Everything You Need To Know About India’s New Guidelines Related to Cyber Incident Reporting by CERT-In | Ankura

On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In), a functional organization under the Ministry of Electronics and Information Technology (MeitY), Government of India issued directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet. [1]

The directions are issued to augment and strengthen cyber security in the country. The directions will be effective from June 27, 2022 (60 days from the date of issue).

  • Synchronization of time clocks to NTP servers of NIC – This is applicable to all service providers, intermediaries, data centers, body corporate and government organizations. For the servers and infrastructure hosted in India the time can be synced with the following:
    • National Informatics Centre (NIC):
      • samay1.nic.in
      • samay2.nic.in
    • National Physical Laboratory (NPL):
  • For servers and infrastructure outside India the time can be synced with the nearest server having atomic time. You may use https://pool.ntp.org/
  • While storing the logs of any device, application, database, etc. make sure the local time as , as well as the UTC time, is recorded in separate columns, if possible, along with time zone details alongside the timestamp.
  • Reporting Cyber Incidents in 6 hours to CERT-In – While many other developed countries expect the incidents to be reported in 48-72 hours, CERT-In has given a very aggressive time frame of 6 hours for reporting incidents. This means companies need to have a monitoring mechanism in place to identify cyber security incidents and a well-equipped incident response team along with an incident response plan must be in place. The relevant stakeholders should get immediate intimation in case of a suspected security breach, and they must be in a position to triage and avoid false positives. A readiness assessment can help check if the timeline can be met.
  • POC to Interact with CERT-In – Companies will need to assign a Point of Contact with whom CERT-In can communicate for any information. CERT-In has also provided a format in which such information needs to…