"We are concerned that the Directive, as written, will have a detrimental impact on cybersecurity for organizations that operate in India, and create a disjointed approach to cybersecurity across jurisdictions, undermining the security posture of India and its allies in the Quad countries, Europe, and beyond. The onerous nature of the requirements may also make it more difficult for companies to do business in India," a coalition of eleven global business and tech associations said in a letter dated May 26 sent to CERT-In. The cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In) on April 28 has already been criticised by a long list of stakeholders, but this letter by a coalition of prominent industry associations (list below), which includes the US Chamber of Commerce, Cybersecurity Coalition, techUK, and Digital Europe, is the strongest opposition to the directive so far because these associations represent businesses of all sizes and from various sectors across the globe. What are the issues raised by the coalition? Syncing time with NPL and NIC servers affects security operations: CERT-In wants companies to sync their system clocks to the NTP time servers of the National Physics Laboratory and the National Informatics Centre, but this requirement "is very concerning because it could negatively affect companies’ security operations as well as the functionality of their systems, networks, and applications, amongst other reasons," the letter stated. While the FAQs released by the government give some leeway by allowing certain companies to use their own time source as long as it…
