UNIT 1: Science, Technology and Innovation Ecosystem in India

  • No posts available

CERT-In

The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency for incident response in India. Operating under the Ministry of Electronics and Information Technology (MeitY), it serves as the frontline defense against cyber-attacks, focusing on the security of India’s cyberspace.

Mandate and Responsibilities

Established in 2004 under the Information Technology (Amendment) Act, 2008, CERT-In is tasked with the collection, analysis, and dissemination of information on cyber incidents. Its primary functions include:

  • Incident Response: Providing technical assistance and guidance during cyber-attacks, including large-scale network compromises or critical infrastructure threats.
  • Vulnerability Analysis: Proactively identifying security weaknesses in software and systems and issuing advisories to prevent potential exploitation.
  • Cyber Security Alerts: Publishing alerts regarding emerging threats, malware outbreaks, and zero-day vulnerabilities to government, corporate, and private sectors.
  • Capacity Building: Conducting training programs and workshops for IT professionals and law enforcement agencies to improve the nation’s overall cyber-readiness.
  • Forensic Analysis: Providing technical forensic analysis of digital artifacts in the aftermath of cyber incidents to determine the “who, what, and how” of an attack.

Critical Roles in Digital Safety

CERT-In operates as a central nervous system for India’s digital security:

  • Information Sharing: It functions as a bridge between the government and the private sector, facilitating the sharing of threat intelligence to help stakeholders protect their own networks.
  • National Critical Information Infrastructure (NCII): It works closely with the NCIIPC (National Critical Information Infrastructure Protection Centre) to ensure that the systems governing energy, transportation, and finance are protected from sophisticated, state-sponsored cyber-attacks.
  • Legal Enforcement: Under recent directives, CERT-In has the authority to mandate that organizations report cyber incidents within six hours of discovery. This rapid reporting requirement is designed to limit the damage and facilitate faster collective responses.

Interaction with Global Ecosystems

Cyber threats are borderless, requiring international cooperation.

  • International Collaboration: CERT-In represents India in various international forums, including the APCERT (Asia Pacific Computer Emergency Response Team) and FIRST (Forum of Incident Response and Security Teams), enabling the exchange of threat intelligence with global counterparts.

Key Facts for UPSC Prelims

  • Legislative Backing: Section 70B of the Information Technology Act, 2000 (as amended in 2008), provides the legal basis for the establishment and powers of CERT-In.
  • Cyber Swachhta Kendra: A key initiative managed by CERT-In aimed at creating a secure cyberspace for Indian citizens by detecting botnet-infected devices and providing free cleaning tools.
  • Incident Classification: CERT-In classifies incidents based on severity, ranging from low-impact phishing attempts to critical “Cyber Security Emergencies” that threaten national stability.
  • Reporting Obligations: Organizations failing to report prescribed cyber incidents to CERT-In can face penalties as per the IT Act. This is a critical regulatory mechanism to ensure that the national security apparatus maintains visibility over the cyber threat landscape.

Current Focus Areas

  • AI and Deepfakes: CERT-In is increasingly focusing on the security implications of Generative AI, specifically developing mechanisms to detect and mitigate the impact of AI-driven phishing and deepfake-based financial fraud.
  • Cloud and Mobile Security: With the rapid adoption of cloud computing and mobile-first governance (like the UMANG platform), CERT-In provides specific guidelines for securing distributed, cloud-native architectures.
Last Modified: June 17, 2026

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives