Technology
Reporting ransomware, other cyber threats - your legal obligations
The Wannacry ransomware outbreak that continues to unravel across the globe is the latest in a long line of prominent cyber security threats. With time, these attacks are only likely to become more frequent, sophisticated and widespread.
 
The Indian IT Secretary recently stated that the impact of ransomware in India is currently limited to six incidents. In sharp contrast, other estimates peg attempts at over 48,000 and counting, with over 700 successful infections.
 
If the government figures belie (as they often do) the true impact of attacks such as Wannacry, this creates big problems for everyone.
 
For one, it delays the time specialised first-responders like the government's Computer Emergency Response Team (CERT-In) take to kick into high gear and take the necessary steps to prevent an online pandemic. It also creates a false sense of security in users who may not take critical steps at their level to prevent a much larger network attack.
 
An important step in ensuring the government is on the ball, is reporting such incidents to the authorities -- something that may not strike most people, but is the law, and non-reporting is punishable.
 
So what qualifies as a report-worthy "incident" under law?
 
Rules relating to CERT-In's functioning classify the following instances as those which are required to be mandatorily reported as soon as possible: (i) targeted scanning/probing of critical networks/systems (ii) Compromise of critical systems/information (iii) Unauthorised access of IT systems/data (iv) Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites, etc. (v) Malicious code attacks such as spreading of virus/worm/Trojan/botnets/spyware; (vi) Attacks on servers such as database, mail, and DNS and network devices such as routers (vii) Identity theft, spoofing and phishing attacks (viii) Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks (ix) Attacks on critical infrastructure, SCADA systems and wireless networks and (x) Attacks on applications such as e-governance, e-commerce, etc.
 
Most of these instances are self-explanatory, and the current ransomware attack falls within several of these categories -- (ii), (iii), (v), (vi) (vii) and (viii) all have elements of a ransomware attack.
 
If you find that you fall within one of the instances above, the next question that arises is who needs to report them and how.
 
Under the CERT-In Rules, the reporting requirement lies on "any individual, organisation or corporate entity affected by cyber security incidents" (which include the mandatory reportable incidents set out above, although the definition itself is wider). Reporting incidents to CERT-In can be through several channels (email [email protected], call the helpdesk at 1800-11-4949, or fax 1800-11-6969).
 
The website http://www.cert-in.org.in/ also provides an incident reporting form to be filled in, which must cover details such as the timing of the incident, affected systems, symptoms observed and relevant technical information.
 
If you are an enterprise user and have system administrators, the best person to carry out the reporting exercise would be the head of the team. Remember that the reporting is required as soon as possible, and a general yard-stick (though not specifically set) would be within 24 hours of the incident.
 
Although a direct penalty is not provided for under the CERT-In Rules, its umbrella legislation does, and non-reporting could attract one of several potential penalties (currently open to interpretation), ranging from Rs 5,000 a day or Rs 150,000 per failure, to Rs 100,000, imprisonment (yes) of up to one year, or a combination of the two.
 
Additional reporting requirements apply to "intermediaries" under the IT Act, banks are mandatorily required to specifically report cyber security incidents to the Reserve Bank of India (RBI) within 2-6 hours (see https://tinyurl.com/moca57f and https://tinyurl.com/l5ajkqq), and telecom operators have a similar obligation under the Unified License Agreement where a breach of a license term (such as reporting) carries a hefty fine of Rs 50 crore for each breach.
 
Finally, if you're affected by ransomware and are being asked to pay a ransom in Bitcoin to decrypt your data, beware that virtual currencies such as Bitcoin and the wallets and exchanges that enable Bitcoin transactions in India continue to function in a legal grey area, although some form of regulation is on the anvil.
 
Thus, beyond the practical problem of paying a ransom in Bitcoin and the attacker rescinding on his promise to decrypt your files, making such payments, especially overseas, could result in the RBI coming knocking at your door.
 
As a long-term strategy, individuals and organisations alike would do well to adapt industry best-practices relating to cyber security (whether or not they are mandated to do so by law), ensure that policies adopted in this regard are in sync with legal reporting requirements, and that all relevant stakeholders are made aware of what those requirements are and how to address them in a crisis situation.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

No tax on food items, contraceptives; mobile phone levy at 12% under GST
With the Goods and Services Tax (GST) Council deciding the tax rate on 1,211 goods on Thursday, there is cheer for the common man as 81 per cent of the goods are below 18 per cent, though people will have to shell out more even for small segment cars with additional cess levied on them.
 
Milk, eggs, salt, fresh vegetables, fruits, contraceptives, organic manure, earthen pots, coconut, prasadam supplied by religious places like temples, mosques, churches, gurudwaras and dargahs have been exempted under GST.
 
Live animals, fruit juices and meat will call for a 12 per cent tax while fish has been put in the 5 per cent tax rate.
 
Butter and cheese have been placed under the 12 per cent tax rate and condensed milk under 18 per cent. 
 
Beverages such as coffee (not instant), tea and groundnut, coal, hand pumps will attract 5 per cent tax under GST.
 
While jaggery is exempt under GST, cane sugar and beet sugar are in the 5 per cent tax slab. Bio gas plant, wind mills and kerosene lantern will also be under the 5 per cent tax rate.
 
Mobile phones, fountain pen ink, tooth powder, incense sticks, feeding bottles, Braille paper, children's colouring books, umbrellas, pencil sharpeners, tractors, bicycles, contact lenses, spectacle lenses, utensils, sports goods, fishing rods, combs, pencils and hand paintings have been placed under the 12 per cent tax rate under GST.
 
Bindi, vermilion, glass bangles, handlooms, hearing aids and handmade musical instruments have also been exempt under GST. A total of 7 per cent of items have been kept zero rated.
 
The goods which will fall under 18 per cent tax rate include helmets, LPG stoves, nuclear reactors, clocks, military weapons, electronic toys and plastic buttons.
 
The items which have been put in the highest tax slab of 28 per cent include aerated drinks, perfumes, after-shave lotions, deodarants, clothing of furskin, razor blades, cars, revolvers, pistols, 
 
More than 200 products appear in the 28 per cent tax slab. 
 
"Ideally, few products should have been put in 28 per cent bracket and 18 per cent should have been a miscellaneous schedule (to cover all balance products). The temptation of putting more products under 28 per cent bracket will certainly complicate the Indian GST structure," GST expert Pritam Mahure told IANS.
 
Compensation cess: 55 products will attract compensation cess. 
 
The cess on small cars ranges from 1-3 per cent, 3 per cent on motorcycles with 350 cc engine, personal aircraft and yachts while mid-segment and large cars will attract a cess of 15 per cent. 
 
All goods, other than pan masala containing tobacco 'gutka' will have to bear a cess of 89 per cent while tobacco and tobacco products will call for a cess in the range of 12.5-290 per cent. Cess of 5 per cent has been levied on cigarettes and 60 per cent on pan masala. Aerated drinks will attract a cess of 12 per cent.
 
Mahure says that it is expected that a few classification disputes may continue like whether groundnut chikki should be classified as 'sweetmeat' attracting 5 per cent GST rate or sugar confectionery attracting 18 per cent GST rate. 
 
Now, the manufacturers/traders will have to quantify the impact of the GST rates on their product prices and update their tax masters/registers with these rates. This is a complex exercise for traders who are not very conversant with tariff codes and classification, he added.
 
The rate structure for the remaining goods -- bidi wrapper leaves, biscuits, bidis, textiles, footwear, natural or cultured pearls, precious or semi-precious stones, precious metals, imitation jewellery, power driven agricultural, horticultural, forestry, poultry keeping or bee-keeping machinery and harvesting machinery is expected to be decided on Friday in the GST Council's meeting on the second day in Srinagar.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

ED registers money laundering case against Karti Chidambaram
The Enforcement Directorate on Friday registered a money laundering case against Karti Chidambaram, the son of former Finance Minister P. Chidambaram, on the basis of a corruption case filed by the CBI earlier this week, officials said.
 
"We have registered a case against Karti Chidambaram under charges of Prevention of Money Laundering Act (PMLA)," an ED official told IANS.
 
The ED action comes in the wake of the FIR filed by the Central Bureau of Investigation (CBI) on Monday under offences of criminal conspiracy, cheating, taking gratification by corrupt or illegal means, influencing public servants and criminal misconduct. 
 
In the FIR Karti is alleged to have got Rs 3.5 crore from INX media, now 9X media, for helping it in the clearance of a Foreign Investment Promotion Board (FIPB) proposal when his father was Finance Minister. 
 
The FIPB clearance was given to Mumbai-based INX Media when it was run by Peter and Indrani Mukherjea, both accused in Sheena Bora murder case. 
 
The FIR does not mention the name of former Minister Chidambaram, though it states that he had cleared the Foreign Investment Promotion Board (FIPB) approval for Rs 4.62 crore Foreign Direct Investment (FDI) in the FIPB meeting on May 18, 2007.
 
Karti left for London two days after the CBI registered a case against him. His father has said he will return soon. 
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.

User

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Magazine
Fiercely independent and pro-consumer information on personal finance
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
MAS: Complete Online Financial Advisory
(Includes Moneylife Magazine and Lion Stockletter)