Indian Computer Emergency Response Team (CERT-In) Releases FAQs on Cyber Security Directions of 28.04.2022

·         Online Safety & Trust are important public policy objectives for Narendra Modi Government as India takes rapid strides towards $1 Trillion Digital Economy

·         Recently issued Cyber Security directions are just one piece in the overall Cyber Security Architecture

Rajeev Chandrasekhar, Minister of State for Electronics & Information Technology & Skill Development and Entrepreneurship, released a Frequently Asked Questions (FAQs) document on 18.05.2022. The document explains the nuances of the Cyber Security Directions of 28.04.2022 issued by CERT-In under sub-section (6) of section 70B of the Information Technology Act, 2000 for enabling better understanding of various stakeholders as well as to promote Open, Safe & Trusted and Accountable Internet in the country. The FAQs have been prepared in response to general queries received by CERT-In on the Cyber Security Directions issued on 28.04.2022.

While releasing the FAQs document, Shri Rajeev Chandrasekhar mentioned that Online Safety and Trust are important public policy objectives for the Narendra Modi Government. “As we take rapid strides towards achieving our target of $1 Trillion Digital Economy, it is equally important to ensure that Internet, which is presently accessed by 80 crore people and shall soon cover 120 crore people, remains open, safe & trusted and accountable”, he added.

In this context, the Government has undertaken many initiatives to create an atmosphere of online safety and trust to address cyber security by augmenting infrastructure, situational awareness of cyber threats, cyber security research and development, creating awareness and capacity building etc. For these programs an amount of Rs. 809.58 Crores have been spent during 2019-20 to 2021-22. An amount of Rs. 515 Crores is allocated for cyber security programs for the year 2022-23. MeitY is also  implementing a project entitled ‘Information Security Education and Awareness (ISEA) Project Phase II’ with an outlay of Rs. 96.08 crores with the objectives of capacity building in the area of information security, training of Government personnel and creation of mass information security awareness for various users. So far, a total of 78,021 candidates have been trained/under-going training in various formal/non-formal courses in Information Security through 52 institutions. Further, 5 Technical Universities participating under the project have reported around 2.74 lakh candidates as trained/ under-going training in formal courses in their respective affiliated colleges. So far, 22,881 Government personnel have been trained in the area of Information Security through direct/e-learning/VILT mode, which inter-alia includes 10,045 Government personnel of Central Ministries/Departments. So far, 1,360 awareness workshops have been conducted across the country covering 2,44,883 participants and 1,24,086 school teachers trained as Master Trainers in 41 training programmes. Around 5.75 crore estimated beneficiaries have been impacted through indirect mode.

Recently issued Cyber Security Directions are just one piece in the overall cyber security architecture that the Government is putting in place to counter emerging threats. “Cyber Security Rules were already in place but they are around 11 years old. 11 years is a long time in the internet era. Over this period, size, shape & dimension of Internet has changed significantly. The nature of user harms and risks in 2022 are different from what it used to be a decade back.  The perpetrators of cybercrime are both state and non-state actors with sinister designs. Rapid & Mandatory reporting of incidents is a must and a primary requirement for remedial action for ensuring stability and resilience of Cyber Space.”, said Rajeev Chandrasekhar

FAQ & its significance

This FAQs, consisting of 44 questions, endeavors  to respond to general queries on these Cyber Security Directions in a simple and easily understandable manner  towards  operationalisation of these directions to achieve the objective for  all the  relevant entities  and  common user.

The FAQ consists of primarily three sections, namely-

·         Section I: Basic Terminology and Scope of the Directions

·         Section II: Directions under sub-section (6) of section 70B of the IT Act, 2000

·         Annexure-I: Explanation for Types of Cyber Security Incidents to be Reported to CERT-In

Section I: comprises of the basic terminology and scope of the directions like- reason for these Cyber Security Directions; who do these Cyber Security Directions of 28.04.2022 apply to; the functions of CERT-In in the area of cyber security; method of reporting and format for incident reporting, etc.

Section II comprises of the nuances and explanations of the Cyber Security Directions like- areas the Cyber Security Directions cover; benefit of the directions to the users in the country; Do the directions affect the Right to Privacy of individuals; time frame for reporting and information to be shared while reporting incidents; various applicability aspects of these Cyber Security Directions; and clarifications related to logging requirements, time synchronization, and maintenance of specific information by entities, etc.

Annexure-I of the FAQs consists of an illustrative list of explanation of the types of incidents required to be reported to CERT-In.

The Cyber Security Directions of 28.04.2022 shall enhance overall cyber security posture and ensure Open, Safe & Trusted Internet in the country.

These FAQs on the Cyber Security Directions of 28.04.2022 are available at https://www.cert-in.org.in/Directions70B.jsp