-Mobile_581x360.webp)
The rules have been issued by exercising power under Telecommunications Act, 2023 and in supersession of the prevention of tampering of the Mobile Device Equipment Identification Number Rules, 2017.
Provisions of Telecommunications (Telecom Cyber Security) Rules, 2024
- Defines terms such as Telecom Cyber Security, Telecommunication entity, Security Incident etc.
- Collection, sharing and analysis of data: Central Government or designated agency may seek traffic data and any other data from a telecommunication entity and can share them with law enforcement and telecom entities.
- It can also direct telecommunication entity to establish necessary infrastructure for collection and provision of such data from designated points to enable its processing and storage
- Obligations relating to telecom cyber security:-
- For Individuals
- No person shall endanger or send any message which adversely affects telecom cyber security
- For Entities
- Entities should develop and adopt telecom cyber security policy addressing risks, audits, and incident responses.
- Establish Security Operations Centres (SOCs) for telecom cyber security incidents, intrusions etc.
- Entities should mandatorily appoint Chief Telecommunication Security Officer (CTSO) whose details shall be provided to Central Government
- For Individuals
- Reporting of security incidents:
- It is to be done within 6 hours of becoming aware of a security incident with reporting to the Central Government.
- Within 24 hours of becoming aware of incidents, entities should furnish details such as number of users affected, duration, geographical area affected, remedial measures taken etc.
Key Terms Defined
|
