Rajesh Pant on Why Breaches Must Be Reported Within 6 Hours
India's Cyber Coordinator Discusses the Country' Cybersecurity StrategyIndian National Cybersecurity Coordinator and retired Lt. Gen. Rajesh Pant says of the country's process for reporting a cyber incident to the Indian Computer Emergency Response Team, or CERT-In: "The process is in place."
See Also: The CISO's Response Plan After a Breach
It includes a six-hour reporting requirement, which Pant says is necessary because cyberattackers use the same malware. Therefore, to protect all other enterprises, he says, an enterprise that falls victim to an attack has to "pass this information along."
Pant says the government has published FAQs about the Cyber Security Directions under Section 70B of the Information Technology Act, 2000 that clarify any former ambiguities in the process.
In a video interview with Information Security Media Group at ISMG's Cybersecurity Summit in Bengaluru, where he was a keynote speaker, Pant also discusses:
- The debate about privacy versus security;
- The need to create an accountable body to coordinate cybersecurity at a national level;
- Why public-private partnerships are key to cybersecurity.
As the national cybersecurity coordinator in the National Security Council of India at the Prime Minister's Office, Pant coordinates all cybersecurity activities across multiple sectors. He holds a doctorate in information security metrics and headed the Army's cyber training establishment for three years. Pant served in the Army Signals Corps for 41 years and was honored three times by the president of India for distinguished service.