Cyber Security in Blockchain

Ukkash F
123118055
BBA; LLB (Hons.)
National Cyber Security Policy Strategies
1. Creating a secure cyber ecosystem
2. Creating an assurance framework
3. Encouraging Open Standards
4. Strengthening the Regulatory framework
5. Creating mechanisms for security threat early warning, vulnerability management
and response to security threats
6. Securing E-Governance services
7. Protection and resilience of Critical Information Infrastructure
8. Reducing supply chain risks
9. Human Resource Development
10. Creating Cyber Security Awareness
11. Developing effective Public Private Partnerships
12. Information sharing and cooperation
13. Prioritized approach for implementation
Information Technology Act, 2000
Enacted on 17th May 2000 and further amended as The Information Technology
(Amendment) Act, 2008 was enforced on 27th October 2009 • To provide legal recognition
for transactions:-
• Carried out by means of electronic data interchange, and other means of electronic
communication, commonly referred to as "electronic commerce“
• To facilitate electronic filing of documents with Government agencies and E-Payments
• To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence
Act 1891,Reserve Bank of India Act ,1934
Role of State Government in IT Act
⮚ u/s 46, 47: State IT Secretaries have been notified to be the Adjudicating Officer.

• u/s 69A Rule - Procedure and Safeguards for Blocking for Access of Information by Public

⮚ Nodal officers nominated from Ministries/Depts. and States to forward request for blocking

• u/s 69 Rule - Procedure and Safeguards for Interception, Monitoring and Decryption of
Information

⮚ Union Home Secretary and Home Secretaries of States/UTs empowered to issue direction

• Intermediaries guidelines rules, 2011

⮚ Section 79(3)(b) being read down to mean that an intermediary upon receiving actual knowledge from
a court order or on being notified by the appropriate government or its agency that unlawful acts
relatable to Article 19(2) are going to be committed then fails to expeditiously remove or disable access
to such material.
Chief Information Security Officer (CISO)

MeitY has issued direction to all State/UT Governments and all Central Government
Ministries/Departments & Critical Sector Organizations to appoint CISO

• To report directly to Secretary/CEOs in PSUs

• Roles and responsibilities of CISOs prescribed in March 2017.

Cyber Surakshit Bharat

The Cyber Surakshit Bharat programme was launched to educate & enable the
Chief Information Security Officers (CISO) & broader IT community to address
the challenges of cyber security in partnership with Industry consortium

• The programme was launched on 19th Jan 2018 by Hon’ble MoS(E&IT)

New Directions on Cyber Security Practices in India will impact Crypto-entities, VPN providers and data privacy of users
Contd.

The Indian Computer Emergency Response Team (“CERT-In”) has issued key directives
dated April 28, 2022 (“Directions”) under the Information Technology Act, 2000 (“IT
Act”) relating to “information security practices, procedure, prevention, response and
reporting of cyber incidents”, which aim to strengthen cyber security practices in India.
2022 Directions

As a result, under the Directions, CERT-In has set out various requirements to be
followed by “service providers, intermediaries, data centres, body corporate and
Government organisations” inter-alia relating to: synchronization of ICT systems
clocks; reporting of cyber incidents within six hours of noticing (or being
brought to notice of) such incidents; requirement to take action or provide
information or assistance (in the format and within the timeframe) as may be
required by CERT-In; and in relation, the designation of a Point of Contact
(“PoC”) to communicate with CERT-In.
The following specific requirements (pertaining to data storage) are to be followed under the
Directions:

All service providers, intermediaries, data centers, body corporates and Government organizations
are to enable logs of their ICT systems and to maintain them for a period of one-hundred and
eighty days. Indian jurisdiction will maintain the same.

Data centers, VPS providers, cloud service providers and VPN providers to register certain
information (including validated names of subscribers/validated address/contact numbers etc.) for
a period of five years (or longer); and

Virtual asset service providers, virtual asset exchange providers and custodian wallet providers
to maintain all information obtained as Know Your Customer (KYC) and records of financial
transactions (including information relating to the identification of the relevant parties, such as
IP addresses, timestamps and time zones, transaction ID and amount, public keys, addresses or
accounts involved etc.) for a period of five years.
Conclusion

CERT-In has broadly specified the KYC procedures to be referenced by the relevant
entities under the Directions.

In view of the above, it may be readily inferred that the Directions will not just impact the
relevant entities but also Indian citizens and any users or persons dealing with or availing
services from such entities, particularly in terms of privacy and security of users and
possibility of data breaches.