JUN 06, 2022 | ASIA PACIFIC | INDIA
BSA Statement on the Submission to Ministry of Electronics and Information Technology on CERT-In’s Notification on Information Security Practices
NEW DELHI – June 6, 2022 – BSA | The Software Alliance submitted its concerns to the Ministry of Electronics and Information Technology (MeitY) on Computer Emergency Response Team’s (CERT-In) “Directions … relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet” (Directions).
The Directions aims to augment and strengthen cybersecurity in India. BSA supports this aim of CERT-In and the need to build an effective cyber incident reporting regime. While we appreciate MeitY’s efforts to clarify the Directions through Frequently Asked Questions (FAQs), a few provisions are incompatible with risk-based, technology neutral, and flexible approaches to ensure robust cyber security mechanisms.
“We are concerned about the broad scope of notifiable cyber incidents, the lack of a risk-based threshold, and the short timeline for reporting in the Directions. These provisions will undermine incident investigation and response, including the deployment of defensive measures”, said Venkatesh Krishnamoorthy, Country Manager – India, BSA | The Software Alliance. “We urge the CERT-In to adopt an impact-based and risk-based approach to incident reporting. We recommend that the Directions ask to provide an initial report of high-impact or severe cyber incidents as soon as practicable or within 72 hours of the confirmation of an incident, whichever is faster. We also seek greater flexibility on log-keeping requirements and more time to implement user validation requirements. BSA looks forward to working with MeitY and CERT-In to contribute to an effective approach towards a secure digital economy for India.”
BSA |“软件联盟”(www.bsa.org) 是全球软件行业的主要倡导者，旨在代表该行业，向政府和国际市场发声。其成员包括全球最具创新力的公司，这些公司制定的软件解决方案，不但能够刺激经济，还能提升现代生活的品质。
BSA 的总部位于华盛顿特区，其营运机构遍布 30 多个国家。BSA 凭借这些机构，率先涉足合规项目，以期促进使用合法软件、倡导制定公共政策，并以此培养技术创新能力，以及推动发展数字经济。