India Issues A Directive For Reporting Cyber Incidents

Uploaded on 2022-05-09 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The Indian government has issued new directives requiring organisations to report cyber security incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.

The policy will come into effect within 60 days. It will have far-reaching ramifications as to how the entities mentioned above collect and store, the period for which it will be stored and the mandatory need to share it with the government in case of a breach.

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country set out in the provisions of section 70B of the Indian  Information Technology Act, 2000.  

  • CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. 
  • CERT-In also regularly issues advisories to organisations and users to enable them to protect their data/information and ICT infrastructure. 
  • CERT-In calls for information from service providers, intermediaries, data centres and corporate organisations to coordinate response activities and emergency measures. 

This requirement was originally promoted by CERT-In after it  identified specific gaps causing difficulties in security incident analysis and response, and how to more actively address them. These measures and various other provisions were published and were integrated into section 70B of the Information Technology (IT) Act, 2000, so they are part of the Indian law, entering into force in 60 days.

The ministry of electronics and information technology has underlined its first ever cyber security policy, asking service providers, intermediaries, data centres, body corporates and government organisations to  report any breaches or leaks within six hours of them being flagged. “Any service provider, intermediary, data centre, body corporate and government organisation shall  report cyber incidents to CERT-In .. within six hours of finding such incidents or being brought to notice about such incidents,” the policy says.

Incident Reporting

A “cyber incident” is defined under the Information Technology Rules as “any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation.”

Examples of cyber incidents that must be reported include:

  • Compromise of critical systems.
  • Targeting scanning.
  • Unauthorized access to computers and social media accounts.
  • Attacks against servers and network appliances like routers and IoT devices.
  • Website defacements, malware deployments, identity theft, DDoS attacks, data breaches, leaks rogue mobile apps.

The most significant requirement is that any Internet service provider, intermediary, data centre, or government organisation, shall report these incidents to CERT-In within six hours of their discovery

Also included are malicious code attacks (such as the spreading of viruses, worm, Trojan, bots, spyware, ransomware or cryptominers), attacks on servers (such as database, mail DNS and network devices); identity theft, spoofing and phishing attacks; data breach; data leak; and attacks or malicious/suspicious activities affecting cloud computing systems/servers/software/applications.

India.gov:    Hindustan Times:    BleepingComputer:    Lexology:    The Hacker News:    National Law Review:      

You Might Also Read: 

Cyber Security Standards For Critical Infrastructure:


 

« A History Of Cyber Security
Anonymous Launch An Attack On Rosneft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

Persona

Persona

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Odaseva

Odaseva

Odaseva delivers the strongest data security solution for enterprises running on Salesforce, safeguarding confidentiality and integrity of critical business information.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.

Mesh Security

Mesh Security

Mesh Security transforms security data, tools, and infra for enterprise-wide visibility and control.