The Indian Computer Emergency Response Team (CERT-IN or ICERT) is an office within the
Ministry of Electronics and Information Technology
The Ministry of Electronics and Information Technology (MeitY) is an executive agency of the Union Government of the Republic of India. It was carved out of the Ministry of Communications and Information Technology on 19 July 2016 as a standalon ...
of the
Government of India
The Government of India (ISO: ; often abbreviated as GoI), known as the Union Government or Central Government but often simply as the Centre, is the national government of the Republic of India, a federal democracy located in South Asia, c ...
.
It is the nodal agency to deal with cyber security threats like
hacking and
phishing
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
. It strengthens security-related defence of the Indian Internet domain.
Background
CERT-IN was formed in 2004 by the Government of India under
Information Technology Act, 2000
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce.
Secon ...
Section (70B) under the Ministry of Communications and Information Technology. CERT-IN has overlapping on responsibilities with other agencies such as
National Critical Information Infrastructure Protection Centre (NCIIPC) which is under the National Technical Research Organisation (NTRO) that comes under Prime Minister's Office and National Disaster Management Authority (NDMA) which is under Ministry of Home Affairs..
Functions
In December 2013, CERT-In reported there was a rise in the cyber attacks on Government organisations like
banking
A bank is a financial institution that accepts deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital markets.
Because ...
and
finance
Finance is the study and discipline of money, currency and capital assets. It is related to, but not synonymous with economics, the study of production, distribution, and consumption of money, assets, goods and services (the discipline of fina ...
, oil and gas and emergency services. It issued a list of security guidelines to all critical departments. It liaisons with Office of National Cyber Security Coordinator, National Security Council and National Information Board in terms of the nation's cyber security and threats. As a nodal entity, India’s Computer Emergency Response Team (CERT-in) plays a crucial role under the Ministry of Electronics and Information Technology(MeitY).
Agreements
A memorandum of understanding (MoU) was signed in May, 2016 between Indian Computer Emergency Response Team (CERT-In) and Ministry of Cabinet Office, UK.
Earlier CERT-In signed MoUs with similar organisations in about seven countries - Korea, Canada, Australia, Malaysia, Singapore, Japan and Uzbekistan.
Ministry of External Affairs has also signed MoU with Cyber Security as one of the areas of cooperation with
Shanghai Cooperation Organisation
The Shanghai Cooperation Organisation (SCO) is a Eurasian politics, political, economy, economic and security organization. It is the world's largest regional organization in terms of geography, geographic scope and world population, population, c ...
. With the MoUs, participating countries can exchange technical information on Cyber attacks, response to cyber security incidents and find solutions to counter the cyber attacks. They can also exchange information on prevalent cyber security policies and best practices. The MoUs helps to strengthen cyber space of signing countries, capacity building and improving relationship between them.
Incidents and reports
In March 2014, CERT-In reported a critical flaw in
Android Jelly Bean
Android Jelly Bean, or Android 4.1 is the codename given to the tenth version of the Android mobile operating system developed by Google, spanning three major point releases (versions 4.1 through 4.3.1). Among the devices that run Android 4.1 t ...
's
VPN
A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
implementation.
In July 2020, CERT-In had warned the Google Chrome users to immediately upgrade to the new Chrome browser version 84.0.4147.89. Multiple vulnerabilities that could allow access to hackers were reported.
In April 2021, issued a "high severity" rating advisory on the vulnerability detected on WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.
According to the agency, India faced 11.5 million cyberattack incidents in 2021 including corporate attacks, and attacks on critical infrastructure and government agencies.
References
Government agencies of India
Government agencies established in 2004
2004 establishments in India
{{India-gov-stub
Cyber Security in India