India’s nodal cyber security agency, the Computer Emergency Response Team (CERT-In), has directed all service providers, intermediaries, data center providers, corporates and government organizations to report cyber incidents within six hours of detection.
The new instructions issued by CERT-In require virtual asset, exchange and custodian wallet providers to maintain KYC and records on financial transactions for a period of five years. Companies that provide cloud, virtual private networks (VPNs) must also register valid names, email and IP addresses of customers.
The directions have been issued under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000 after certain deficiencies were found in the CERT-In, which were “obstructing incident analysis”.
CERT-In said these directives will enhance the “overall cyber security posture” in the country and guarantee a “secure and reliable internet”.
CERT-In, under the Directions on Incident Reporting, stated that any action taken to mitigate the impact of a cyber incident would require service providers to provide information and support to CERT-In. The information is to be provided in a specified format and time frame, failing which it will be treated as non-compliance, warned CERT-In.
To ensure that the chain of events is accurately reflected in the time frame, service providers are required to connect all their ICT system clocks to the National Informatics Center (NIC) or the National Physical Laboratory’s Network Time Protocol (NTP) servers and has been asked to synchronize. NPL). NTP is a protocol used to reliably transmit and receive accurate time sources over TCP/IP-based networks. It is used to synchronize the internal clock of the computer with a common time source.
CERT-In has also directed the service providers to enable and securely maintain logs of all their ICT systems for a period of 180 days.
Cyber incidents that require mandatory reporting range from phishing attacks, identity theft, data breaches, data leaks, IoT attacks to targeted scanning of critical networks, critical systems compromised, websites malformed, or ransomware, such as spyware Malicious code attacks are included. crypto miner. CERT-In has listed 20 such incidents, which have to be reported directly to them through email or fax.
Cyber attacks on Indian organizations have more than doubled in recent years. For example, ransomware attacks on Indian organizations increased by 218% year-on-year (YoY) in 2021, security firm Palo Alto Networks reported.
In a Twitter post, Union Minister of State for Electronics and IT Rajiv Chandrashekhar said, “To effectively fight cybercrime, all companies and enterprises are mandated to report cyber incidents to Indian CERTs under Section 70B of the IT Act. Must report new cyber security directives for a secure and reliable internet.”