The Info Op

Share this post
On the gulf between desire and reality
grugq.substack.com

On the gulf between desire and reality

by Anand Venkatanarayanan

Anand Venkatanarayanan
May 7
1
Share this post
On the gulf between desire and reality
grugq.substack.com

CERT-IN's VPN logging announcement in context

The latest rules by CERT India asking VPN providers to collect user data or face jail terms is interesting because the organisation lacks both:

  • the technical capability

  • the enforcement powers

Their technical limitations were on display in November 2019 when Meta
reported the vulnerabilities in WhatsApp that were used by Pegasus.
CERT-IN famously responded that it was “a communication in pure
technical jargon.
" https://twitter.com/ANI/status/1190313180947369984

The VPN notification also contains gems, such as:

  1. Strict requirement to use specific Indian controlled NTP servers,
    3 out of 4 of which are down.
    https://twitter.com/kingslyj/status/1520701996118216704

  2. Report incidents via a form (whatever happened to STIX or TAXI?)

    1. Including port scanning attempts (!!)

  3. Mandatory logging of data with 180 days retention for every server

  4. Every data centre, public company or corporation that provides hosting or cloud services must collect user data.

The Ukraine war has clearly demonstrated the dangers of relying on other countries' infrastructure. It is understandable to want to limit reliance on external infrastructure.

The key takeaway here, though, is that although countries want to be self-reliant, aspiration is no substitute for capacity, capability and budgets.

Share this post
On the gulf between desire and reality
grugq.substack.com
A guest post by
Anand Venkatanarayanan
Perennially attracted by all things dark, including scammers, influence operators and of course all things cyber.
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 the grugq
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing