Ministry of Electronics and IT (MeiTY) in India by a notification dated June 16th 2022 declared the IT resources of ICICI Bank, HDFC Bank and NPCI as ‘critical information infrastructure’. The government decided to take such action as several organisations faced cyberattacks from various parts of the world.
The notification states that any action which endangers the security of notified IT resources are a threat to national security.
The notification got issued under Section 70 of the Information Technology Act, 2000. Section 70 of IT Act, 2000 states that government can “by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system”.
Any person who acts in violation of the act can be punished with imprisonment of a maximum of 10 years.
The notification states that only authorised designated employees can have access to the resources. Other than that, authorised team members of service providers, third-party vendors authorised by the bank, regulator, government officials, auditors, and stakeholders authorised by the bank can have access. But this will be on a case-to-case basis.
Triveni Singh, SP, Cyber Crime, Uttar Pradesh Police and a certified cyber expert said in a conversation with PTI that it is high time banks and such institutions get notified themselves as a protected system.
What is IT, Act 2000?
The Information Technology Act, 2000 got notified on 17 October 2000. It got notified as a law to deal with cybercrime and electronic commerce. Law contains 94 sections, divided into 13 chapters and 4 schedules.
ICICI Bank, set up in 1994, is the 6th largest bank in India with consolidated total assets of Rs. 14.76 trillion. As of now, ICICI has 5,418 branches and 13,463 ATMs across India.
HDFC Bank is India’s largest private sector bank. It’s also world’s 10th largest bank by market capitalisation as of April 2021