Need to update IT Act; no privacy concern in CERT-In guidelines

Need to update IT Act; no privacy concern in CERT-In guidelines

Subject: Science and Technology

Section: IT

Information Technology Act, 2000 — the country’s core legal framework that regulates entities on the internet such social media platforms and e-commerce companies.

Promulgated in 2000, the IT Act was developed to promote the IT industry, regulatee-commerce entities and prevent cybercrime. While over the years, certain sections of the Act have been updated, with the most recent one being changes to the social intermediary rules, the Act itself was last amended in 2008 to accommodate new developments in the IT space at that time.

Concept:

• CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization created in 2004.
• The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.
• According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.
• CERT-In has been designated to serve as the national agency to perform the following functions in the area of cyber security:
  • Collection, analysis and dissemination of information on cyber incidents.
  • Forecast and alerts of cyber security incidents
  • Emergency measures for handling cyber security incidents • Coordination of cyber incident response activities.
  • Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.
  • Such other functions relating to cyber security as may be prescribed.

Critical information Infrastructure

• Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them
• Certain part of information infrastructure is dedicated for management / control etc. of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national fabric e.g. Banking / Telecom etc., and its failure or outage on our National well-being or National Security marks them as being Critical.
• Information infrastructure supporting the operations of Critical Infrastructure (CI) designates such infrastructure as Critical Information infrastructure (CII).
• IT Act, 2000: “Critical Information Infrastructure means the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety”.

NCIIPC has broadly identified the following as ‘Critical Sectors’:-

1. Power & Energy
2. Banking, Financial Services & Insurance
3. Telecom
4. Transport
5. Government
6. Strategic & Public Enterprises