Do you know, it is mandatory by IT Act to report a cyber-attack to CERT -In!

Who is CERT – In?

The Indian Computer Emergency Response Team, it is formed as per the IT (Information Technology) act 2000 and they shall be a part of and function under the administrative control of Department of Electronics and Information Technology, Ministry of Communications and Information Technology and located in New Delhi.

Cyber Security Incident:

Cyber incident means any real or suspected adverse event that is likely to cause or causes an offence or contravention, harm to critical functions and services across the public and private sectors by impairing the confidentiality, integrity or availability of electronic information, systems, services or networks resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource,  changes to data or information without authorisation; or threatens public safety, undermines public confidence, have a negative effect on the national economy, or diminishes the security posture of the nation.

Who should report?

Service providers, intermediaries, data centres and corporate bodies (there is no definition for corporate body – hence all companies will come under this act) shall report the cyber security incident to CERT in within a reasonable time of occurrence or noticing the incident to have scope for timely action.

Types of cyber security incidences need to be reported to CERT -In:

∙       Targeted scanning probing of critical networks systems 

∙       Compromise of critical systems / informations 

∙       Unauthorised access of IT systems / data 

∙       Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc. 

∙       Malicious code attacks such as spreading of virus / Trojan / botnets / spyware

∙       Attacks on server such as database, mail and DNS and network devices such as routers 

∙       Identity theft, spoofing and phishing attacks 

∙       Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks 

∙       Attacks on critical infrastructure SCADA systems and wireless networks 

∙       Attacks on applications such as E-governance 

What will CERT -In do?

CERT in will provide directions or advisories and processes to follow after the cyber incident to the corporate bodies, intermediaries, data centres or service providers and they should follow those directions or advisories and report back to CERT in regarding the course of action after the cyber incident.

Non-Compliance as per CERT -In directions or advisories:

Non Compliance leads to actions through court of law which will result in hefty fines or penalties. 

Conclusion:

Most of the time in India we will get to know about a rule/law at the time of an incident or accident.

Then all compliances and statutes will come in the picture to make the situation even worse.

Once a cyber incident happens the insurer will appoint a forensic team (which takes control of the situation) along with a legal team which responds to compliances and legalities. 

It is prudent to buy a Cyber Security policy which responds to government bodies as well as the hackers in case of a ransomware attack.