India firms to report cyber incidents within six hours of detection
India’s nodal cybersecurity agency, the Computer Emergency Response Team (CERT-In), has mandated all service providers, intermediaries, data centres, body corporates, and government organisations to report cyber incidents within six hours of detection. The incident can be reported through email, phone, or fax. These directions will become effective from 27 July 2022.
Service providers are mandated to take action or provide information on any action taken against the cybersecurity incident to CERT-In in a particular format and a specified timeframe, failing which it would be treated as non-compliance. All service providers, data centres, and government organisations are asked to designate a point of contact (POC) to interface with CERT-In. All communications from CERT-In will then be sent to the POC.
Organisations should also mandatorily enable logs of all their ICT systems and maintain them securely within Indian jurisdiction for a rolling period of 180 days, the statement said. It should then be provided to CERT-In along with the reporting of any cyber incident or when ordered.
Over 70% of Indian firms suffered ransomware attacks last year
The latest report by Sophos highlights that 78% of Indian firms have suffered ransomware attacks in the last year, higher than the global average of 66%, up from 37% in 2020. Globally, attackers succeeded in encrypting data in 65% of the attacks in 2021.
The report also mentioned that India paid an average of US$1,198,475 of ransom money. The number of victims and ransom payments continued to increase in 2021.
The average expense of recovering from an incident declined by 17% to US$2.8 million in 2021 from US$3.4 million in 2020 in India. However, the number still remains significantly high and calls for better security measures in Indian firms.
VPN providers to store user data for five years
Virtual private network (VPN) companies will now have to collect and store user data including user’s home address, IP address, and usage patterns for five years, as ordered by the Ministry of Electronics and Information Technology (MeitY).
Meity has given VPN providers a window of 60 days, ending on July 27, 2022, to make the necessary arrangements. Providers will have to store a user’s data even if the user cancels the subscription. Failure to do so will lead to imprisonment of concerned authorities for up to a year. The step was taken to coordinate response activities and emergency measures concerning cybersecurity incidents.
CERT-In has also asked data centres, virtual private server providers, cloud service providers, and VPN providers to store and maintain certain user data for 5 years or longer.
If implemented, VPN providers will have to switch to storage servers which will also mean higher costs for the companies. It could also result in VPN services increasing subscription costs to cover the storage expenses.
5G spectrum auctions in June, services rollout in August or September
In what seems to be a very optimistic statement, telecom minister Ashwini Vaishnaw has said that the 5G airwaves auction will be held in June 2022 and added that the commercial rollout is expected to be from August or September.
In the past, network operators had expressed their displeasure on the high pricing of spectrum and had requested TRAI to reduce the prices by 90%. However, TRAI in its recommendations reduced the pricing only by 35% to 40%, following which the cellular operators association of India (COAI) expressed disappointment. Vaishnaw has said the industry’s demand for further reduction would be deliberated in a logical manner.
The recommendation from TRAI is to be approved by the Digital Communications Commission (DCC), which will take a call on it soon. TRAI will be made aware of DCC’s decision. The ministry has already worked on the draft invitation for 5G tenders, according to Vaishnaw.
India, Germany to work together on AI research
India and Germany will work together with a focus on AI start-ups and research and its application in sustainability and healthcare. The announcement came after India’s Minister for Science and Technology and Earth Sciences Jitendra Singh held bilateral talks with the German minister for education and research, Bettina Stark-Watzinge.
Experts from both countries have already met to explore the work to be done in AI and an Indo-German call for proposals would soon be raised inviting proposals from researchers and industry.