Chennai: Global business groupings concerned over what they term as the " onerous " nature of the recent directives by India's cybersecurity watchdog have told the central government that the provisions could have a “detrimental impact on cybersecurity” for organizations that operate in India.
In a letter to Sanjay Bahl , Director General of the CERT-In (Indian Computer Emergency Response Team) on Thursday, co-signed by bodies such as US Chamber of Commerce, US-India Business Council, US-India Strategic Partnership Forum and techUK and others, they said CERT-In’s requirements may also make it more difficult for companies to do business in India.
This will create a disjointed approach to cybersecurity across jurisdictions, which in turn will undermine the security posture of India and its allies in the Quad countries (Japan, Australia, India and the US), Europe and beyond, the letter—reviewed by ET—stated.
It also pointed out that the recently released FAQs by the cybersecurity watchdog do not carry the force of law and do not offer enough assurance to businesses operating in India.
“If left unaddressed, these provisions will have a significant adverse impact on organizations that operate in India with no commensurate benefit to cybersecurity,” the groupings said.
Among the contentious requirements are the mandate to report cybersecurity incidents within a 6-hour timeline and what the letter termed as the ‘overbroad’ definition of reportable incidents.
Further, it said that the requirement for companies to furnish sensitive logs to the CERT-In and respond to an incident as mandated by the agency were also raising alarm. It also highlighted the requirement for Virtual Service Providers (VSP), Cloud Service Providers (CSP), and Virtual Private Network (VPN) providers to record certain subscriber information for at least 5 years after service cancellation as an area of concern.
"The technical requirements put forward in the directive will make cybersecurity worse, not better,” Ari Schwartz, Coordinator, Cybersecurity Coalition said. “The sheer volume of information required, wasted resources and fragmented approach will damage the global cybersecurity ecosystem and make us all less safe."
The other associations include the Asia Securities Industry & Financial Markets Association (ASIFMA), Bank Policy Institute, BSA – The Software Alliance, Coalition to Reduce Cyber Risk (CR2) Cybersecurity Coalition, Digital Europe and the Information Technology Industry Council (ITI). The associations represent a broad cross-section of industry, spanning businesses of different sizes, different sectors and from countries including the EU, UK, and the US.
They also made a point that stakeholder engagement is a ‘crucial element of regulatory policy,’ particularly relevant in highly technical and impactful areas of policymaking such as cybersecurity.
“We look forward to engaging with you further regarding these concerns and respectfully encourage you to delay the effective date of the Directive and the associated implementation requirements for the underlying provisions until further consultations with stakeholders have taken place,” the associations said.
The industry groupings also requested CERT-In to remove the provision that mandates connection to NTP servers while encouraging the agency to establish a ‘feasible incident reporting timeline’ of at least 72 hours.
It also flagged concerns about the requirement to furnish voluminous log data saying it will impose a huge burden on organizations' security teams in an environment where security resources (including personnel) are at a premium.
- India narrative presents huge opportunities in the post-Covid world: Manoj Ladwa, CEO, India Inc. Group
- India Global Week 2020: This is an India that is reforming, performing and transforming says PM Modi
- Lakes at Legacy development in Baton Rouge to go before planning group -- and some aren't happy
- A Great Global Group Selection Experiment
- Aramco seeks 20 per cent cut in Reliance's O2C business valuation; deal hits roadblock
- JR Compliance – Helping Indian businesses expand global outreach
- Washington Redskins' name change happened fast, but it was decades in the making
- India sends notice to Twitter; demands details of Indians impacted by last week’s global hack
- Govt issues notice to Twitter after recent hack targeting global high-profile users
- Hiranandani Group opens giant data centre in Mumbai
- Barcodes indispensable in global e-commerce
- India facing more cyber attacks from China and Pakistan since nationwide lockdown
- VIETNAM'S BUSINESS NEWS HEADLINES JULY 11
- Compliancy Group Creates New Guidance for HIPAA Compliance for Business Associates
- VIETNAM'S BUSINESS NEWS HEADLINES JULY 17
- VIETNAM'S BUSINESS NEWS HEADLINES JULY 20
- VIETNAM'S BUSINESS NEWS HEADLINES JULY 12
- VIETNAM'S BUSINESS NEWS HEADLINES JULY 18
- India’s painful economic recovery: Million cases, trillions of rupees lost and counting
- Coronavirus crisis: A million that changed India in countless ways
CERT-In's requirements may make it difficult to do business in India: Global groupings have 758 words, post on www.gadgetsnow.com at May 28, 2022. This is cached page on TechNews. If you want remove this page, please contact us.