Recently, Department of Telecommunication (DoT) notified Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024 and Telecommunications (Telecom Cyber Security) Rules, 2024 under the Telecommunications Act, 2023.
About Critical Telecommunication Infrastructure (CTI)
- CTI are any telecommunication network or part thereof, designated by the Central Government, disruption of which shall have debilitating impact on national security, economy, public health or safety.
- Threats to CTI
- Cyberattacks and espionage: Targeted malware and ransomware attacks, Distributed Denial of Service attacks, etc.
- Physical: Vandalism by terrorist and other miscreant groups, natural disasters, etc.
- Supply-chain vulnerabilities: Over-reliance on foreign hardware and software raising concerns of potential ‘bakdoors’ in equipment, geopolitical tensions resulting in disruptions in supply chains, etc.
- Technological evolution and complexity: 5G roll out, increased interconnectivity through IoT, etc.
Key highlights of the Draft Rules
- Obligations of Telecom entities: To maintain security measures, keep supply-chain records of equipment used in CTI, undertake periodic vulnerability assessment, etc.
- Upgradation of CTI: Requires certification from the Central Government or an authorized body.
- Draft Rules on Telecom Cyber Security mandates each telecom entity to adopt a telecom cyber security policy which shall include security safeguards, risk management approaches, risk assessment and identification, forensic analysis of security incidents, etc.