India’s cyber security agency Indian Computer Emergency Response (CERT-In) has directed organisations to mandatorily report cybercrime incidents to it within six hours. “Any service provider, intermediary, data centre, body corporate and government organisation shall mandatorily report cyber incidents… to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents,” CERT-In said.
The new directions also mandate companies to designate a ‘Point of Contact’ to interface with CERT-In. Besides, they have also been asked to take action or provide information or assistance to CERT-In for cyber incident response, and protective and preventive actions related to cyber incidents which may contribute towards cyber security mitigation actions and enhanced cyber security situational awareness.
The new directions will come into effect after 60 days.CERT-In said the new directions were issued in the wake of various instances of cyber security incidents taking place from time to time and in order to coordinate response activities as well as emergency measures with respect to such incidents. “These directions shall enhance overall cyber security and ensure safe and trusted internet in the country.”
As per the latest order, all government bodies and service providers such as data centres will now be required to maintain a log of all Information Communication Technology (ICT) systems. The companies and organisations will also have to store the data securely for a rolling period of 180 days within the Indian jurisdiction.
On the other hand, service providers such as data centres, cloud services and Virtual Private Networks (VPNs) will have to store data regarding their clients for a minimum period of five years. Besides, online services companies will have to maintain data related to IP addresses, validated addresses, contact numbers and even ownership patterns of companies hiring these services.
There has been an uptick in cyber attacks targeting key critical infrastructure in the country in recent times. In February 2021, it was reported that hackers stole the personal data of 4.5 Mn Air India passengers. In November last year, a cybersecurity firm alleged that personal and financial information of nearly 180 Mn PNB customers was left exposed for 7 months.