Virtual private network service providers that are not ready to comply with the new guidelines have the only option to exit from India, minister of state for electronics and IT Rajeev Chandrasekhar said.
Rajeev Chandrasekhar, while releasing FAQs (Frequently Asked Questions) on the recent directive on reporting of cyber breach incidents, said that every well meaning company or entity understands that a safe and trusted internet is going to help it.
Rajeev Chandrasekhar Said :
The ministry of electronics and IT has mandate cloud service providers, VPN (Virtual Private Network) firms, data centre companies and virtual private server providers to store users’ data for at least five years.
Some of the VPN companies have claim that the new rule may lead to cyber security loopholes in the system an argument which was reject by Rajeev Chandrasekhar.
Rajeev Chandrasekhar said that the government is also not going to make any change in the rules on mandating entities to report cyber breach in their system within six hours of learning about it.
Rajeev Chandrasekhar Said :
US-base technology industry body ITI, having global tech firms such as Google, Facebook, IBM and Cisco as its members, has sought a revision in the Indian government’s directive on reporting of cyber security breach incidents.
ITI said that the provisions under the new mandate may adversely impact organisations and undermine cyber security in the country.
The industry body has ask for a wider stakeholder consultation with the industry before finalising on the directive.
Indian Computer Emergency Response Team (CERT-In) on 28th April 2022, issue a directive asking all government and private agencies, including internet service providers, social media platforms and data centres, to mandatorily report cyber security breach incidents to it within six hours of noticing them.
The new circular issue by the CERT-In mandates all service providers, intermediaries, data centres, corporates and government organisations to mandatorily enable logs of all their ICT (Information and Communication Technology) systems and maintain them securely for a rolling period of 180 days, and the same shall be maintain within the Indian jurisdiction.
ITI has raise concerns over the mandatory reporting of breach incidents within six hours of noticing, to enable logs of all ICT systems and maintain them within Indian jurisdiction for 180 days, the overbroad definition of reportable incidents and the requirement that companies connect to the servers of Indian government entities.