Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt

Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt

SUMMARY

Under the new guidelines, the Centre has made it compulsory for firms to report all cybercrimes within 6 hours of noticing any such incidents

The new orders also mandate companies to designate a Point of Contact to to interface with CERT-In

The new directions will enhance overall cyber security and ensure safe and trusted internet in the country: CERT-In

India’s cyber security agency Indian Computer Emergency Response (CERT-In) on Thursday (April 28) directed organisations to mandatorily report cybercrime incidents to it within six hours.

“Any service provider, intermediary, data centre, body corporate and government organisation shall mandatorily report cyber incidents… to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents,” CERT-In said. 

The new directions also mandate companies to designate a ‘Point of Contact’ to interface with CERT-In. Besides, they have also been asked to take action or provide information or assistance to CERT-In for cyber incident response, and protective and preventive actions related to cyber incidents which may contribute towards cyber security mitigation actions and enhanced cyber security situational awareness.

The new directions will come into effect after 60 days.CERT-In said the new directions were issued in the wake of various instances of cyber security incidents taking place from time to time and in order to coordinate response activities as well as emergency measures with respect to such incidents. “These directions shall enhance overall cyber security and ensure safe and trusted internet in the country.”

As per the latest order, all government bodies and service providers such as data centres will now be required to maintain a log of all Information Communication Technology (ICT) systems. The companies and organisations will also have to store the data securely for a rolling period of 180 days within the Indian jurisdiction. 

On the other hand, service providers such as data centres, cloud services and Virtual Private Networks (VPNs) will have to store data regarding their clients for a minimum period of five years. Besides, online services companies will have to maintain data related to IP addresses, validated addresses, contact numbers and even ownership patterns of companies hiring these services. 

The order also mandates crypto exchanges to maintain all information related to Know Your Customer (KYC) and financial transactions of its users for five years. 

The entities will have to furnish the details when asked by CERT-In. The failure to furnish the information or non-compliance with directions may invite punitive action under subsection (7) of the section 70B of the IT Act, 2000 and other laws as applicable, the order said.

CERT-In is an arm of the Ministry of Electronics and Information Technology (MeitY) which deals with cyber security threats and is tasked with security-related defence of the Indian internet.

CERT-In reported more than 2.12 Lakh cybersecurity incidents in the first two months of 2022. In comparison, 14.02 Lakh cyber security related incidents were reported across the country in total last year.

There has been an uptick in cyber attacks targeting key critical infrastructure in the country in recent times. In February 2021, it was reported that hackers stole the personal data of 4.5 Mn Air India passengers. In November last year, a cybersecurity firm alleged that personal and financial information of nearly 180 Mn PNB customers was left exposed for 7 months.

A Cisco report last year found that some Indian SMEs lost up to INR 7 Cr in cyber attacks between September 2020-September 2021.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt-Inc42 Media
Report Cyber Security Incidents Within 6 Hours To CERT-In: Govt-Inc42 Media
You’re in Good company