CERT-In: The first responders of the Indian cyberspace

Think of CERT-In as the guardians of the Indian cyberspace. Their mission is to prevent and deal with cyber attacks across the Indian information technology infrastructure. This includes infrastructure belonging to Government, Public and Private entities. They are operational 24 hours, even during government and other holidays, combating cyber threats of different complexities.

The Indian Computer Emergency Response Team, aka CERT-In, was conceptualized as part of the Indian Information Technology Act 2000 (section 70B). It was formally established in 2004 under the Ministry of Communications and Information Technology with Dr. Gulshan Rai (former National Cybersecurity Co-coordinator) as one of the first Director General. This post is currently held by Dr. Sanjay Bahl.

What are the primary responsibilities of CERT-In?

Their primary responsibilities include (a detailed account of CERT-In’s roles and responsibilities can be found on their website):

• Collection, analysis and dissemination of information on cyber incidents
• Forecast and alerts of cyber security incidents
• Emergency measures for handling cyber security incidents
• Coordination of cyber incident response activities
• Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents
• Create awareness on cyber security issues through dissemination of information on its websites

What powers are conferred to CERT-In?

The notification G.S.R 20(E), dated 16 January 2014 confers certain powers upon CERT-In to fulfill it’s responsibilities. These are (note: the following list is written in simplified language. Reader is advised to read the notification document for verbatim text):

• Certain officers of CERT-In may seek information from service providers, intermediaries, data centers, body corporate and any other person for carrying out it’s functions.
• It may collect and analyze information relating to cyber security incidents form individuals, organizations, and computer resources.
• Under certain circumstances, it may disclose relevant information to stakeholders in national interests.
• Issue directions or advisories to service providers, intermediaries, data centers, body corporate and any other person with a view to enhance the cybersecurity if the information infrastructure in the country. The service providers, intermediaries, data centers, body corporate and any other person will need to comply with these directions and advisories. Any non-compliance must be reported to CERT-In.
• CERT-In may file a complaint before the court post review of the non-compliance report.
• CERT-In may monitor and collect traffic data in accordance with the provisions of section 69B of the Information Technology Act, 2000 and Rules.

CERT-In in action

• CERT-In handles an average of 1 million+ security incidents during a year. These include phishing, unauthorized scans, vulnerable services, malware etc.
• CERT-In has published 1150+ advisories till date covering various enterprise, IoT, web, mobile and desktop software.
• Cyber Swachhta Kendra tracked 44,36,41,608 botnet/malware infections in India and notified end users in collaboration with Internet Service Providers and organizations.
• CERT-In has empaneled 96 Information Security Auditing organizations, on the basis of stringent qualifying criteria, to carry out information security audit, including the vulnerability assessment and penetration test of the networked infrastructure of government and critical sector organizations.
• CERT-In has conducted 64 Cyber security exercises of different complexities, including table top exercises, with participation from about 800 organizations covering various sectors of Indian economy from Government/Public/Private.

How can one engage with CERT-In?

CERT-In provides various avenues to engage with them:

• Organizations can share cybersecurity incident and vulnerability information with the Indian CERT to alert them about a potential cyber attack.
• Organizations can also integrate CERT-In issued advisories and vulnerability notes in their threat intelligence feeds.
• Companies operating in cybersecurity space can apply to become CERT-In empaneled auditors.
• Individuals can go through various security guidelines available on their website to become more cyber aware and improve their cyber safety.
• Professionals can participate in CERT-In facilitated trainings and workshops.

Recent milestones

• In 2017, CERT-In established Cyber Swachhta Kendra for detection of compromised systems in India and to notify, enable cleaning and securing systems of end users to prevent further malware infections.
• In 2020, CERT-Fin (or CSIRT-Fin) was established to provide focused cyber threat intelligence and monitoring to financial sector.
• In 2021, CERT-In became the listed member in Task Force for Computer Security Incident Response Teams / Trusted Introducer (TF-CSIRT/TI).
• In 2021, CERT-In was authorized by the CVE Program, as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.

International Collaborations

Over the years, CERT-In has collaborated with agencies from various countries such as, Korea, Japan, Mauritius, USA, Australia, Singapore, Malaysia, UK, Vietnam, Uzbekistan, Bangladesh and Morocco. These collaborations included, participating in joint drill exercises, signing MoUs with other nation-specific CERTs, conducting trainings and workshops for delegates from other countries and membership in global agencies such as APCERT, FIRST, TF-CSIRT/T.

Conclusion

The Indian Computer Emergency Response Team was one of the first national agencies to be setup to address risks and threats to the Indian cyberspace. Over the last twenty years, the role of CERT-In as the guardians of the Indian cyberspace has evolved significantly, specially with the onset of massive cyber attacks such as Wanna Cry or Not Petya and life threatening games such as the Blue Whale game. The team, comprised of 70+ members, handles 1 million+ security incidents that if left unaddressed could impact 1.4 billion citizens of India.