Introduction
As cyber threats grow in scale, complexity, and frequency, India’s need for a centralized cybersecurity response body has become critical. To address this, the Indian Computer Emergency Response Team (CERT-In) was established under the Information Technology Act, 2000, to serve as the national nodal agency for responding to cybersecurity incidents. It operates under the Ministry of Electronics and Information Technology (MeitY) and plays a pivotal role in managing, investigating, and coordinating responses to cyber incidents across the country.
CERT-In is not just a technical response team—it also coordinates with law enforcement agencies, private companies, and international organizations. It issues threat advisories, mandates compliance protocols, and supports legal enforcement through digital forensics and incident reporting frameworks.
1. Legal Mandate and Authority of CERT-In
CERT-In was officially notified under Section 70B of the Information Technology Act, 2000, which defines its roles, powers, and responsibilities. Its mandate includes:
-
Monitoring and responding to cybersecurity threats
-
Issuing guidelines and advisories on best security practices
-
Coordinating cyber incident responses among stakeholders
-
Collecting, analyzing, and disseminating cyber threat intelligence
-
Enforcing mandatory reporting obligations for cyber incidents
-
Supporting digital forensic investigations and technical analysis
Under the CERT-In Rules 2022, all entities—including private firms, government departments, intermediaries, and data centers—are required to report cybersecurity incidents within 6 hours of detection.
2. Key Functions of CERT-In
a) Threat Detection and Incident Handling
CERT-In receives reports of cyberattacks from organizations, individuals, or other government agencies. It identifies:
-
Malware attacks
-
Ransomware incidents
-
Phishing campaigns
-
DDoS (Distributed Denial of Service) attacks
-
Unauthorized access to systems
-
Website defacement
-
Critical infrastructure breaches
It then assists the affected entity with incident containment, damage assessment, and recovery actions.
b) Issuing Security Alerts and Advisories
CERT-In regularly publishes:
-
Vulnerability notices (for software like Windows, Android, Apache, etc.)
-
Recommendations for patching and securing systems
-
Early warnings about ongoing cyber campaigns targeting sectors like banking, healthcare, or defense
-
Mitigation strategies and guidelines for both individuals and enterprises
Example: CERT-In issued alerts on ransomware variants like LockBit and Clop, and advised organizations to implement backup, access controls, and endpoint protection.
c) Mandatory Reporting of Cyber Incidents
Under the 2022 directive, the following incidents must be reported within 6 hours:
-
Unauthorized access
-
Identity theft and phishing
-
Data breaches or data leaks
-
Attacks on cloud infrastructure
-
Malware attacks or ransomware
-
Targeted scanning or probing
-
Attacks on critical information infrastructure (CII)
-
Compromise of financial systems and payment gateways
Entities must report incidents to incident@cert-in.org.in or through the CERT-In portal.
d) Coordination with Law Enforcement and Legal Bodies
While CERT-In does not have direct police powers, it plays a supportive role in legal proceedings. It:
-
Provides forensic analysis of malware, logs, and infected systems
-
Supplies technical inputs to the police and cybercrime cells
-
Assists in tracking the source of cyberattacks
-
Coordinates with the National Critical Information Infrastructure Protection Centre (NCIIPC) when critical sectors are involved
-
Collaborates with CERTs of other countries for cross-border investigation
-
Participates in judicial processes by submitting expert reports or testimony
e) Cybersecurity Compliance Enforcement
CERT-In has made it mandatory for certain entities to maintain:
-
System logs for 180 days
-
Accurate time synchronization using NTP servers
-
Strict access control and authentication policies
-
Reporting of breaches, even if small or internal
Non-compliance can attract penalties under the IT Act, and in severe cases, lead to prosecution.
f) Public Awareness and Training Programs
CERT-In organizes seminars, simulations, workshops, and training programs for:
-
Government officials
-
Law enforcement officers
-
IT managers in the private sector
-
Students and the general public
Its goal is to build a cyber-aware culture and promote best practices like strong passwords, regular backups, phishing prevention, and secure browsing.
3. Role in Protecting Critical Infrastructure
CERT-In works closely with the NCIIPC, which oversees the protection of critical information infrastructure (CII) in sectors like:
-
Banking and finance
-
Energy and electricity
-
Transport and aviation
-
Telecommunications
-
Healthcare
-
Defense
CERT-In plays a technical and strategic role in analyzing attacks or vulnerabilities against CII and issuing sector-specific guidance.
Example: During suspected attacks on India’s power grid or railways, CERT-In collaborates with the sector-specific teams to isolate and remove malware and restore secure functionality.
4. Collaboration With International Cybersecurity Agencies
Cyber threats often originate from or pass through foreign servers. CERT-In maintains international partnerships with:
-
Other national CERTs (like US-CERT, Japan-CERT, etc.)
-
Global platforms such as FIRST (Forum of Incident Response and Security Teams)
-
Interpol and Europol on coordinated cyber investigations
-
UN agencies working on cybercrime and cyber law
These partnerships enable:
-
Exchange of real-time threat intelligence
-
Coordinated takedown of phishing networks and botnets
-
Global response to ransomware campaigns or advanced persistent threats (APT)
5. Contribution to Cyber Law and Policy Making
CERT-In plays an advisory role in shaping India’s cyber laws and security policies. Its recommendations influence:
-
Drafting of cybersecurity frameworks and digital safety standards
-
Provisions in the Digital Personal Data Protection Act, 2023
-
National Cybersecurity Policy
-
Strategies for cybercrime reporting and online safety
It also collaborates with the Ministry of Home Affairs, National Cybercrime Reporting Portal, and law enforcement agencies to streamline legal action against cyber offenders.
6. Incident Response Ecosystem Development
CERT-In is building a national-level cyber incident response ecosystem that includes:
-
Sector-specific security teams (e.g., Fin-CERT for banking, Rail-CERT for railways)
-
State-level CERTs for local coordination
-
Incident response protocols for handling large-scale breaches
-
Audit mechanisms for assessing readiness of public and private entities
7. Challenges Faced by CERT-In
Despite its crucial role, CERT-In faces limitations:
-
Resource constraints amid rapidly evolving threats
-
Dependence on voluntary reporting from private firms, many of whom fear reputational loss
-
Lack of direct enforcement powers, relying on other regulators or police
-
Jurisdictional hurdles when attacks involve foreign actors or servers
-
Slow adoption of security practices in small and medium businesses (SMEs)
Conclusion
CERT-In is at the heart of India’s cyber defense infrastructure. It acts as a watchdog, responder, policy advisor, and coordination body during cybersecurity incidents. Its expanding mandate—covering everything from technical analysis to legal cooperation—makes it essential in protecting India’s digital assets and ensuring secure online operations across sectors.
To enhance its effectiveness, CERT-In must be further empowered with:
-
Greater funding and advanced forensic capabilities
-
Legal powers for data requests and enforcement
-
Real-time partnerships with ISPs, social media platforms, and telecom firms
-
Public-private collaboration and capacity-building initiatives
With a robust CERT-In at the helm, India is better positioned to handle the growing scale and sophistication of cyber threats in a legally compliant and coordinated manner.
