The Ministry of Electronics and Information Technology (MeitY) has asked all ministries, state governments and regulators to immediately review their cybersecurity posture and implement recommendations by CERT-In to defend against AI-enabled cyber threats, while also directing them to issue newly released cybersecurity guidelines to technology vendors and original equipment manufacturers (OEMs).
<figure class="art
In a June 10 letter, seen by HT, addressed to secretaries of all ministries and departments, chief secretaries of states and Union Territories and regulators including the RBI, Sebi, IRDAI and Nabard, MeitY secretary S Krishnan said, “The rapid growth and widespread availability of Artificial Intelligence (AI), including generative AI, large language models (LLMs), autonomous agents, and AI-driven automation tools, are significantly changing the cybersecurity landscape.”
Also Read:MeitY warns VPNs, intermediaries over access to banned betting sites
Referring to the cybersecurity nodal agency’s ‘Blueprint for Reducing Exposure and Defending against AI-Assisted Vulnerabilities Exploitation in Digital Infrastructure’, published on May 25, Krishnan urged to implement the blueprint’s recommendations, which suggest organisations to adopt continuous exposure management, monitoring and rapid remediation and containment instead of relying on periodic security checks.
It also recommends aggressive timelines for fixing vulnerabilities, saying organisations should “patch, mitigate or remove exposure within 12 hours where feasible” for known exploited vulnerabilities affecting internet-facing and “crown-jewel” systems and within one day for critical externally exposed vulnerabilities.
Krishnan also referred to CERT-In’s ‘Guidelines for Original Equipment Manufacturers (OEMs),’ issued June 10, which he said should be circulated to equipment manufacturers and technology providers across sectors as part of the government’s broader cybersecurity preparedness efforts. The guidelines are aimed at strengthening the resilience of digital systems and information and communication technology (ICT) infrastructure against evolving cyber threats.
The guidelines ask OEMs and technology providers to regularly check their products for security flaws, keep an updated record of software components (SBOMs), quickly disclose critical vulnerabilities, and release security patches faster. They also encourage companies to use AI tools to regularly test and strengthen the security of their products.
