Govt Mandates Telecom Companies to Report Cybersecurity Incidents Instantly
New Delhi: The Department of Telecommunications (DoT) has issued a new set of rules requiring telecom companies to report cybersecurity incidents instantly and provide detailed information about the impact of such incidents within 24 hours.
The Telecom Cyber Security Rules, 2024, under the Telecom Act, comes into effect from an unspecified date next year. As per the norms, telecom companies are required to inform the government within six hours of becoming aware of a cybersecurity incident and provide additional details on the incident's impact within 24 hours.
These requirements align with the latest guidelines from the Computer Emergency Response Team (CERT-IN), which stipulate that telecos must report such incidents promptly. According to these rules, telecom companies will be required to furnish detailed information on:
- The number of users affected by the security incident
- The duration and geographical area affected by the security incident
- Remedial measures taken
- The extent to which the telecommunication network or service is affected
This exercise aims to enhance cyber security against various threats impacting telecom networks.