back to article Global tech industry objects to India’s new infosec reporting regime

Eleven significant tech-aligned industry associations from around the world have reportedly written to India’s Computer Emergency Response Team (CERT-In) to call for revision of the nation’s new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, …

  1. ShadowSystems Silver badge

    "If you don't like it, leave."

    To which the bulk of your trade partners smile sadly, nod, pack their stuff, & walk away to leave you with a far reduced ability to play in the global market.

    You insist on a set of onerous rules, the players decide they don't like your rule, so they refuse to play in your arena. Don't like it? Too bad, they're your rules & you must obey them, but anyone not permanently entrenched in your arena can & will leave to go play where the rules suck less.

    1. LDS Silver badge

      Re: "If you don't like it, leave."

      That's what they want - Modi is playing the same playbook of Xi Jinping and Putin. These rules are not devised to make India more secure, they are devised to secure the government against opposition, and ensure Indian people don't access those non-Hindu foreign outlets bypassing any filter the government may like to build.

  2. big_D Silver badge

    Flood

    Flood them with all the port scans. Set-up an automatic rule on the firewall to send off an email with PDF attached for each port scan. Their mail system would fall over within minutes...

    Whilst aiming for more transparency in cyber attacks is a great aim, this is not realistic and the data retention limits are at odds with other jurisdictions. 6 weeks to 6 months seems to be the general range, with longer retention for data involved in an active investigation, naturally.

    The whole thing sounds like it was poorly thought out by politicians who have no real understanding of cybersecurity. Port scans? Really? At home I get a couple of dozen a day, at work it is constant.

    1. Doctor Syntax Silver badge

      Re: Flood

      "Set-up an automatic rule on the firewall to send off an email with PDF attached for each port scan."

      This, definitely. Sometimes it's best to let fools experience the effects of their folly.

      It's a long time since I even bothered to look at where the scans on my home router were coming from but as I remember, at that time, it was mostly India.

    2. yoganmahew

      Re: Flood

      Include the line 2please retain this email and attachment for 5 years" in the email and call it self-service.

      Set up public canaries whose sole job is to attract attention and send reports.

      1. Doctor Syntax Silver badge

        Re: Flood

        For good measure CC to Rajeev Chandrasekhar.

        1. Short Fat Bald Hairy Man
          Pint

          Re: Flood

          Yes.

    3. iron Silver badge

      Re: Flood

      Only a couple of dozen? I've had 340 today so far and that was at 13:00.

      Usually I see anything from 2.5k to 3.5k per week.

  3. VoiceOfTruth

    Colonialists

    Still trying to tell India what to do. Imagine if India stuck its nose in and started telling these countries what to do.

    -> Six-hour reporting is unreasonable and required by no other nation or bloc

    Great. So those other nations and blocs can learn a lot from India.

    -> Storing customer data is burdensome, and creates a security risk

    And yet not a week goes by when we don't hear and read about a huge trawl of customer data being grabbed from western companies and posted online somewhere or being sold.

    -> Some of the log data required is commercially sensitive

    You want to do business in India, follow Indian rules.

    1. VoiceOfKarma

      Re: Colonialists

      Vitriolic nationalism slices both ways, Mr. Chandrasekhar.

      -> Storing customer data is burdensome, and creates a security risk

      >And yet not a week goes by when we don't hear and read about a huge trawl of customer data being grabbed from western companies and posted online somewhere or being sold.

      ...typically after executives decided they didn't want to pay the market rate for competent developers, which leaves them with outsourcing to India, where the laughably amateur code that made said breaches possible came from in the first place.

      The rest of the world will be plenty glad to never have an Indian-designed or Indian-developed code base ever again, and they'll all be safer for it. Thank you India for improving global information security by ensuring that no Indian residents will ever work in tech to be deployed outside of India ever again.

      Fun fact: in a study of 36,000 Indian IT / tech engineering students from over 500 different colleges, 2/3 couldn't even write code that compiles, and 95% were found to be unfit for software development.

      Source: https://news.slashdot.org/story/17/04/20/128224/95-engineers-in-india-unfit-for-software-development-jobs-report

      Usually, everyone in the west keeps polite so as not to hurt anyone's feelings, but there is a near-universal and unspoken understanding that Indian devs are among the least competent on the planet. That should not be surprising, considering the culture valorizes lying and deceit (https://www.brightworkresearch.com/why-indian-culture-lacks-a-concept-of-not-lying/). Here in the west, that doesn't make you a hero, it makes you a charlatan - someone worse than worthless, a drain of the resources around them. Now of course, this doesn't apply to all Indians, but everyone already knows that the competent ones leave the country ASAP and never return.

      What's that saying about living by the sword?

      1. VoiceOfTruth

        Re: Colonialists

        Satya Nadella and Sundar Pichai would disagree with you.

        1. Anonymous Coward
          Anonymous Coward

          Re: Colonialists

          Please refer Indian CEOs of Indian companies, those you refer are doing great good but from being in American companies they support and upskill India, but same thing it's not possible if they were in India, as government now imposing so many restrictions.

      2. VoiceOfTruth

        Re: Colonialists

        -> the culture valorizes lying and deceit. Here in the west,

        The west: we come in peace.

      3. VoiceOfTruth

        Re: Colonialists

        -> Here in the west, that doesn't make you a hero, it makes you a charlatan

        We hold these truths to be self-evident that the world is 6,000 years old, said a bunch of western people who do not lie. Verily they said unto us, we come in peace.

  4. Tron

    India is the next China.

    As you may have noticed with Brexit, nationalism breaks things and costs a fortune - hence all the shortages in the supermarkets and transport queues. It is ideology over practicality and good sense.

    Modi is a nationalist and wants Chinese levels of oversight on domestic tech use. He also wants Western companies to leave. The West has been pinching Indian tech talent for years. He wants Indian tech owned and operated by Indians working for Indian companies. Stuff like this gets rid of the Western companies. It knackers the tech in India and the possibility of tech development, but for nationalists, control is everything.

    So any Western companies who were operating in China, Hong Kong, Russia and India are going to be downsizing quite a bit. Stick around and the Indian Govt. will do what the others have done. Fines. Bans. Blocks. Imprisonment etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022