CERT-In's New Six-Hour Time Frame : Daily Current Affairs

Relevance: GS-3: Challenges to internal security through communication networks, basics of cyber security.

Key Phrases: CERT-In, Information Technology Act, 2000, CERT-IN Directions, Cyber-attacks and threats, Deepfakes and cryptocurrency, Applicable Entities, Cyber incidents, Cyber security, Data breaches, DDoS Attack, Malware, National Cyber Security Strategy 2020, National Critical Information Infrastructure Protection centre.

Why in News?

The Indian Computer Emergency Response Team (CERT-In) recently issued a set of new directions under the Information Technology Act, 2000 (IT Act), in relation to information security practices, procedure prevention, response and reporting of cyber incidents for safe and trusted internet (CERT-IN Directions).

Cyber incidents in India:

India saw an exponential rise in the cyber security incidents amid the coronavirus pandemic.
Indian Computer Emergency Response Team (CERT-In) showed that such attacks saw a four-fold jump in 2018 and recorded an 89 per cent growth in 2019.
India witnessed over 18 million cyber attacks and threats, at an average of nearly 200,000 threats every day, in the first three months of 2022. The numbers in India went from 1.3 million in February 2020 to 3.3 million in March 2020.
CERT-In has reported over 2.12 lakh cyber security cases within Jan-Feb 2022 in comparison to 14.02 lakh in total last year.
Deepfakes and cryptocurrency-related scams were among the most prevalent around the world.

CERT-In's New Six-Hour Time Frame:

CERT-IN Directions mandate service providers, intermediaries, data centres and body corporates (Applicable Entities) to mandatorily report cyber incidents within six hours of noticing such incidents.
Applicable Entities enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days.
They are also required to report cyber security incidents (prescribed under CERT-IN Directions), on meeting the following threshold:
- cyber incidents and cyber security incidents of severe nature (such as denial of service, distributed denial of service, intrusion, spread of computer contaminant including ransomware) on any part of the public information infrastructure, including backbone network infrastructure.
- Data breaches or data leaks.
- Large-scale or most frequent incidents such as intrusion into computer resources, websites etc.
- cyber incidents impacting the safety of human beings.

Types of Cyber Security threats:

DDoS Attack: A DDoS or Distributed Denial of Service Attack is when cyber-criminals overwhelm a network or its servers by sending too much traffic. This prevents the network from handling valid requests and makes the entire system unusable. It can completely stop organizations
Malware: This malicious software can include computer viruses, spyware, Trojan horses, worms, and any other program or file that can harm the computer. Malware is commonly spread by downloads that seem legitimate or attachments in emails.
Botnets are numerous computers infected with malware that form a network. Cyber-criminals use them to perform online tasks without the permission of the devices’ owners.
Ransomware will lock data and files and threaten to leave the files locked or delete them unless the victim sends payment.
Spyware records the actions of a user, such as gathering credit card information.
Trojans are malware but disguised to appear as legitimate software. After being uploaded, they collect data or cause damage
Phishing: This type of cyber security threat involves sending fake emails from seemingly legitimate sources to get information such as credit card details or passwords.
Social Engineering: This type of attack tricks users to break security procedures by using human interactions. Cyber criminals commonly combine social engineering attacks with others, such as phishing, to increase the chances of the victim clicking on a link or downloading a file.
SQL Injection: SQL stands for Structured Query Language. A SQL injection aims to perform actions on data in a database and potentially steal it. It involves inserting malicious code via SQL statements, taking advantage of data-driven applications’ vulnerabilities. Exploitation of systems, networks and technologies.

Challenges to companies:

New guidelines are likely to pose challenges to companies in terms of adhering to the six-hour rule. Some of these challenges are:

Inadequate infrastructure and resources:
- Not all companies will be able to build capacities for large scale data collection, storage and management of consumer data to report cases within six hours.
Guidelines are aggressive compared to other global standards:
- For instance, Singapore's data protection law stipulates reporting cyber breaches within three days - the same as General Data Protection Regulation's law.
- United States and the European Union each of those regions allow for 72 hours to pass after an incident before reporting.
Cybercrime is increasingly complex to detect:
- It can take companies days and even months to discover a cyber security breach. Further, the new guidelines have expanded the list of mandatorily reportable incidents from 10 to 20, including attacks on IoT devices.
Currently, many companies lack an integrated technology and devices framework that can track breaches across platforms and devices, thereby amplifying the challenges in detecting and tracking incidents.
Many Indian organisations lack specialist cybersecurity tools and professionals to comply with CERT-In’s requirements.

Steps Taken to reduce cyber Incident:

National Cyber Security Strategy 2020:
- To improve cyber awareness and cyber security through more stringent audits. Under the policy, empanelled cyber auditors will carefully look at the security features of organisations.
National Cyber Security Policy -2013:
- The policy aims at facilitating creation of secure computing environment and enabling adequate trust and confidence in electronic transactions and also guiding stakeholders actions for protection of cyber space.
Cyber Swachhta Kendra:
- The "Cyber Swachhta Kendra" (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India's Digital India initiative under the MeitY to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections.
Cyber Surakshit Bharat Programme:
- It aims to strengthen the cyber security ecosystem in Government organizations in the country. It was conducted by the NeGD under the Ministry of Electronics and Information Technology (MeitY).
CERT-IN (Computer Emergency Response Team) under MEITy for swift action against ongoing cyber attacks.
NCCC (National Cyber Coordination Centre) for threat analysis.
NCIIPC (National Critical Information Infrastructure Protection centre) for critical infrastructure protection.
Internet Governance Forum for bringing all stakeholders together for bettering internet governance.

Way forward:

It’s debatable whether India’s legislation has gone too far. Demanding reports within six hours of identifying a breach won’t be easy, and with an existing shortage of cybersecurity specialists in India, organisations will need to compete for talent.
However, this will push Indian organisations to improve their security posture. Tools like Singularity XDR, which extends beyond the endpoint with end-to-end enterprise visibility and protection will start to be deployed more effectively, protecting every corner of the enterprise.
Powered by machine learning, Singularity XDR makes the technology autonomous, thus enabling organisations to achieve machine-speed cybersecurity with any kind of staffing model. From our perspective, improving cybersecurity and reducing threats is always the right response.

Source: Live-Law

Mains Question:

Q. How CERT-In's New Six-Hour Time Frame to Report Cyber Incidents improve Cyber security in India?