A new body — Computer Emergency Response Team – Tamil Nadu (CERT-TN) — will be responsible for implementing the state’s new cybersecurity policy. CERT-TN will also be responsible for the cybersecurity hygiene of all the departments and agencies under the administrative control of the state government. It will act as a statutory body whose advisories, guidelines and instructions will be applicable to them. Under Tamil Nadu government’s new cybersecurity policy, released on September 19, all government state departments will have to nominate a senior officer, preferably with IT experience, as the chief information security officer (CISO). The CISO will identify and secure information assets, and apply advisories given by the state Information Technology (IT) Department. In addition, each organisation will have a Crisis Management Cell (CMC) to deal with potential cyber attacks. CERT-TN will onboard the departments through an Initial Cyber Security Preparedness and Maturity Assessment where they will be graded on key performance indicators. The policy has prescribed an email retention policy after which emails must be automatically deleted. Interestingly, the cybersecurity policy also has a section on social media to determine how employees “should conduct themselves via the Web” to “protect the online reputation of the Department”. The social media policy encourages the principle of data minimisation when it comes to collecting data on social media. It also discourages departments from reusing old passwords and instead recommends technological constraints to prevent individuals from doing so. CERT-TN will be the first state-level CERT in India. In an interview with…
