CERT-In releases FAQs to address queries on Cyber Security Directions of 28.04.2022

May 18:Shri Rajeev Chandrasekhar, Minister of State for Electronics & Information Technology & Skill Development and Entrepreneurship, released a Frequently Asked Questions (FAQs) document here today i.e. on 18.05.2022. The document explains the nuances of the Cyber Security Directions of 28.04.2022 issued by CERT-In under sub-section (6) of section 70B of the Information Technology Act, 2000 for enabling a better understanding of various stakeholders as well as to promote Open, Safe & Trusted, and Accountable Internet in the country. The FAQs have been prepared in response to general queries received by CERT-In on the Cyber Security Directions issued on 28.04.2022.

Picture 1

While releasing the FAQs document, Shri Rajeev Chandrasekhar mentioned that Online Safety and Trust are important public policy objectives for the Narendra Modi Government. “As we take rapid strides towards achieving our target of $1 Trillion Digital Economy, it is equally important to ensure that Internet, which is presently accessed by 80 crore people and shall soon cover 120 crore people, remains open, safe & trusted and accountable”, he added.

In this context, the Government has undertaken many initiatives to create an atmosphere of online safety and trust to address cyber security by augmenting infrastructure, situational awareness of cyber threats, cyber security research, and development,  creating awareness and capacity building, etc. For these programs an amount of Rs. 809.58 Crores have been spent during 2019-20 to 2021-22. An amount of Rs. 515 Crores is allocated for cyber security programs for the year 2022-23. it is also implementing a project entitled ‘Information Security Education and Awareness (ISEA) Project Phase II’ with an outlay of Rs. 96.08 crores with the objectives of capacity building in the area of information security, training of Government personnel, and creation of mass information security awareness for various users. So far, a total of 78,021 candidates have been trained/undergoing training in various formal/non-formal courses in Information Security through 52 institutions. Further, 5 Technical Universities participating in the project have reported around 2.74 lakh candidates as trained/ under-going training in formal courses in their respective affiliated colleges. So far, 22,881 Government personnel have been trained in the area of Information Security through direct/e-learning/VILT mode, which inter-alia includes 10,045 Government personnel of Central Ministries/Departments. So far, 1,360 awareness workshops have been conducted across the country covering 2,44,883 participants and 1,24,086 school teachers trained as Master Trainers in 41 training programs. Around 5.75 crore estimated beneficiaries have been impacted through indirect mode.

Recently issued Cyber Security Directions are just one piece in the overall cyber security architecture that the Government is putting in place to counter emerging threats. “Cyber Security Rules were already in place but they are around 11 years old. 11 years is a long time in the internet era. Over this period, the size, shape & dimension of the Internet has changed significantly. The nature of user harm and risks in 2022 is different from what it used to be a decade back.  The perpetrators of cybercrime are both state and non-state actors with sinister designs. Rapid & Mandatory reporting of incidents is a must and a primary requirement for remedial action for ensuring stability and resilience of Cyber Space.”, said Rajeev Chandrasekhar

FAQ & its significance

This FAQ, consisting of 44 questions, endeavors to respond to general queries on these Cyber Security Directions in a simple and easily understandable manner towards operationalization of these directions to achieve the objective for all the relevant entities and common users.

The FAQ consists of primarily three sections, namely-

  • Section I: Basic Terminology and Scope of the Directions
  • Section II: Directions under subsection (6) of section 70B of the IT Act, 2000
  • Annexure-I: Explanation for Types of Cyber Security Incidents to be Reported to CERT-In

Section I comprises the basic terminology and scope of the directions like- the reason for these Cyber Security Directions; who do these Cyber Security Directions of 28.04.2022 apply to; the functions of CERT-In in the area of cyber security; method of reporting and format for incident reporting, etc.

Section II comprises the nuances and explanations of the Cyber Security Directions like- areas the Cyber Security Directions cover; the benefit of the directions to the users in the country; Do the directions affect the Right to Privacy of individuals; the time frame for reporting and information to be shared while reporting incidents; various applicability aspects of these Cyber Security Directions; and clarifications related to logging requirements, time synchronization, and maintenance of specific information by entities, etc.

Annexure-I of the FAQs consists of an illustrative list of explanations of the types of incidents required to be reported to CERT-In.

The Cyber Security Directions of 28.04.2022 shall enhance the overall cyber security posture and ensure Open, Safe & Trusted Internet in the country.

These FAQs on the Cyber Security Directions of 28.04.2022 are available at https://www.cert-in.org.in/Directions70B.jsp

*****

Disclaimer: We donot claim that the images used as part of the news published are always owned by us. From time to time, we use images sourced as part of news or any related images or representations. Kindly take a look at our image usage policy on how we select the image that are used as part of the news.