The Ministry of Electronics and Information Technology (MeitY) has asked all ministries, state governments and regulatory bodies to immediately review their cybersecurity posture and implement CERT-In recommendations to defend against AI-enabled cyber threats, while also directing them to issue newly issued cybersecurity guidelines for technology vendors and original equipment manufacturers (OEMs).
In a letter dated June 10, seen by HT, addressed to secretaries of all ministries and departments, chief secretaries of states and union territories and regulators including RBI, Sebi, IRDAI and Nabard, MeitY secretary S Krishnan said: “The rapid growth and widespread availability of artificial intelligence (AI), including generative artificial intelligence, large language models (LLMs), autonomous agents, and AI-driven automation tools, is fundamentally changing Big Cybersecurity Landscape.”
Read also:MeitY warns VPNs and brokers about accessing blocked betting sites
Referring to the Cybersecurity Agency’s ‘Blueprint for Reducing Exposure and Defending Against Exploitation of AI-Powered Vulnerabilities in Digital Infrastructure’, which was published on May 25, Krishnan urged implementation of the Blueprint’s recommendations, which suggest organizations adopt continuous exposure management, monitoring, rapid remediation and containment rather than relying on periodic security checks.
It also recommends strict timelines for patching vulnerabilities, saying organizations should “patch, mitigate or remove exposure within 12 hours where possible” for known exploited vulnerabilities affecting cyber-facing and “crown jewel” systems and within one day for critical vulnerabilities exposed externally.
Krishnan also referred to the “Guidelines for Original Equipment Manufacturers (OEMs)” issued by CERT-In on June 10, which he said should be circulated to equipment manufacturers and technology providers across sectors as part of the government’s broader cybersecurity preparedness efforts. The guidelines aim to enhance the resilience of digital systems and information and communications technology (ICT) infrastructure in the face of evolving cyber threats.
The guidelines require OEMs and technology providers to regularly check their products for security flaws, maintain an up-to-date log of software components (SBOMs), quickly detect critical vulnerabilities, and release security patches more quickly. It also encourages companies to use AI tools to regularly test and enhance the security of their products.
