Why India needs strong cyber security norms to curb misuse of VPNs, Telecom News, ET Telecom

After the Indian Emergency Team (CERT-In) expressed concern over new cybersecurity directives, industry experts said on Sunday that if the new guidelines are strictly enforced, corporate and business virtual private networks (VPNs) will have to be sure to report several serious violations that will be excessive to help end users.

New cyber security standards require the reporting of cyber security incidents and misuse of VPNs.

Following the noise over the April 28 directives, the Ministry of IT’s CERT-In issued an updated document or frequently asked question, saying the new directives would only apply to general Internet users using commercially available VPNs.

CERT-In also clarified that the mandate to report cyber security incidents within six hours cannot be circumvented due to the company’s contractual obligations.

According to New Delhi cyber law expert Viragu Gupti, the current cyber security rules are 11 years old, a long time in the internet era.

“During this period, the shape and dimensions of the Internet have changed significantly. The perpetrators of cybercrime are both state and non-state actors with sinister designs,” Gupta told IANS.

Under the new policy, every service provider, intermediary, data center, corporate and government organization will be required to report cyber incidents within six hours.

“If the authorities properly enforce the conditions of the policy and if the cases are registered in accordance with the mandate of the law, then how will the police, digital laboratories and courts be able to deal with the huge number of cybercrime?” he asked.

Amid the debate, State Minister for Trade Unions for IT and Skills and Entrepreneurship Development Rajeev Chandrasekhar said it would have no impact on business sustainability.

“The only restriction is that VPNs are misused for criminal activities, VPN operators will have to cooperate and produce data on the person who committed the criminal activity,” the minister said on the sidelines of the Nasscom event in Ahmedabad on Saturday.

According to CERT-In, there are various types of other violations such as data breaches, data leaks, computer pollutant spread, identity theft, forgery, identity theft, distributed denial of service (DDoS) attacks on applications such as e-government, e – trade, etc.

According to the FAQ, quick and mandatory reporting of incidents is a necessary and primary condition for corrective actions to ensure the stability and resilience of cyberspace.

In a country targeting a $ 1 trillion digital economy and nearly 80 million people using the Internet, only 500,035 cybercrime cases were recorded in 2020, according to the National Bureau of Crime Records (NCRB).

According to the NCRB, only 4,047 cases of fraud in online banking, 1,093 OTP frauds and 578 incidents on fake news on social networks were reported in 2020.

“If these guidelines are strictly implemented, then all such violations will have to be reported,” Gupta said.