- The regulator should permit SESG authorisation holders to own and operate gateway services by entering into an arrangement with the satellite operator/their Indian entity. While this entity should not have access to spectrum directly, the regulator should allow them to use the spectrum assigned to licensed service providers for configuration and provisioning purposes.
- Project Kuiper argues that the regulator should also permit SESG authorisation holders to deploy baseband equipment for satellite operators since this is a key part of earth station infrastructure.
- TRAI should permit service licensees to allow SESG authorization holders to use their assigned spectrum. “This would be consistent with the operational set-up envisaged by the TRAI for digital connectivity infrastructure providers (DCIP), wherein the TRAI has recommended that the DCIP should not be permitted to hold spectrum,” the company adds.
- No bank guarantee requirements
- No minimum net worth
HDFC Life Insurance Reports Data Breach Amid Rising Cybersecurity Threats to Indian Insurers
HDFC Life Insurance has reported a data breach. In an after-market regulatory filing, the company disclosed the breach. It also noted that it is working with information security experts to investigate the matter and safeguard customer interests.
“We wish to inform (you) that we have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” it stated.
HDFC Life announced that it has initiated an “information security assessment and data log analysis” to identify the root cause of the issue. The company stated, “We will take utmost care to handle the concerns of our customers and take actions to safeguard their interest.”
“We are committed to taking all necessary measures to ensure that such incidents do not recur,” it added.
Star Health Insurance
HDFC Life Insurance’s data breach follows Star Health Insurance’s report from two months ago. Star Health revealed that hackers leaked personal data, including sensitive details about customers’ medical conditions, online. Star Health Insurance reported it to authorities and initiated a forensic investigation led by independent cybersecurity experts.
The breach allegedly involved 7.24 TB of Personally Identifiable Information (PII) from 31 million customers. The hacker group xenZen leaked the data via Telegram chatbots and offered it for $150,000. These data samples included information such as policy and claims details, along with documents containing names, phone numbers, and addresses. They also featured tax details, copies of ID cards, test results, and medical diagnoses.
Moreover, the hacker also claimed on their platform that they had colluded with Star Health’s CISO (Chief Information Security Officer) to get access to data. Hackers shared screenshots, claiming to show both parties negotiating a deal for access to personal data. However, the authenticity of this remains unverified.
Star Health denied widespread system compromise and backed its CISO, refuting claims of collusion.
The insurer filed a complaint against Telegram for hosting the chatbots and named Cloudflare in its lawsuit. Telegram has faced global scrutiny for allegedly hosting cybercriminal groups on its platform. This came especially after French authorities arrested its founder, Pavel Durov. The arrest was in connection with a police investigation into criminal networks using the platform.
A forensic investigation into Star Health Insurance’s data breach later disproved allegations that the CISO collaborated with the hacker. The investigation found no evidence of the CISO leaking customers’ personal information.
IRDAI’s Response
In October, the Insurance Regulatory and Development Authority of India (IRDAI) instructed all insurance companies to review their IT systems for potential vulnerabilities, reported Economic Times. This advisory came in response to reports of data breaches at two major general insurance companies, Star Health and Allied Insurance, and Tata AIG General Insurance. Star Health officially disclosed the breach to the stock exchanges, while market sources suggested Tata AIG was also affected.
Earlier this year, HDFC Ergo General Insurance and Bajaj Allianz General Insurance went the extra mile by negotiating with cyber attackers to address claims resulting from ransomware demands, reported Economic Times.
Read More:
Amazon’s Project Kuiper Proposes New Satcom Gateway Authorisation rules to TRAI for Ease of Doing Business
Amazon’s satellite communication subsidiary Project Kuiper has urged the Telecom Regulatory Authority of India (TRAI) to allow Satellite Earth Station Gateways (SESG) authorisation-holders to work with satellite operators and service licensees (like telecom companies or virtual network operators). It suggests that the three can work together in such a way that “the satellite operators and/or the entities holding appropriate service license from the Department of Telecommunications (“DoT”) (“Service Licensees”) can bring their own spectrum and use the SESG to provide greater flexibility in the satellite-based communications services business.” This it says, will promote ease of doing business and promote innovation in the satcom industry in India.
Project Kuiper’s response comes in the context of TRAI’s consultation paper from October which sought inputs on terms and conditions for network authorisation for a range of services including earth station gateways.
Allow satcom companies to provide gateway services:
Project Kuiper also believes that TRAI should allow satcom companies to provide earth station gateway services. It argues that currently, authorised satcom companies cannot provide their services to other authorised license holders without a virtual network operator (VNO) license.
As such, Project Kuiper believes that TRAI should allow satcom companies to obtain earth station gateway licenses, and the satcom company can provide services to multiple service license holders. The regulator should in turn allow these licensees to act like network service providers (telcos) or VNOs and provide their customers (B2C and B2B) customised services. Further the company makes the following representations:
Requirements for satellite communication network authorisation:
Project Kuiper argues that the scope for satcom network and SESG authorisation is analogous and as such, TRAI should put in place the same financial requirements for the two services. This includes:
The company believes that this approach will decrease the operational expenses of those trying to provide satellite communication network as a service.
Make the migration to new network authorisation optional:
Project Kuiper says that TRAI should clarify that entities who have licenses to provide services prior to the new authorisation under the Telecom Act may “voluntarily migrate to the new terms and conditions”. The regulator should base the migration framework on the principle that those providing same services should have similar regulations.
“If relaxations are provided under the new framework in relation to fees and terms and conditions, similar relaxations should be provided to licensees under the extant licensing framework,” the company says. It adds that the regulator should ensure that if those under existing licenses have paid more for licenses, they must get refunds for said payments within a stimulated timeline. Application processing fees under the new authorisation framework must be limited to only cover actual administrative costs. This would ensure that there is regulatory certainty around the new authorisation frameworks. Further, any migration to the new authorisation framework should not cause any business disruptions for those under the current regulatory regime.
Also read:
0 Comments