ASSISTANCE TO STATES TO TACKLE CYBER INCIDENTS
1. At a Glance
- CERT-In (Indian Computer Emergency Response Team) is the national nodal agency for responding to cyber security incidents under Section 70B of the IT Act, 2000 [S1][S2].
- Topic covers the central government's mechanism to handhold States/UTs — alerts, threat intelligence, capacity building and financial aid — in a domain where "Police" and "Public Order" are State subjects but cyberspace is borderless [S1].
- Cyber incidents have more than doubled in 5 years — from 14.02 lakh (2021) to 29.44 lakh (2025) — making this a high-yield GS-III internal security topic [S1].
2. Why in the News
- Lok Sabha reply by Ministry of Home Affairs (MHA) on 24 March 2026 disclosed five-year cyber incident data and listed CERT-In's assistance measures to States/UTs [S1].
- NCT of Delhi recorded the highest number of reported cyber incidents in the period [S1].
3. Background & Evolution
- IT Act, 2000 enacted; Section 70B inserted by the IT (Amendment) Act, 2008, formally designating CERT-In [S1][S2].
- CERT-In operational since 2004 under MeitY [S2].
- Cyber Swachhta Kendra (CSK) — Botnet Cleaning & Malware Analysis Centre — launched 2017 under the Digital India programme [S2].
- National Cyber Coordination Centre (NCCC) operationalised in phases by CERT-In for real-time threat scanning [S2].
- I4C (Indian Cyber Crime Coordination Centre) under MHA established 2018; National Cyber Crime Reporting Portal (cybercrime.gov.in) launched 2019 (parallel MHA track for citizen-level crimes) [S2].
4. Core Static Facts
- Nodal agency for cyber incidents: CERT-In [S1].
- Parent ministry: Ministry of Electronics & Information Technology (MeitY) — NOT MHA [S2].
- Statutory basis: Section 70B, IT Act 2000 [S1].
- Mandatory incident reporting: CERT-In Directions of 28 April 2022 require reporting of specified cyber incidents within 6 hours [S3].
- Year-wise cyber security incidents tracked by CERT-In [S1]:
- 2021 — 14,02,809
- 2022 — 13,91,457
- 2023 — 15,92,917
- 2024 — 20,41,360
- 2025 — 29,44,248
- Highest reporting region: NCT of Delhi [S1].
- Financial loss data: NOT maintained by CERT-In [S1].
Assistance instruments to States/UTs [S2]: - Alerts/advisories on threats and vulnerabilities. - NCCC — scans cyberspace, shares threat intel with States and sectoral agencies. - Automated cyber threat exchange platform for tailored alerts. - Cyber Swachhta Kendra (CSK) — detects malware/botnets and offers free clean-up tools. - Joint training programmes with industry to upskill Government (Central + State), public & private workforce. - Financial assistance to States/UTs for LEA capacity building under various schemes.
5. Multi-Dimensional Analysis
Administrative / Federal - "Police" & "Public Order" are State List (List II, Entries 1 & 2) subjects; cyber crime investigation rests with State police — Centre's role is supplementary via advisories, tools, training and grants [S1][S2]. - Coordination gap: CERT-In (MeitY) handles incidents; I4C (MHA) handles cyber crime — aspirants must distinguish the two silos [S2].
Legal / Constitutional - Statutory umbrella: IT Act 2000 + IT (CERT-In) Rules 2013; Section 70B(6) empowers CERT-In to call for information and give directions [S1]. - April 2022 Directions mandated 6-hour reporting, 180-day log retention, KYC by VPN/VPS providers [S3].
Scientific / Technological - NCCC acts as the operational cyber situational-awareness backbone [S2]. - CSK provides free bot-removal tools (e.g., USB Pratirodh, AppSamvid, M-Kavach) for end-users [S2].
Economic / Sectoral - Financial sector flagged as high-risk; CERT-In–Mastercard MoU (2024) targets financial-sector cyber resilience [S4]. - Loss-data vacuum (CERT-In doesn't maintain financial-loss figures) handicaps cost-benefit policy assessment [S1].
Strategic / Security - Surge from 14 lakh → 29 lakh incidents in five years signals expanding attack surface (UPI, IoT, critical infra) [S1]. - Sectoral CERTs (CERT-Fin under RBI, NCIIPC under NTRO for Critical Information Infrastructure u/s 70A) complement CERT-In [S2].
6. Recent Developments (last 12-18 months)
- 24 Mar 2026 — MHA tabled five-year incident data and States-assistance framework in Parliament [S1].
- Jan 2026 — PIB feature "CERT-In: India's Frontline Defender against Cyber Threats" published [S5].
- 2024 — CERT-In–Mastercard India MoU signed for financial-sector cyber collaboration [S4].
- Feb–Mar 2025 — PIB releases on government measures to strengthen cyber preparedness and protect critical infrastructure [S6][S7].
- Mar 2025 — CERT-In released "Cyber Security Handbook for Mahila Suraksha" on International Women's Day [S8].
7. Prelims Hooks
- CERT-In is the national agency for cyber incident response under Section 70B, IT Act 2000 [S1].
- CERT-In functions under MeitY, not MHA [S2].
- NCCC is implemented by CERT-In (not by NTRO or MHA) [S2].
- NCIIPC (Critical Information Infrastructure protection) operates under Section 70A, IT Act — distinct from CERT-In's 70B mandate [S2].
- Cyber incidents reported in 2025: 29,44,248; 2024: 20,41,360 [S1].
- Highest cyber incident reporting region: NCT of Delhi [S1].
- Cyber Swachhta Kendra = Botnet Cleaning and Malware Analysis Centre, launched 2017 [S2].
- CERT-In Directions of 28 April 2022 mandate cyber incident reporting within 6 hours [S3].
- I4C is under MHA, whereas CERT-In is under MeitY [S2].
- CERT-In does NOT maintain estimated financial loss data [S1].
- National Cyber Crime Reporting Portal = cybercrime.gov.in under MHA/I4C [S2].
- CERT-In–Mastercard MoU (2024) targets financial sector resilience [S4].
8. Mains Relevance
- GS-III — Internal Security: "Basics of cyber security; role of media and social networking sites… Money-laundering and its prevention."
- GS-II — Governance: Centre-State coordination on a Concurrent/State-subject overlap.
- Probable question stems: 1. "Cyber crime is local but cyber threat is national." Examine the institutional architecture for Centre-State coordination on cyber incidents in India. (15 marks) 2. Critically evaluate the role of CERT-In under Section 70B of the IT Act, 2000 in light of the steep rise in reported cyber incidents between 2021 and 2025. (10 marks) 3. Distinguish between CERT-In, NCIIPC and I4C, and discuss whether their mandates need consolidation. (15 marks)
9. Related Topics to Study Next
- NCIIPC & Section 70A IT Act — sister agency for critical info infrastructure.
- I4C & National Cyber Crime Reporting Portal — MHA's citizen-facing arm.
- IT Act 2000 + 2008 Amendment — statutory backbone.
- Digital Personal Data Protection Act, 2023 — adjacent data-security regime.
- Budapest Convention on Cybercrime — India's non-signatory status.
- National Cyber Security Policy 2013 — overarching policy framework.
- CERT-Fin & RBI cyber framework — sectoral CERT.
- GIs (Cybersecurity) — Quad cyber initiatives, India–US iCET.
10. Common Errors / Trap Areas
- CERT-In ≠ I4C. CERT-In (MeitY, incident response) vs I4C (MHA, cyber crime coordination).
- NCCC is run by CERT-In, not by NTRO; NTRO houses NCIIPC.
- Section 70A vs 70B — 70A = NCIIPC/CII; 70B = CERT-In.
- Assuming CERT-In tracks financial losses — it explicitly does not [S1].
- Confusing Cyber Swachhta Kendra (botnet cleanup) with Cyber Surakshit Bharat (CISO training under MeitY/NeGD).
- Treating cyber crime as a Union subject — investigation lies with States under List II.
11. Sources
- [S1] ASSISTANCE TO STATES TO TACKLE CYBER INCIDENTS — https://www.pib.gov.in/PressReleasePage.aspx?PRID=2244504 — (tier 1)
- [S2] MeitY — ICERT page — https://www.meity.gov.in/content/icert-0 — (tier 1)
- [S3] CERT-In issues directions on cyber incident reporting — https://www.pib.gov.in/PressReleasePage.aspx?PRID=1820904 — (tier 1)
- [S4] CERT-In & Mastercard India sign MoU — https://www.pib.gov.in/PressReleasePage.aspx?PRID=2026677 — (tier 1)
- [S5] CERT-In: India's Frontline Defender against Cyber Threats (PIB feature, Jan 2026) — https://static.pib.gov.in/WriteReadData/specificdocs/documents/2026/jan/doc2026123764501.pdf — (tier 1)
- [S6] Government Taking Measures to Strengthen National Preparedness Against Cybersecurity Threats — https://www.pib.gov.in/PressReleseDetailm.aspx?PRID=2115416 — (tier 1)
- [S7] Government of India Taking Measures to Protect Critical Infrastructure and Private Data — https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=2116341 — (tier 1)
- [S8] CERT-In releases Cyber Security Handbook for Mahila Suraksha — https://www.pib.gov.in/PressReleasePage.aspx?PRID=2109192 — (tier 1)