Indian Computer Emergency Response Team (CERT-In) can play a vital role in strengthening the cyber security of the country. Explain (200 Words)
Refer - The Indian Express
Enrich the answer from other sources, if the question demands.
IAS Parliament 2 years
KEY POINTS
· Indian Computer Emergency Response Team (CERT-In) issued “directions” under Section 70-B(6) of the Information Technology Act 2000 (IT Act) relating to information security practices, procedure, prevention, response and reporting of cyber incidents.
· While the overall thrust towards a robust cyber incident reporting and security regime is prudent, some of the provisions in the absence of clarification from CERT-In have raised concerns amongst industry observers and cyber security experts.
· For some time now, CERT-IN has been struggling to get information and incident reporting from service providers, intermediaries as well as body corporates as per the rules and its mandate under section 70B(4) of the IT Act.
· A window of 60 days has been provided before implementation of these compliances begins. Given the scale of the revamp, this might be too short a window. The government must look at the concerns that arise from such directions and work out a realistic time scale.
· This is also going to significantly affect organisations that have maintained their servers offshore, although the move is in line with the government’s stated objective of localising data storage.
· While CERT-In has been proactive in recognising the changing frontiers of technology and trying to deal with hitherto unknown cyber threats, it is wanting in terms of a graded approach to ensuring compliance.
