India’s cybersecurity agency, the Computer Emergency Response Team (CERT-In), will require government organizations, corporations, service providers, data centers, and intermediaries to report cyber incidents within six hours.
“To effectively fight cybercrime, all companies and enterprises must mandatorily report cyber incidents to IndianCERT New CyberSecurity directions for a SafeAndTrusted Internet issued under Sec 70b of IT Act,” Rajeev Chandrasekhar, Union minister of state for electronics and IT said.
In recent years, cyberattacks in India have increased significantly. Ransomware attacks alone increased by 218% in 2021, according to Palo Alto Networks.
CERT-In will also require cloud and VPN providers to register their users. Custodial wallets, exchange, virtual asset providers, cloud providers and even VPN providers will have to keep records of their customers (KYC) and records of financial transactions for five years. Service providers will maintain logs of their systems for 180 days.
This would defeat the purpose of using a VPN and creates honeypots of data that could be misused for surveillance or stolen.
According to CERT-In, the new requirements will improve the “overall cybersecurity posture” and ensure a “safe and trusted internet” in India.
The post India orders VPN providers to collect data on users appeared first on Reclaim The Net.
Reclaim The Net is a free speech and online privacy organization that defends our individual liberty by pushing back against big tech and media gatekeepers. Much of their work focuses on exposing digital tyrants and promoting free speech and privacy-friendly alternative online services. Visit reclaimthenet.org