Electronic and Postal Communications (Computer Emergency Response
Team)
G.N. No. 419 (contd)
Obligations of
service
providers on
cyber security
8. The Service Providers shall have the following
obligations in relation to cyber security to(a)
provide a secure environment for the
connectivity of their subscriber base by
maintaining up dated systems that have a
protection mechanism against information
security threats;
(b)
provide an effective and timely quality
response to the National CERT and support to
their subscriber base in a notification on
significant information or computer security
threats;
(c)
notify the National CERT of significant
information or computer security threats that
come to their attention. The notification shall
include measures undertaken to prevent
reoccurrence of the threat;
(d)
collaborate and cooperate with the National
CERT in incident handling process so as to
effectively solve or support their resolution;
(e)
maintain WHOIS database of the IP address
block if assigned to self and contact
information regarding address and spaces
allocated to the respective subscriber base;
(f)
disconnect a subscriber or its services from the
respective communication network, if it has
been proved that a subscription endangers the
information security or usability of a
communication service; such disconnection
and reconnection of a subscriber shall be
carried out in accordance with the predefined
processes and guidelines;
(g)
establish and maintain internal instructions and
operation models for denial of service attacks
63