Indian Computer Emergency Response Team

The Indian Computer Emergency Response Team (CERT-In or ICERT) is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

Background
CERT-In was formed in 2004 by the Government of India under Information Technology Act, 2000 Section (70B) under the Ministry of Communications and Information Technology. CERT-In is a functional organisation of Ministry of Electronics and Information, Govt. of India, with an objective of securing Indian cyber space.

CERT-In is an acronym for 'Indian Computer Emergency Response Team'.

CERT-In is the National Incident Response Centre for major computer security incidents in its constituency i.e. Indian cyber community.

CERT-In's primary role is to raise security awareness among Indian cyber community and to provide technical assistance and advise them to help them recover from computer security incidents.

CERT-In provides technical advice to System Administrators and users to respond to computer security incidents. It also identifies trends in intruder activity, works with other similar institutions & organisations to resolve major security issues, and disseminates information to the Indian cyber community.

CERT-In also enlightens its constituents about the security awareness and best practices for various systems; networks by publishing advisories, guidelines and other technical document

CERT-In's vision is to proactively contribution in securing India's cyber space and building safe and trusted cyber ecosystem for the citizen. Its mission is to enhance the security of India's Communications and Information Infrastructure through proactive action and effective collaboration.

Functions
In December 2013, CERT-In reported there was a rise in cyber attacks on Government organisations like banking and finance, oil and gas and emergency services. It issued a list of security guidelines to all critical departments. It liaisons with the Office of National Cyber Security Coordinator, National Security Council and National Information Board in terms of the nation's cyber security and threats. As a nodal entity, India’s Computer Emergency Response Team (CERT-In) plays a crucial role under the Ministry of Electronics and Information Technology(MeitY).

Indian Computer Emergency Response Team (CERT-In) launched  "Cyber Swachhta Kendra" / "साइबर स्वच्छता केन्द्र" (Botnet Cleaning and Malware Analysis Centre) on 21 February 2017 as part of the Government of India’s Digital India initiative under MeitY.  Cyber Swachhta Kendra (CSK) is a citizen centric service provided by CERT-In, which extends the vision of Swachh Bharat to the Cyber Space. CSK aims to secure India’s digital IT Infrastructure by creating a dedicated mechanism for providing timely information about Botnet/Malware threats to the victim organization/user and suggesting remedial actions to be taken by the concerned entity. The Centre has been established for detection of compromised systems in India and to notify, enable cleaning and securing systems of end users to prevent further malware infections. The centre is working in close coordination and collaboration with Internet Service Providers, Academia and Industry. The centre is providing detection of malicious programs and free tools to remove the same for common users.

September 2022, CERT-In hosted exercise 'Synergy' in collaboration with Cyber Security Agency, Singapore. It had a participation of 13 countries and was conducted as a part of the International Counter Ransomware Initiative-Resilience Working Group.

Agreements
A memorandum of understanding (MoU) was signed in May 2016 between the Indian Computer Emergency Response Team (CERT-In) and the Ministry of Cabinet Office, UK.

Earlier CERT-In signed MoUs with similar organisations in about seven countries - Korea, Canada, Australia, Malaysia, Singapore, Japan and Uzbekistan.

The Ministry of External Affairs has also signed MoU with Cyber Security as one of the areas of cooperation with Shanghai Cooperation Organisation. With the MoUs, participating countries can exchange technical information on Cyber attacks, respond to cybersecurity incidents and find solutions to counter the cyber attacks. They can also exchange information on prevalent cyber security policies and best practices. The MoUs helps to strengthen the cyber space of signing countries, capacity building and improving the relationship between them.

A memorandum of understanding was signed by CERT-In and Mastercard to foster collaboration and information exchange in the field of financial sector cyber security. Both parties will take advantage of their combined knowledge in the areas of advanced malware analysis, cybersecurity incident response, capacity building, and exchanging cyber threat intelligence relevant to the banking sector.

In March 2014, CERT-In reported a critical flaw in Android Jelly Bean's VPN implementation.

In July 2020, CERT-In warned Google Chrome users to immediately upgrade to the new Chrome browser version 84.0.4147.89. Multiple vulnerabilities that could allow access to hackers were reported.

In April 2021, issued a "high severity" rating advisory on the vulnerability detected on WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.

According to the agency, India faced 11.5 million cyberattack incidents in 2021 including corporate attacks, and attacks on critical infrastructure and government agencies.

December 4 2022, CERT-In was called in to investigate the cyber attack on All India Institute of Medical Sciences (AIIMS), Delhi.

On July 19th, 2024, a computer outage relating to CrowdStrike tools in Microsoft systems was reported. CERT-In categorized the incident as "critical" and the IT minister, Ashwini Vaishnav said that the government is in touch with Microsoft and the issue will be resolved.

Guidelines
The CERT-IN issues guidelines on cybersecurity and critical vulnerabilities, from time to time. In April 2022, the CERT-IN issued a set of directions requiring certain cyber security measures to be undertaken by companies, including the following:


 * Reporting of cyber incidents within six hours to CERT-IN (which was limited to high-severity incidents through the FAQs;
 * Maintenance of ICT logs within the territory of India. Pursuant to the FAQs, they may be stored outside India, provided the requirement to store such logs outside India is met if logs can be produced as and when solicited by CERT-IN;
 * Synchronization of system time clocks with Network Time Protocol servers of National Physical Laboratory or National Informatics Centre; and
 * Additional obligations for VPN and VPS service providers.

Subsequently, the CERT-IN issued certain FAQs which clarified and relaxed some of the aforesaid requirements.