Au FIC 2021, Guillaume Poupard, directeur g
Eleven technology-related organizations and associations have sent a letter calling on India’s Computer Emergency Response Team (CERT-In) to correct its data storage and cybersecurity regulations.

These organizations, including the American Chamber of Commerce, Software Alliance – BSA, DIGITALEUROPE, Information Technology Industry Council (ITI), techUK, Cybersecurity Alliance, US-India Business Council , and the US-India Strategic Partnership Forum, argue that the new regulation is inconsistent, troublesome, and difficult to effectively enhance security while harming the Indian economy.

Under the regulation proposed in India in April 2022, companies operating data centers, cloud platforms and VPNs (virtual private networks) will have to store customer names, customer IP addresses and dates each service is used within 5 years.

The new rules also require companies to report more than 20 types of cybersecurity incidents within six hours of detection, including port scanning or phishing.

The protest letter from technology business associations and organizations says that the 6-hour period is “absurd”, and requires storing customer data will create security and data exposure risks. sensitive. In addition, the letter also states that CERT-In’s regulation and response contain some inconsistencies.

According to the letter, the new set of regulations will make it difficult for foreign businesses to operate in India and add costs to customers.

Indian public opinion has also voiced criticism of the new regulation, saying that 6 hours is too short a time and that the requirement for storing VPN user information infringes on privacy. In addition, reporting requirements are also considered too broad and difficult to comply with.

CERT-In has published a set of FAQs that address some of the criticized, but still ambiguous, elements on issues such as the classification of bad and suspicious behavior. Rajeev Chandrasekhar, India’s Deputy Minister for Skills Development and Entrepreneurship, and Deputy Minister of Information Technology Rajeev Chandrasekhar also brushed off the criticism and said that the VPN service provider may choose to leave India if it does not accept the new regulations..

Tung Phong (According to The Register/MediaNama)

Au FIC 2021, Guillaume Poupard, directeur g