CERT-In: India’s Frontline Defender against Cyber Threats
1. At a Glance
- CERT-In (Indian Computer Emergency Response Team) is the national nodal agency for cybersecurity incident response, operating under the Ministry of Electronics and Information Technology (MeitY) [S1][S2].
- Statutorily empowered under Section 70B of the IT Act, 2000 (inserted via the IT Amendment Act, 2008) to collect, analyse and disseminate information on cyber incidents and issue binding directions [S2][S3].
- Examinable as a flagship of India's digital sovereignty architecture — relevant to GS-II (governance/statutory bodies) and GS-III (internal security/cyber security).
2. Why in the News
- PIB Backgrounder (23 Jan 2026) highlighted CERT-In's 2025 performance: 29.44 lakh cyber incidents handled, 1,530 alerts, 390 vulnerability notes, 65 advisories [S1].
- International acknowledgement from the World Economic Forum, University of Oxford and France's ANSSI flagged India's leadership in cyber-incident response [S1].
3. Background & Evolution
- Operational since January 2004 as the national agency for cyber incident response under MeitY [S2].
- Given statutory status in 2008–09 via Section 70B (IT Amendment Act, 2008) [S3].
- 2013 — Designated nodal under the National Cyber Security Policy [S2].
- April 2022 — Issued landmark Cyber Security Directions mandating reporting of cyber incidents within 6 hours, log retention for 180 days, and KYC norms for VPN/data-centre/cloud providers [S4].
- 2017 — Launched Cyber Swachhta Kendra (CSK) botnet cleaning & malware analysis centre [S1].
4. Core Static Facts
- Parent Ministry: MeitY (Government of India) [S2].
- Statutory Base: Section 70B, IT Act, 2000 (as amended in 2008) [S3].
- Mandate: Collection/analysis of cyber incidents, forecasting/alerts, emergency response, coordination, issuing guidelines/advisories/vulnerability notes [S2].
- Operates 24×7 Incident Response Help Desk [S2].
- Empanelled Auditors: 231 cybersecurity audit organisations for IT-infrastructure audits [S1].
- Cyber Swachhta Kendra: covers 98% of India's digital population; 1,427 organisations onboarded; 89.55 lakh malware-removal tool downloads [S1].
- 2025 Output: 29.44 lakh incidents; 1,530 alerts; 390 vulnerability notes; 65 advisories [S1].
- Key initiatives: CyTrain (capacity building), Cyber Surakshit Bharat, NCCC (National Cyber Coordination Centre), Bharat NCX (National Cyber Exercise) [S1].
5. Multi-Dimensional Analysis
- Legal / Constitutional
- Derives authority from Section 70B; non-compliance with CERT-In directions invites imprisonment up to 1 year and/or fine up to ₹1 lakh under Section 70B(7) [S3].
- 2022 Directions imposed extraterritorial reporting duties on VPN, VPS, cloud and crypto exchange operators [S4].
- Scientific / Technological
- Runs Cyber Swachhta Kendra with free bot-removal tools (in tie-up with antivirus vendors) [S1].
- Conducts mock drills across critical sectors — power, banking, telecom — to test resilience [S1].
- Geopolitical / Strategic
- MoUs with multiple national CERTs for cross-border incident coordination [S1].
- Global recognition by WEF, Oxford, ANSSI (France) in 2025 signals reputational soft-power [S1].
- Administrative / Governance
- Acts as single point of contact between Indian and foreign CERTs; coordinates with sectoral CERTs (CERT-Fin under RBI, NCIIPC under NTRO) [S2].
- 24×7 desk plus empanelled auditors create a public-private hybrid model [S1][S2].
6. Recent Developments (last 12-18 months)
- 23 Jan 2026 — PIB Backgrounder released consolidated 2025 metrics [S1].
- 2025 — 29.44 lakh incidents handled (up sharply from prior years), 1,427 organisations onboarded on CSK [S1].
- International Women's Day 2025 — CERT-In released the "Cyber Security Handbook for Mahila Suraksha" [S5].
- Continued enforcement of April 2022 Directions for incident reporting (6-hour rule) [S4].
7. Prelims Hooks
- CERT-In operates under MeitY, not MHA or NTRO [S2].
- Statutory authority: Section 70B, IT Act 2000 (inserted by 2008 Amendment) [S3].
- Operational since 2004; given statutory cover in 2008–09 [S2][S3].
- Incident reporting mandated within 6 hours under 2022 Directions [S4].
- Logs to be retained for 180 days under 2022 Directions [S4].
- Cyber Swachhta Kendra launched in 2017 as botnet cleaning centre [S1].
- CSK covers 98% of digital population; 89.55 lakh malware-tool downloads [S1].
- 231 audit organisations empanelled by CERT-In [S1].
- 2025 stats: 29.44 lakh incidents, 1,530 alerts, 390 vuln. notes, 65 advisories [S1].
- Penalty for non-compliance with CERT-In directions: up to 1 year jail / ₹1 lakh fine [S3].
- Recognised in 2025 by WEF, University of Oxford, ANSSI (France) [S1].
- Bharat NCX = National Cyber Exercise; CyTrain = capacity building programme [S1].
- CERT-In is the single point of contact between Indian and foreign CERTs [S2].
- CERT-Fin (financial sector CERT) functions under RBI but coordinates with CERT-In [S2].
8. Mains Relevance
- GS-III: Internal Security — Basics of cyber security; role of agencies; challenges of critical info infrastructure.
- GS-II: Governance — Statutory bodies; regulation of digital intermediaries.
- Possible question stems: 1. "Examine the statutory role of CERT-In in safeguarding India's critical information infrastructure. How effective have its 2022 Directions been?" 2. "Discuss the institutional architecture of India's cybersecurity ecosystem, highlighting the coordination between CERT-In, NCIIPC and sectoral CERTs." 3. "In light of rising cyber incidents, evaluate the adequacy of India's incident-response framework under the IT Act, 2000."
9. Related Topics to Study Next
- NCIIPC — Nodal for Critical Information Infrastructure under NTRO; complements CERT-In.
- National Cyber Security Policy, 2013 — overarching policy frame.
- IT Act, 2000 & 2008 Amendment — parent legislation.
- Digital Personal Data Protection Act, 2023 — data security overlay.
- I4C (Indian Cyber Crime Coordination Centre) under MHA — citizen-facing cybercrime portal.
- NCCC (National Cyber Coordination Centre) — threat intelligence aggregator.
- Budapest Convention on Cybercrime — India's non-signatory stance.
- Cyber Surakshit Bharat / CyTrain / Bharat NCX — awareness & exercise programmes.
10. Common Errors / Trap Areas
- CERT-In is under MeitY, not MHA (which houses I4C) or NTRO (which houses NCIIPC).
- Section 70B of IT Act — not Section 70 (which deals with protected systems) or 70A (NCIIPC).
- Cyber Swachhta Kendra ≠ Cyber Surakshit Bharat: former is botnet cleanup (2017); latter is capacity-building for CISOs.
- CERT-In's 2022 Directions: 6-hour reporting, not 24/72-hour (the latter is the EU GDPR norm).
- CERT-In was operational since 2004 but became statutory only in 2008–09 — both years are testable.
11. Sources
- [S1] CERT-In: India's Frontline Defender against Cyber Threats — https://static.pib.gov.in/WriteReadData/specificdocs/documents/2026/jan/doc2026123764501.pdf — (tier: 1)
- [S2] MeitY – ICERT page — https://www.meity.gov.in/content/icert-0 — (tier: 1)
- [S3] Information Technology Act, 2000 (Section 70B) — https://www.meity.gov.in/static/uploads/2024/03/IT-Act-Rules_2000_0.pdf — (tier: 1)
- [S4] CERT-In Directions on Cyber Incident Reporting (PIB, 2022) — https://www.pib.gov.in/PressReleasePage.aspx?PRID=1820904 — (tier: 1)
- [S5] CERT-In Cyber Security Handbook for Mahila Suraksha (PIB) — https://www.pib.gov.in/PressReleasePage.aspx?PRID=2109192 — (tier: 1)