Government Notifies Telecom Cybersecurity Rules, Sets Reporting Timelines for Telcos
The government has introduced new telecom cybersecurity rules aimed at safeguarding India’s communication networks and services. These regulations outline specific obligations for telecom entities, including timelines for reporting security incidents, implementing cybersecurity measures, and sharing non-content data when required by the central government or its authorised agencies.
Key highlights of the rules include:
- Reporting Security Incidents:
Telecom entities must report security incidents within six hours to the central government, detailing the affected systems, the incident’s nature, and its impact. Within 24 hours, they must provide further details such as the number of users affected, the geographical scope, and remedial actions taken or proposed. - Cybersecurity Policy Requirements:
Telcos are required to adopt a comprehensive cybersecurity policy covering:
Security safeguards and risk management strategies
Training, network testing, and vulnerability assessments
Rapid action systems to mitigate security incidents and perform forensic analysis
- Data Collection for Security:
The central government or its authorised agency can request traffic data (excluding message content) from telecom entities to ensure cybersecurity. The rules mandate telecom providers to establish infrastructure for collecting, processing, and storing such data while ensuring its confidentiality and preventing unauthorised access. - Accountability Measures:
Telecom entities must appoint a Chief Telecommunication Security Officer to oversee cybersecurity measures.
Equipment manufacturers must register the International Mobile Equipment Identity (IMEI) numbers of devices manufactured in India with the government before their first sale.
- Prohibited Activities:
The rules strictly prohibit any activities that endanger telecom cybersecurity, including misuse of networks, transmitting fraudulent messages, or engaging in actions that pose security risks.
These rules, framed under the new Telecom Act, aim to create a robust cybersecurity framework to tackle evolving threats while protecting users and communication infrastructure. Additionally, the government plans to train 5,000 cyber commandos over the next five years to strengthen the nation’s cybersecurity capabilities.
By setting clear obligations and timelines, the government seeks to enhance resilience and ensure a secure communication ecosystem across the country.
News Source : “Information for this article was gathered from a variety of reliable news outlets.”
