CERT-In

The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency established by the Government of India to respond to and manage computer security incidents. Operating under the Ministry of Electronics and Information Technology (MeitY), CERT-In plays a vital role in strengthening India’s cybersecurity posture by providing proactive and reactive support for cyber incident prevention, detection, response, and reporting. It acts as the country’s first line of defence against cyber threats and a central coordination point for cybersecurity efforts across government, private, and public sectors.

Establishment and Background

The CERT-In was formally established in 2004 under the provisions of the Information Technology Act, 2000 (as amended in 2008). The increasing dependence on digital infrastructure, along with the rising frequency of cyberattacks, prompted the Indian government to create an institutional framework for cybersecurity management.
The legal foundation for CERT-In’s operations is provided by Section 70B of the IT Act, which designates the agency as the national entity responsible for handling cybersecurity incidents. This section empowers CERT-In to collect, analyse, and disseminate information regarding cybersecurity incidents and to issue guidelines, advisories, and directions to ensure the protection of information infrastructure.

Mandate and Objectives

The primary mandate of CERT-In is to enhance the security of India’s information and communication technology (ICT) systems and promote secure digital practices. Its main objectives include:

• Incident Response: Coordinating actions during cybersecurity incidents such as malware attacks, phishing, website defacements, data breaches, and denial-of-service (DoS) attacks.
• Threat Analysis: Collecting and analysing data on cyber threats and vulnerabilities to anticipate and prevent large-scale attacks.
• Awareness and Training: Conducting workshops, training programmes, and awareness campaigns to build cybersecurity capacity among government and private stakeholders.
• Advisory and Alerts: Issuing regular advisories, vulnerability notes, and security guidelines for organisations and users to mitigate risks.
• Coordination: Acting as the national point of contact for international cooperation on cybersecurity, collaborating with Computer Emergency Response Teams (CERTs) and security agencies across the world.
• Policy Support: Assisting the government in formulating policies, frameworks, and best practices for cyber defence and resilience.

Through these objectives, CERT-In ensures a coordinated national approach to cybersecurity that integrates technology, policy, and capacity-building.

Organisational Structure

CERT-In functions under the Ministry of Electronics and Information Technology (MeitY). It is headed by a Director-General, supported by technical divisions and specialised teams responsible for incident handling, digital forensics, malware analysis, and threat intelligence.
Its structure includes:

• Incident Response Division: Handles real-time alerts, coordination, and recovery measures.
• Cyber Forensics Division: Conducts investigations and analysis of compromised systems.
• Vulnerability Assessment Division: Monitors software and network vulnerabilities and issues remediation guidance.
• Threat Analysis and Research Division: Focuses on early detection of emerging cyber threats and trends.

CERT-In works closely with other national organisations such as the National Critical Information Infrastructure Protection Centre (NCIIPC), National Informatics Centre (NIC), Indian Cyber Crime Coordination Centre (I4C), and Defence Cyber Agency.

Key Functions

The core functions of CERT-In include:

1. Incident Handling and Coordination:
   • Receiving and analysing reports of cybersecurity incidents.
   • Coordinating with affected organisations and guiding mitigation efforts.
   • Maintaining a national repository of cybersecurity incidents.
2. Early Warning and Alerts:
   • Issuing timely advisories and threat bulletins to organisations and users.
   • Alerting critical sectors such as banking, energy, telecom, and defence to emerging threats.
3. Digital Forensics and Malware Analysis:
   • Providing technical assistance to identify causes of security breaches.
   • Conducting forensic investigations and analysing malicious software samples.
4. Security Best Practices:
   • Publishing guidelines on securing information systems and networks.
   • Promoting security audits, penetration testing, and vulnerability assessment.
5. Cybersecurity Research and Collaboration:
   • Engaging in research and development to enhance threat detection tools.
   • Partnering with academic institutions and industry bodies to build national cybersecurity capabilities.
6. International Cooperation:
   • Representing India in global cybersecurity initiatives and forums.
   • Collaborating with foreign CERTs for cross-border incident handling.

Major Initiatives and Achievements

CERT-In has played a key role in shaping India’s cybersecurity landscape through several initiatives and achievements:

• Cyber Crisis Management Plan (CCMP): Developed to enable organisations to respond effectively to cyber crises.
• National Cyber Security Awareness Campaigns: Conducted across sectors to promote best practices and digital hygiene.
• Information Sharing and Analysis Centre (ISAC): Established sector-specific partnerships for real-time threat intelligence sharing.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): Launched in 2017 to detect and remove malicious software from infected systems.
• Operational Collaboration: Works with global cybersecurity agencies and technology companies to counter major threats such as ransomware outbreaks, zero-day vulnerabilities, and phishing campaigns.
• National Cyber Coordination Centre (NCCC): Collaborates in real-time monitoring of internet traffic and threat detection to ensure national cybersecurity.

CERT-In has also coordinated response efforts for several large-scale cyber incidents, such as the WannaCry ransomware attack (2017), the Pegasus spyware issue, and major data breaches affecting Indian organisations.

Recent Developments

In recent years, CERT-In has introduced several regulatory measures to improve cybersecurity compliance:

• Cyber Incident Reporting Directive (2022): Mandates organisations, service providers, and intermediaries to report cybersecurity incidents within six hours of detection.
• Data Retention Guidelines: Requires companies to maintain ICT system logs and user data for a minimum of 180 days for investigative purposes.
• Cloud and VPN Regulations: Instructs cloud service providers and VPN companies to collect and store customer data for verification and security monitoring.

These directives aim to enhance transparency, accountability, and timely response to cyber threats across critical digital infrastructure.

Challenges

Despite its achievements, CERT-In faces several challenges in executing its mandate:

• Rapid Evolution of Threats: Cyberattacks are becoming more sophisticated, with growing use of artificial intelligence and advanced persistent threats (APTs).
• Resource and Skill Gaps: The need for trained cybersecurity professionals and updated technological resources remains a pressing concern.
• Coordination Across Sectors: Ensuring uniform compliance among diverse government and private entities poses administrative challenges.
• Privacy Concerns: Balancing data protection and security requirements continues to be a sensitive issue in regulatory enforcement.

International Role and Collaboration

CERT-In actively collaborates with international organisations such as FIRST (Forum of Incident Response and Security Teams), Asia Pacific CERT (APCERT), and various national CERTs to share threat intelligence and coordinate incident responses. It also participates in bilateral cybersecurity dialogues with countries including the United States, Japan, South Korea, and members of the European Union.
Through these engagements, CERT-In contributes to global cybersecurity governance and ensures India’s readiness to address cross-border cyber challenges.