Select Page

India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centres, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours.

“Any service provider, intermediary, data centre, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents,” the government said in a release.

The types of incidents that come under the ambit include, inter alia, compromise of critical systems, targeting scanning, unauthorized access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances like routers and IoT devices.

images from Hacker News