Explorer

New Telecom Cyber Security Rules Notified, Govt Can Now Access Traffic Data, But Not Message Content — Details

The Telecom Cyber Security Rules mandate telecom entities to safeguard communications by implementing security measures, reporting incidents within 6 hours, and submitting user data and traffic information to authorised agencies.

The government has notified the telecom cyber security rules, that aim to safeguard India's communication networks and services, through a host of measures including specified timelines for telcos to report security incidents and make disclosures.

The rules also empower the central government/ its authorised agency to seek traffic data and any other data (other than the content of messages) from a telecom entity for the purpose of ensuring cyber security.

Telecom entities would also be required to adopt telecom cyber security policy, that would include security safeguards, risk management approaches, actions, training, network testing, and risk assessment.

"The central government, or any agency authorised by the central government, may, for the purposes of protecting and ensuring telecom cyber security, seek from a telecommunication entity, traffic data and any other data, other than the content of messages, in the form and manner as may be specified by the central government on the portal; and direct a telecommunication entity to establish necessary infrastructure and equipment for collection and provision of such data from designated points to enable its processing and storage," according to the rules framed under the new Telecom Act.

The government and any agency authorised by it to collect data under these rules, as well as persons with whom such data is shared, will place adequate safeguards to ensure that such data is stored and maintained in strict confidentiality and prevent any unauthorised access, it said.

The rules clearly outline telecom cyber security obligations.

"...no person shall endanger telecom cyber security by misuse of telecommunication equipment or telecommunication identifier or telecommunication network or telecommunication services or by fraud, cheating or personation; transmitting any message which is fraudulent; committing or intending to commit any security incident; engaging in any other use which is contrary to the provision, of any other law for the time being in force; or any other means which may have security risk on telecom cyber security," according to the rules," it said.

Under the rules, every telecom entity will be required to implement specified measures to ensure cyber security, including adopting a telecom cyber security policy (security safeguards, risk management approaches, actions, training, best practices and technologies, to enhance telecom cyber security).

The policy, it said, should also encompass telecom network testing including hardening, vulnerability assessment and risk assessment, identification and prevention of security incidents among other aspects.

The policy should entail a rapid action system to deal with security incidents including mitigation measures to limit the impact of such incidents; and forensic analysis of security incidents to ensure learnings from such incidents and further strengthening telecom cyber security.

Telecom entities would be required to appoint a Chief Telecommunication Security Officer, and report security incidents within six hours to the Centre along with "relevant details of the affected system including the description of such incident." In 24 hours of becoming aware of the security incident, telecom entities would be required to furnish information on a number of users affected, duration, geographical area, the extent to which the functioning of the network or service is affected; and the remedial measures taken or proposed to be taken.

As per the rules, a manufacturer of equipment that has an International Mobile Equipment Identity (IMEI) number, will register the number of such equipment manufactured in India with the government, before the first sale of such equipment.

A telecommunication entity has been defined as any person providing telecommunication services, or establishing, operating, maintaining, or expanding a telecommunication network, including an authorised entity holding an authorisation.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headlines

Delhi: Congress Releases Second List Of 26 Candidates, Names Ex-AAP MLAs Asim Khan, Devinder Sehrawat
Delhi Elections: Congress Releases Second List Of 26 Candidates, Fields AAP Turncoats
President Appoints Governors In 5 States, Ajay Bhalla Named Manipur Guv, Arif Mohammed Khan Shifted To Bihar
President Appoints Governors In 5 States, Ajay Bhalla Named Manipur Guv, Arif Shifted To Bihar
5 Jawans Killed After Army Vehicle Falls Into Gorge In J&K's Poonch, Several Others Injured
5 Jawans Killed After Army Vehicle Falls Into Gorge In J&K's Poonch, Several Others Injured
India Vs Pakistan Date & Venue Officially Confirmed For ICC Champions Trophy 2025! Marquee Fixture To Be Played At...
IND Vs PAK Date & Venue Officially Confirmed For ICC CT 2025! Marquee Fixture To Be Played At..
Advertisement
ABP Premium

Videos

Manu Bhaker expresses disappointment after not being included in Khel Ratna Award listKumar Vishwas targets Shatrughan Sinha family, sparks controversy with remarks on RamayanaDelhi Govt. issues guidelines regarding illegal Bangladeshi student admissions in schoolsSambhal News: Shahi Jama Masjid survey report won't be presented today, technical revisions ongoing

Photo Gallery

Embed widget