The government of India has notified the New Telecom Cybersecurity Rules aiming to safeguard the Telecom space of India and ensure the consumers a safe and secure telecom ecosystem. 

What are the New Telecom Cybersecurity Rules? 

The New Telecom Cybersecurity Rules notified by the government of India refer to the new guidelines containing security safeguards, risk management approaches, actions, training, network testing, and risk assessment. necessitated by the government of India to the Telecom Operators. It aims at nurturing a safe and sound telecom Space. 

What does the rules say? 

Among all the guidelines, the important ones are mentioned below: 

1. Traffic Data: The central government may seek from a telecommunication entity, traffic data, and any other data, other than the content of messages. In turn, the telecom company needs to ensure the necessary infrastructure for the same. 
2.  Appointment: Telecom entities would be required to appoint a Chief Telecommunication Security Officer. 
3. 6-hour Threshold: The telcos would be needed to report any and every incident of cybersecurity breach within 6 hours of the incident, along with a further provision of 24 hours to submit all the relevant details of the attack. 
4. Prevent Misuse: Rule 4 of the cybersecurity regulations imposes obligations on the ‘telecom entity making them responsible for monitoring and preventing misuse of telecom resources by a consumer

Unrealistic Guidelines 

The particular guidelines issued by the government of India seem unrealistic in the following ways: 

1. No Duration: The guidelines have not suggested any specific time for which the data needs to be stored. This poses certain infrastructural capabilities for the telcos to ensure that might eventually push the Tariifs. 
2. No Guidelines on Data Protection: With data storage comes the inevitable risk of data breaches and attacks that make the telcos' role more vulnerable and accountable, especially when the guidelines don’t say anything explicitly about data protection. 
3. Unrealistic Threshold: An unrealistic threshold of 6 hours has been suggested to report cyber-attack incidents that don’t even meet international standards like in the US or EU which is 72 hours. 
4. Overburdening: The guideline regarding preventing misuse makes the telcos utterly responsible for whatever misuse is reported in the future without taking into consideration the resources that they have and the extent to which they can iter determine or monitor user behavior. 

Unrealistic Timeline 

The Internet Freedom Foundation (IFF) argued that the six-hour reporting deadline for security incidents is an overly stringent and impractical requirement for telecom entities. Instead of prioritizing rapid reporting, the focus should be on allowing telecom entities adequate time to respond and report accurately. The prescribed six-hour and twenty-four-hour timelines for reporting and information-sharing, respectively, are not in line with globally accepted standards. 

Prospects 

As India’s telecom space is poised to grow, this new development holds immense potential to decide the security and privacy of consumers. These guidelines must balance a priority between the administrative needs and privacy of the consumers along with considering right data protection and attack-prevention mechanisms.