What is Computer Emergency Response Team- India (CERT-In)?
The Indian Computer Emergency Response Team (CERT-In) is an agency formed in 2004, under Section 70B of the Information Technology Act, 2000. It functions under the vigilance of the Ministry of Electronics and Information Technology (MeitY), Government of India. It handles issues relating to cyber security threats such as hacking and phishing. CERT-In also focuses on prevention, providing quick response services as well as security quality management services.
CERT-In’s responsibilities are similar to that of the National Critical Information Infrastructure Protection Centre (NCIIPC) and the two agencies may sometimes need to coordinate for information sharing. The NCIIPC is under the branch of the National Technical Research Organisation (NTRO), which the Ministry of Home Affairs supervises.
CERT-In’s stakeholders/clients include:
- State Govts/Union Territories and public sector undertakings (PSUs)
- Ministries/Departments of Govt of India
- Industry/Industry associations relating to IT, ITES & Electronics
- Concerned universities/academic universities, R&D Institutions/Labs such as DRDO.
- Citizens of India
Authority
CERT-In is under the administrative control of the Department of Electronics and Information Technology (DeitY) and the Ministry of Electronics and Information Technology.
Roles Of CERT-In
The roles of CERT-In can be classified under two branches: Reactive and Proactive
Reactive Roles: CERT-In acts as a single point of contact for reporting a local problem. It provides consultation to organizations that are prone to threats to/from computers. The information that CERT/CC (Coordination Centre) and its subsidiaries accumulate is further shared with other organizations in the computing field. It also performs tracing and analysis of threats, incident response, 24×7 security service, and recommends recovery methods to affected organizations.
Proactive Roles: In order to prevent incidents and generate awareness about cybersecurity, the CERT-In issues security guidelines and advisories. It analyses and responds to system vulnerabilities and risks for providing timely advice against potential anticipated threats. It carries out profiling of threats to identify certain trends in attacker activity. CERT-In further collaborates with its customers and organizes training programmes, simulation exercises etc. to improve efficacy.
Functions of CERT-In
The CERT-In deploys its functions in the following manner:
Reporting- Functions as a nodal point for reporting incidents that occur in the territory of India. It also stores and records all the history of incidents.
Identification- Verifies the existence, determines the nature of the incident, and ensures the protection of evidence.
Containment- Controls the scope of the incident and tries to minimize the damage made to computer systems.
Eradication- Removes or neutralizes the cause of the incident.
Recovery- Takes steps and provides assistance in order to restore normal operations
Prevention- Analyses the patterns of incidents and takes progressive measures to prevent future attacks
Who can report incidents to CERT-In?
System administrators/ owners of the affected computer system can report incidents to CERT-In. This includes stakeholders, service providers, intermediaries, body corporates, individuals, or groups. As discussed below, several types of cybersecurity incidents are mandatory to report.
What kind of incidents can a person/ organisation report to CERT-In?
CERT-In can address all types of cyber security incidents and vulnerabilities that occur or are expected to occur in the near future, in the country. The incidents could involve critical information infrastructure, unauthorized access, malicious codes, identity theft, attacks on servers, infrastructures and applications.
This also includes scanning or probing software ports, which researchers and bug-hunters also use, besides black hat hackers.
CERT-In determines the required support level on the basis of the intensity of the degree of the threat (Rule 11 (1)).
How can one report incidents to CERT-In?
Stakeholders can reach out to CERT-In via telephone (+91-1800-11-4949), fax (+91-1800-11-6969), email ([email protected]), and postal letters (Indian Computer Emergency Response Team, Ministry of Electronics and Information Technology, Government of India, Electronics Niketan, 6, CGO Complex, Lodhi Road, New Delhi- 110003, India). However, the contact details may change in the future.
The website also contains separate forms for reporting incidents and vulnerabilities.
What information can CERT-In demand?
According to Rule 13, CERT-In may collect and analyze information relating to cyber security incidents from individuals, organisations, and computer resources (Rule 13 (1)).
However, the agency shall not reveal any information which would leak the identity of the individual, group of individuals or organizations affected by cyber security incidents (Rule 13 (2)).
What can be the consequences for non-compliances with CERT-In’s directions?
In case a person/ organisation fails to comply with the directions of an authorized officer, a report is filed with the Director-General. It shall then be submitted to the review committee comprising of the Secretary, DeitY, and representatives of various ministries. CERT-In may even file a complaint before the Court based on the report and directions from the committee.
What is the role of individuals and organisations?
Individuals and organizations must mandatorily report the following cyber security incident to CERT-In as early as possible.
Organizations should also periodically perform audits of their cyber security practices. They shall appoint Information Security auditing organizations/ auditors empanelled with CERT-In to ensure that the prescribed security standards are maintained.
Grievance Redressal
The Public Grievance Officer is the point of contact for grievance resolution. Complaints can communicate to the officer through telephone (+91-1800-11-4949) or email (as provided on the website). The complaints must necessarily have complete and precise factual descriptions along with contact details (Phone number or email ID) for follow-up. The officer acknowledges complaints within 2 days and resolves them within 1 month from the date of complaint/ clarification.
This article has been co-authored with Debdatta Das, a student of Ajeenkya D Y Patil University, Pune.
Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.
A good blog that says all about CERT in Idia and how to get certification in the right and stress-free way and the importance of acquiring certification. The readers can consider the topics related to them as the blogs says a lot of things about CERT.