Security News > 2022 > April > India to require cybersecurity incident reporting within six hours
The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.
The most notable new requirement is that any internet service provider, intermediary, data center, or government organization, shall report these incidents to CERT-In within six hours of noticing them.
Finally, all system logs of the aforementioned service providers must be maintained securely within Indian jurisdiction for a rolling period of 180 days and shall be provided to CERT-In along with any security incident reports or when requested by the agency.
While the government's intent is noteworthy, complying with this directive will not be an easy task as it will require organizations to appoint additional staff and devote significant management time to meet the reporting requirements.
The industry is already grappling with a massive shortage of skilled cyber security professionals, and considering that a typical organization experiences several cyber-attacks daily, reporting each of these attacks to CERT-IN in a prescribed format could pose an operational challenge.
An automated incident reporting platform that allows individual organizations to submit their incident reports seamlessly to CERT-IN could help in ensuring more effective implementation.