Section 70 of the Information Technology Act deals with Protected Systems, which are computer resources that directly or indirectly affect Critical Information Infrastructure (CII). The law defines CII as any resource whose destruction would have a debilitating impact on national security, economy, public health, or safety. Examples include power grids, banking networks, and defense systems. Gaining unauthorized access to these systems is treated with the highest level of severity.
What Defines a Protected System?
A system only becomes "protected" once the appropriate government (Central or State) officially notifies it in the Gazette. This notification marks the resource as off-limits to anyone without specific, written authorization. For organizations operating in vital sectors, this legal designation provides an additional layer of protection against intrusion. It also mandates the implementation of specific information security practices. If your systems fall under this category, regular penetration testing is essential to ensure your defenses meet government standards.
The Harsh Penalties for Unauthorized Access
Because the stakes involve national stability, the punishment for violating Section 70 is significant. Anyone who secures access or even *attempts* to secure access to a protected system in contravention of the law can be punished with imprisonment for up to ten years and a fine. This is one of the longest prison terms prescribed in the IT Act, reflecting the government's zero-tolerance for infrastructure sabotage. For employees and contractors, strict adherence to managed security protocols is non-negotiable.
Responsibilities of Organizations Managing CII
If you manage a protected system, you have a legal obligation to enforce the government-prescribed security procedures. This includes:
- Access Management: Only authorized individuals should have login credentials.
- Audit Trails: Every attempt to access the system must be logged and verifiable.
- Incident Reporting: Any attempt at unauthorized access must be reported to agencies like CERT-In immediately.
- Vulnerability Management: Identifying and patching security gaps before they are exploited.
Digital Forensics and Infrastructure Security
Determining the source of an unauthorized access attempt on a protected system requires advanced digital forensics services. Investigating state-sponsored attacks or corporate espionage involves Analyzing network hops and encrypted logs to build a case that can stand up in a national security court. A clear evidence trail is vital for both prosecution and defence in Section 70 matters.
Audit Your Critical Infrastructure Today
Operating a protected system brings both high prestige and high responsibility. If you need a comprehensive security audit to ensure your critical infrastructure meets all legal requirements under Section 70, contact our infrastructure security team for a priority consultation.