Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024: 10 Key Things You Need to Know About New Security Rules
The Ministry of Communications notified the Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024 on November 22, 2024. The new rules are intended to improve the security and resilience of telecommunication networks identified as critical for national security, economy, public health, and safety. Here are ten key things you need to know:
Scope of Critical Telecommunication Infrastructure (CTI)
New provisions come into effect for the Central Government-defined telecommunication networks as Critical Telecommunication Infrastructure. These are identified to be vital for the national security and economy of the country.
Security Requirements for CTI
Telecommunication entities need to ensure that hardware, software, and spare parts, etc. of CTI satisfy Indian telecommunication security assurance standards, TEC and NCCS.
Inspection and Access by CG Personnel
The Central Government (CG) can allow its staff to inspect hardware, software and data related to CTI to ensure that it meets all the requirements of national security.
Responsibilities of Telecommunication Organizations
Telecommunication organizations are required to maintain an exhaustive list of CTI resources, maintain logs and records for at least two years, establish incident response security protocols and maintain supply chain records of all telecommunication equipment deployed in CTI.
Incident Reporting and Response
Telecommunication entities must report any security incident within six hours to the Central Government and must have effective disaster recovery and business continuity plans.
Remote Access Regulations
If a telecommunication entity requires remote access to CTI from outside India for maintenance or repair purposes, it needs to take prior written approval from the CG. The entity is also obliged to report to the CG and maintain logs of the same for at least one year.
Upgradation of CTI
The application of telecommunication entities to the CG, detailing and test reports must be provided in case of needful upgradation of CTI. The immediate upgrades about security incidents can be initiated without seeking approval from the competent authority; however, they are expected to report such upgradations to the CG within 24 hours.
Compliance with National Security Directives
The order lays special emphasis on strict compliance with the National Security Directive on Telecommunication Sector, which enforces additional safety measures on critical infrastructure for protection.
International Cooperation and Security
The rules emphasize the need to cooperate in ensuring global telecommunications security and national standards compliance particularly when international equipment is employed.
Impact on Telecommunication Industry
These new regulations seek to enhance the resilience and reduce vulnerabilities of the telecommunication sector so that telecommunication services remain secure, most especially during times of national security threats.
