Explorer

New Telecom Cyber Security Rules Notified, Govt Can Now Access Traffic Data, But Not Message Content — Details

The Telecom Cyber Security Rules mandate telecom entities to safeguard communications by implementing security measures, reporting incidents within 6 hours, and submitting user data and traffic information to authorised agencies.

The government has notified the telecom cyber security rules, that aim to safeguard India's communication networks and services, through a host of measures including specified timelines for telcos to report security incidents and make disclosures.

The rules also empower the central government/ its authorised agency to seek traffic data and any other data (other than the content of messages) from a telecom entity for the purpose of ensuring cyber security.

Telecom entities would also be required to adopt telecom cyber security policy, that would include security safeguards, risk management approaches, actions, training, network testing, and risk assessment.

"The central government, or any agency authorised by the central government, may, for the purposes of protecting and ensuring telecom cyber security, seek from a telecommunication entity, traffic data and any other data, other than the content of messages, in the form and manner as may be specified by the central government on the portal; and direct a telecommunication entity to establish necessary infrastructure and equipment for collection and provision of such data from designated points to enable its processing and storage," according to the rules framed under the new Telecom Act.

The government and any agency authorised by it to collect data under these rules, as well as persons with whom such data is shared, will place adequate safeguards to ensure that such data is stored and maintained in strict confidentiality and prevent any unauthorised access, it said.

The rules clearly outline telecom cyber security obligations.

"...no person shall endanger telecom cyber security by misuse of telecommunication equipment or telecommunication identifier or telecommunication network or telecommunication services or by fraud, cheating or personation; transmitting any message which is fraudulent; committing or intending to commit any security incident; engaging in any other use which is contrary to the provision, of any other law for the time being in force; or any other means which may have security risk on telecom cyber security," according to the rules," it said.

Under the rules, every telecom entity will be required to implement specified measures to ensure cyber security, including adopting a telecom cyber security policy (security safeguards, risk management approaches, actions, training, best practices and technologies, to enhance telecom cyber security).

The policy, it said, should also encompass telecom network testing including hardening, vulnerability assessment and risk assessment, identification and prevention of security incidents among other aspects.

The policy should entail a rapid action system to deal with security incidents including mitigation measures to limit the impact of such incidents; and forensic analysis of security incidents to ensure learnings from such incidents and further strengthening telecom cyber security.

Telecom entities would be required to appoint a Chief Telecommunication Security Officer, and report security incidents within six hours to the Centre along with "relevant details of the affected system including the description of such incident." In 24 hours of becoming aware of the security incident, telecom entities would be required to furnish information on a number of users affected, duration, geographical area, the extent to which the functioning of the network or service is affected; and the remedial measures taken or proposed to be taken.

As per the rules, a manufacturer of equipment that has an International Mobile Equipment Identity (IMEI) number, will register the number of such equipment manufactured in India with the government, before the first sale of such equipment.

A telecommunication entity has been defined as any person providing telecommunication services, or establishing, operating, maintaining, or expanding a telecommunication network, including an authorised entity holding an authorisation.

Top Headlines

CPIM Leader Meenakshi Moves Calcutta High Court After Egg Attack On Her Car
CPIM Leader Meenakshi Moves Calcutta High Court After Egg Attack On Her Car
Delhi HC’s Relief To Sukesh Chandrashekhar Aide, Bail Granted In Rs 200 crore Extortion Case
Delhi HC’s Relief To Sukesh Chandrashekhar Aide, Bail Granted In Rs 200 crore Extortion Case
ISIS-AQIS Links? NIA Sweeps 20 Locations Nationwide In Major Terror Probe
ISIS-AQIS Links? NIA Sweeps 20 Locations Nationwide In Major Terror Probe
Delhi, Mumbai grapple with monsoon havoc; 11 feared trapped in Pune building collapse amid heavy rain
Delhi, Mumbai grapple with monsoon havoc; 11 feared trapped in Pune building collapse amid heavy rain

Videos

Ayodhya Watch: Govind Dev Giri Meets Champat Rai as Temple Donation Probe Draws Fresh Focus
Global Flash: Iran Rejects Trump’s Warning as New Statements Signal Rising Diplomatic Tensions
Global Alert: Strategic Iranian Sites Hit as Fresh Gulf Escalation Raises Global Security Concerns
Global Tension: US-Iran Frictions Deepen as Regional Security Concerns Rise During State Funeral
Monsoon Alert: Torrential Rain Floods Cities as Rising Waters Leave Large Parts of India Struggling

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget