch An Attack On Rosneft »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

BlackBerry Cybersecurity

BlackBerry Cybersecurity

Blackberry provides intelligent security software and services to enterprises and governments around the world.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Protectt.ai Labs

Protectt.ai Labs

Protectt.ai Labs is India’s first mobile security start up building awareness & providing solutions for mobile app, device & transaction security.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.