The rapid digitization and industrial revolution 4.0 have given rise to cyber threats, thereby escalating the issue of Cyber Security in India. Recently, the Computer Emergency Response Team-India (CERT-In), under the Ministry of Electronics and Information Technology, announced that all government and private agencies must report any cyber security breach incidents within six hours of their detection. This move is seen as a vital step towards ensuring India’s cyber space security.
Understanding CERT-In
Established under Section 70B of the Information Technology Act, CERT-In serves as a critical organization tasked with collecting, analysing, and disseminating information on cyber security incidents. It primarily addresses cybersecurity threats such as hacking and phishing, while also providing Incident Prevention and Response Services and maintaining Security Quality Management Services.
Roles & Responsibilities of CERT-In
CERT-In plays a pivotal role in ensuring cyber security by mandating specific protocols for various entities. Its mandates include enabling logs for all service providers, intermediaries, data centres, corporates, and government organizations on their ICT (Information and Communication Technology) systems. The logs should be maintained securely for a minimum of 180 days within the Indian jurisdiction. It also requires synchronization of all ICT systems’ clocks with the National Informatics Centre’s Network Time Protocol (NTP) Server or the National Physical Laboratory (NPL). Additionally, CERT-In necessitates maintaining records on KYC and financial transactions for virtual asset providers, exchanges, and custodian wallet providers for a period of five years.
Purpose of CERT-In Initiative
The CERT-In initiative addresses several crucial aspects of cyber security concerns in India. It aims for efficient analysis of breach incidents and streamlining of data records. The initiative also upholds users’ right to know about their data security, compelling companies to inform users within 24 hours of a security breach incident.
Government Initiatives Towards Cyber Security
India’s government is focused on cyber security and has rolled out several initiatives to protect Indian cyberspace. These initiatives include the Cyber Surakshit Bharat Initiative, Cyber Swachhta Kendra, an Online cybercrime reporting portal, the Indian Cyber Crime Coordination Centre (I4C), the National Critical Information Infrastructure Protection Centre (NCIIPC), the Information Technology Act, 2000, and the National Cyber Security Strategy 2020.
The Road Ahead for Cyber Security in India
As one of the fastest digital adapters globally, India needs forward-looking measures to safeguard its cyber space. Corporates or respective government departments should identify the gaps in their organizations and address them creatively, creating a layered security system. There is also a need for an apex body for operational coordination amongst various agencies and ministries.
UPSC Civil Services Examination on Cyber Security
In the UPSC Civil Services Examination 2017, a question regarding cyber security incidents legality was posed. The correct answer was that it is legally mandatory for service providers, data centres, and corporates to report on cyber security incidents, as per Section 70B of the IT Act, 2000. This question highlights the critical role of CERT-In in ensuring cyber safety in India.
Last Modified: February 15, 2024