BANKING AND ECONOMY
For the first time, the Union Government fixed a deadline for all the Indian companies must report to the Indian Computer Emergency Response Team (Cert-In) regarding any form of a cybersecurity incident. They have to report within six hours of the incident. The notification was issued by the Union Ministry of Electronics and Information Technology (Meity).
The Ministry categorizes cybersecurity as 20 categories which also include defacement of websites, unauthorized access to social media, data breaches and data leaks.
The penalties under Section 70B of the Information Technology (IT) Act, 2000 remained unchanged. The penalties will be imposed on the companies for not responding to notices from Cert-In. The penalties include imprisonment of up to one year and a fine of up to ₹1 lakh.
Some experts termed the new regulations as ‘excessive’ and ‘overreaching’, as the new rules also require virtual asset service providers, such as cryptocurrency exchanges, to maintain five-year logs of know-your-customer (KYC) data and information on every financial transaction so that individual transactions can be reconstructed in case of a cyber incident.
Companies use time servers to connect to a reference server - in this case, the network time protocol (NTP) of the National Informatics Centre (NIC) and provide this time data to the rest of the server infrastructure. The same is used to coordinate time stamps across a company’s overall connected infrastructure.