New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours
CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.
The Indian Computer Emergency Response Team (CERT-In) issued new cyber incident reporting guidelines, including the requirement for service providers, intermediaries, data centers, corporations, and government agencies to report cyber incidents to the regulator within six hours.
The new government-issued cybersecurity rules will take effect in 60 days.
Incidents requiring immediate CERT-In notification include:
Targeted scanning/probing of critical networks/systems
Compromise of critical systems/information
Unauthorized access of IT systems/data
Defacement of website or intrusion into a website and unauthorized changes such as inserting malicious code, links to external websites, etc.
Malicious code attacks such as spreading of virus/ worm/ Trojan/ bots/ spyware/ ransomware/ cryptominers
Attack on servers such as database, mail, and DNS, and network devices such as routers
Identity theft, spoofing, and phishing attacks
Denial of service (DoS) and distributed denial of service (DDoS) attacks
Attacks on critical infrastructure, SCADA and operational technology systems, and wireless networks
Attacks on applications such as e-governance, e-commerce, etc.
Data breach
Data leak
Attacks on Internet of Things (IoT) devices and associated systems, networks, software, and servers
Attacks or incident affecting digital payment systems
Attacks through malicious mobile apps
Fake mobile apps
Unauthorized access to social media accounts
Attacks or malicious/ suspicious activities affecting cloud computing systems/ servers/ software/ applications
Attacks or malicious/suspicious activities affecting systems/ servers/ networks/ software/ applications related to big data, blockchain, virtual assets, virtual asset exchanges, custodian wallets, robotics, 3D and 4D printing, additive manufacturing, and drones
Attacks or malicious/ suspicious activities affecting systems/ servers/software/ applications related to artificial intelligence and machine learning
Other new rules require service providers and their intermediaries, data centers, corporations, and government agencies to connect to the Network Time Protocol (NTP) server of the National Informatics Center (NIC) or National Physical Laboratory (NPL) — or with servers that can be traced back to one of those two servers — and synchronize their ICT system clocks with the government's.
These organizations will also need to start keeping logs for the previous 180 days and provide it to CERT-In if an incident occurs, the new guidelines said.
The tightening up of reporting rules is intended to close "certain gaps causing hinderance in incident analysis," the Ministry of Electronics & IT said in its statement announcing the new cybersecurity measures. "These directions shall enhance overall cyber security posture and ensure safe and trusted Internet in the country."
About the Author
You May Also Like