MY KOLKATA EDUGRAPH
ADVERTISEMENT
regular-article-logo Thursday, 26 December 2024

Telecom companies face tougher data breach rules: Bid to enhance India’s cyber security framework

Telecom entities are now required to adopt a telecom cyber security policy, incorporating security safeguards, risk management approaches and rapid response mechanisms for addressing security incidents

R. Suryamurthy New Delhi Published 25.11.24, 10:45 AM
Representational image

Representational image File picture

The government has notified the Telecommunications (Telecom Cyber Security) Rules, 2024, empowering the Centre to request traffic data and other information, excluding message content, from telecom operators to bolster cyber security.

The rules, notified through a government gazette, also mandate telecom companies to establish infrastructure for collecting such data from designated points, enabling its processing and storage.

ADVERTISEMENT

The collected data may be shared with law enforcement and security agencies for cybersecurity purposes, according to the notification.

The rules prohibit any actions that could endanger telecom cyber security, including the misuse of telecommunication equipment or services, fraud, impersonation, or the transmission of fraudulent messages.

While penalties for violations remain limited to service suspension or disconnection for up to three years, the regulations highlight preventive measures over punitive actions.

Telecom entities are now required to adopt a telecom cyber security policy, incorporating security safeguards, risk management approaches and rapid response mechanisms for addressing security incidents. These policies must include vulnerability assessments and network hardening, along with regular forensic analysis of incidents to mitigate future risks.

The rules mandate operators to report security incidents to the central government within six hours of detection, detailing the number of affected users, the incident's duration and geographical scope, and remedial actions within 24 hours. The government plans to establish a portal for implementing the rules and may issue directions through secure communication channels.

Cyber law expert Karnika Seth described the regulations as a step forward in enhancing India’s cyber security framework. “The rules aim to prevent crimes like phishing and cyber terrorism, improving transparency and accountability in telecommunications,” Seth said, noting their potential to strengthen the nation’s cyber resilience.

However, Nikhil Pahwa, a cyber security analyst, raised concerns about privacy risks. “These measures allow for extensive data collection and storage without judicial oversight, raising surveillance concerns,” he said. Pahwa urged users to adopt encrypted apps and virtual private networks (VPNs) to protect their data.

Follow us on:
ADVERTISEMENT
ADVERTISEMENT