Indian Computer Emergency Response Team (Cert-In)

The Indian Computer Emergency Response Team (CERT-In) is the national agency responsible for responding to computer security incidents and coordinating cyber security efforts across India. Functioning under the Ministry of Electronics and Information Technology (MeitY), it plays a crucial role in safeguarding India’s information infrastructure, issuing advisories, analysing threats, and coordinating responses to cyber incidents. Established in 2004, CERT-In serves as the country’s nodal agency for cyber incident response, promoting cyber resilience across government, industry, and the general public.

Background and Establishment

The exponential growth of the internet and digital technologies in India during the late 1990s and early 2000s brought with it a surge in cyber threats such as hacking, malware, phishing, and data breaches. Recognising the need for a coordinated response mechanism, the Government of India established CERT-In in 2004 under the Information Technology Act, 2000, as amended by the IT (Amendment) Act, 2008.
The legal mandate for CERT-In is derived from Section 70B of the Information Technology Act, which defines its functions, powers, and responsibilities. The section authorises the agency to collect, analyse, and disseminate information about cyber incidents, issue security guidelines, and coordinate recovery and response measures.
The organisation operates from New Delhi and collaborates with a network of sectoral and regional CERTs, including CERT-Fin (for the financial sector), CERT-Defence, and CERT-Incog (for government organisations), ensuring a nationwide cyber defence framework.

Organisational Structure and Functions

CERT-In’s structure comprises technical, analytical, and administrative divisions staffed by cybersecurity experts, network engineers, and digital forensics professionals. It maintains round-the-clock monitoring through its Cyber Security Operations Centre (CSOC), which analyses and responds to real-time security incidents.
Its major functions include:

• Incident Response: Detection, analysis, and mitigation of cyber incidents such as website defacement, ransomware attacks, and data breaches.
• Vulnerability Assessment: Identifying and reporting security flaws in software, hardware, and network systems to prevent exploitation.
• Advisories and Alerts: Issuing timely notifications about emerging threats, patches, and security best practices to government, private sector, and citizens.
• Digital Forensics and Analysis: Assisting law enforcement and government agencies in investigating cybercrimes and analysing malicious code or compromised systems.
• Coordination and Collaboration: Liaising with international Computer Emergency Response Teams (CERTs), Internet Service Providers (ISPs), and security vendors to address cross-border cyber threats.
• Capacity Building and Awareness: Conducting training, workshops, and awareness campaigns to enhance cyber literacy and preparedness across sectors.

Role Under the Information Technology Act

Section 70B(4) of the IT Act empowers CERT-In to:

• Issue directions to service providers, intermediaries, data centres, and corporate bodies in the interest of cybersecurity.
• Call for information and give instructions to mitigate vulnerabilities.
• Impose penalties for non-compliance with its directives, as per the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.

Under these rules, organisations are mandated to report certain categories of incidents to CERT-In within a specified timeframe, including targeted scanning, website intrusion, unauthorised access, denial-of-service attacks, and identity theft, among others.

Cyber Threat Landscape and Response Mechanism

India faces a complex and evolving cyber threat landscape characterised by:

• Malware and ransomware attacks targeting critical information infrastructure and businesses.
• Phishing and social engineering campaigns directed at citizens and banking institutions.
• Advanced Persistent Threats (APTs) often attributed to state-sponsored actors.
• Data breaches affecting government databases and private corporations.

CERT-In employs a multi-layered approach to address these threats through continuous monitoring, early warning systems, and coordinated response protocols. It issues Security Bulletins and Vulnerability Notes, provides mitigation recommendations, and supports recovery efforts.
For high-severity incidents, CERT-In coordinates with agencies such as the National Critical Information Infrastructure Protection Centre (NCIIPC), the National Informatics Centre (NIC), and law enforcement authorities.

Major Initiatives and Achievements

Over the years, CERT-In has launched several initiatives to strengthen India’s cyber resilience:

• National Cyber Coordination Centre (NCCC): Established to monitor and analyse internet traffic data in real-time for threat detection and situational awareness.
• Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra): Launched in 2017 to provide free tools for detecting and removing malware and botnets from user systems.
• Cyber Crisis Management Plan (CCMP): Framework for coordinated response and recovery in case of large-scale cyber incidents.
• Collaboration with International CERTs: Partnerships with agencies such as the US-CERT, CERT-EU, Japan-CERT, and APCERT to enhance information sharing and cross-border threat mitigation.
• Public Awareness Campaigns: Promotion of cyber hygiene and safe digital practices through workshops, social media campaigns, and outreach programmes.

CERT-In also supports capacity building through the Information Security Education and Awareness (ISEA) programme, aimed at training professionals and students in cyber security disciplines.

2022 Cybersecurity Directions

In April 2022, CERT-In issued a set of Cyber Security Directions under the IT Act mandating stricter compliance norms for online service providers and organisations. Key provisions include:

• Mandatory reporting of specified cyber incidents within six hours of detection.
• Requirement for VPN providers, cloud service providers, and data centres to maintain user information for at least five years.
• Synchronisation of all system clocks to Network Time Protocol (NTP) servers designated by CERT-In.
• Maintenance of logs of ICT systems for a minimum period of 180 days.

While aimed at improving traceability and national security, these directives sparked debate regarding user privacy and data protection, leading to discussions on balancing security with individual rights.

International Cooperation

CERT-In actively collaborates with global cybersecurity organisations to strengthen international cyber defence frameworks. It is a member of the Asia Pacific Computer Emergency Response Team (APCERT) and the Forum of Incident Response and Security Teams (FIRST).
Through these partnerships, India participates in joint cyber exercises, threat intelligence sharing, and coordinated responses to transnational cyber incidents. Such collaboration also enhances preparedness against global threats such as ransomware campaigns and large-scale phishing attacks.

Importance and Future Prospects

The growing digitalisation of India’s economy through initiatives such as Digital India, Smart Cities Mission, and e-Governance programmes has made cybersecurity an indispensable component of national infrastructure. CERT-In’s role is thus central to ensuring digital trust and security.
Key areas of future development include:

• Integration with Artificial Intelligence (AI) and Big Data analytics for predictive threat detection.
• Enhanced sectoral coordination among financial institutions, power grids, and telecom networks.
• Promotion of indigenous cybersecurity solutions to reduce reliance on foreign technologies.
• Expansion of the National Cyber Coordination Centre to improve real-time monitoring capabilities.

CERT-In is also expected to play a pivotal role in implementing the provisions of the Digital Personal Data Protection Act, 2023, by providing technical expertise in breach reporting and mitigation.