Indian Computer Emergency Response Team (CERT-In) vide its circular dated 28 Apr 2022, has directed entities have to comply with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection. The rule is applicable to service providers, intermediaries, datacenter operators, companies and government organizations. Read the circular here.(Click Here….).
CERT-In has been reporting a three-fold increase in cyber incident across India, and also large number of increased attempts on Critical Infrastructure of the country. Majority of them are on Web Application, Mobile Applications and APIs. According to a report of a prominent foreign vendor: It was reported that there has been a global trend and surge largely driven by Local File Inclusion (LFI) attacks, which surged past Structured Query Language Injection (SQLI) attacks to become the most prevalent web attack vector since mid-2021.
The guidelines issued for strict compliance of the CERT-In 28 April 2022 directive, are as per the provisions of Sec 70B of the IT Act. The National Infosec Agency, stated the short deadline is needed as it has identified “certain gaps causing hindrance in incident analysis”. Union Minister of State for Electronics and IT, Shri Rajeev Chandrasekhar has quoted on microblogging platform Twitter as “To effectively fight cybercrime, all companies n enterprises must mandatorily report cyber incidents to @IndianCERT, New #CyberSecurity directions for a #SafeAndTrusted Internet issued under Sec 70b of IT Act”.
A “Cyber Incident” is defined under the Information Technology (The Indian Computer Emergency Response Team and Manner of performing functions and duties) Rules as “any real or suspected adverse event in relation to cybersecurity that violates an explicitly or implicitly security policy resulting in unauthorized access, denial of service or disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.”
In the statement issued by CERT-In, it was also mentioned that; during the course of handling cyber incidents and interactions with the constituency, CERT-In has identified certain gaps causing hindrance in incident analysis. To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. This step by the Government of India will ensure that the incident analysis, especially the impact analysis, is undertaken at a faster pace for proactive security of the Indian Cyberspace.