Net breach alert in 6 hours

A CERT-In statement said the entities must maintain a log book of all their ICT systems for a rolling period of 180 days

Our Special Correspondent New Delhi Published 29.04.22, 04:01 AM

Representational image File Photo

The government has made it mandatory for all government and private agencies, including internet service providers, social media platforms and data centres, to report within six hours any cyber security breach incident to nodal agency Indian Computer Emergency Response Team (CERT-In).

A CERT-In statement said the entities must maintain a log book of all their ICT (Information and Communication Technology) systems for a rolling period of 180 days. This should be maintained within the Indian jurisdiction. The log should be provided to CERT-In along with reporting of any incident or when directed by the computer emergency response team.

Besides, data centres, virtual private server (VPS) providers, cloud service providers and virtual private network service (VPN Service) providers need to register the accurate information related to subscriber names, customer hiring the services, ownership pattern of the subscribers and maintain them for five years or a longer duration as mandated by the law.

“Many times during LEA (Law Enforcement Agency) requests and investigations, we have seen cases of non-storage or availability of data and proper records with intermediaries and service providers. These guidelines will streamline the date records to be maintained and proper reporting of security incidents to CERT-In,” said Jiten Jain, director of Digital Lab of Voyager Infosec.

CERT-in said “the failure to furnish the information or non-compliance with the directions, may invite punitive action under sub-section (7) of the section 70B of the IT Act, 2000 and other laws”.

The IT Act states that failure to comply “shall be punishable with imprisonment for a term which may extend to one year or with fine which may extend to one lakh rupees or with both”.

CERT-in will serve as the national agency in the area of cyber security under the Information Technology (IT) Act, 2000, the ministry of electronics and IT (MeitY) said .

“These directions will become effective after 60 days. These directions shall enhance overall cyber security,” it said. There have been several incidents of data breach in Indian entities that have led to leak of personal data of crores of individuals.

Net breach alert in 6 hours

A CERT-In statement said the entities must maintain a log book of all their ICT systems for a rolling period of 180 days

RELATED TOPICS

SC seeks clarification from EC on functioning of EVMs, calls poll panel official at 2pm

Tiger, Tiger burning bride: Bengal government's pension eludes 'forgotten' widows

Delhi minister Saurabh Bharadwaj to meet Arvind Kejriwal in Tihar Jail today

Have you ever seen Congress snatching anyone’s mangalsutra when we were in power?

Kashmiri kingsmen deal: Pro-BJP parties join hands against National Conference, PDP

US Senate passes $95.3 billion package for Ukraine, Israel, Taiwan and Indo-Pacific

Italy’s new abortion law is a lesson in how Prime Minister Giorgia Meloni governs

Sensex climbs 242 points to 73,980 in early trade; Nifty advances 63 points to 22,431

Mumbai: Cyber police register case against X user over Ranveer Singh's deepfake video

Patanjali ads case: Supreme Court pulls up IMA, grills team Ramdev over size of apology

US state department points ‘antisemitic’ finger at PM Narendra Modi's government

Karnataka: Allies-turned-foes Congress, Janata Dal Secular in high-stakes battle in Mandya