As per new guidelines issued under Section 70B of the IT Act, all companies and enterprises will mandatorily have to report all cyber incidents to the Indian Computer Emergency Response Team (CERT-In). This move aims at ensuring coordinated response activities as well as emergency measures with respect to cyber security incidents.
During the course of handling cyber incidents and interactions with the constituency, CERT-In has identified certain gaps causing hindrance in incident analysis. To this end, CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000.
All service providers, intermediaries, data centres, body corporate and government organisations shall mandatorily enable logs of all their information communication technology (ICT) systems and maintain them securely for a rolling period of 180 days within the Indian jurisdiction. Also, as per the guidelines these should be provided to CERT-In along with reporting of any incident or when ordered / directed by CERT-In. The rules will come into effect 60 days after being issued.
Meanwhile, other directives include synchronisation of ICT system clocks, maintenance of logs of ICT systems; subscriber/customer registrations details by data centres, virtual private server (VPS) providers, VPN service providers, cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. The list of cyber incidents to be reported include data leaks and breaches, attacks on mobile apps, unauthorised access of IT systems and identify theft and phishing attacks.