Indian Computer Emergency Response Team (CERT-In)

Key Facts and Data Points

• Agency: Indian Computer Emergency Response Team (CERT-In)
• Mandate: Established under the Information Technology Act, 2000.
• Parent Ministry: Ministry of Electronics and Information Technology (MeitY).
• Core Functions: Prevention, monitoring and response to cyber incidents – phishing, ransomware, AI‑enabled scams, online fraud, attacks on critical digital infrastructure.
• Sectoral CSIRTs:
• CSIRT‑Fin – for the Banking, Financial Services & Insurance (BFSI) sector.
• CSIRT‑Power – for the power sector.
• Institutional Frameworks:
• Cyber Swachhta Kendra (national awareness & hygiene platform).
• National Cyber Coordination Centre (NCCC) – real‑time threat monitoring.
• Cyber Crisis Management Plan – coordinated response to large‑scale cyber emergencies.
• International Recognition: World Economic Forum (WEF), University of Oxford, France’s ANSSI.
• Recent Development: Exempted from the ambit of the Right to Information (RTI) Act to protect operational secrecy.

Background and Context

• India’s digital footprint has surged with initiatives like Digital India, Aadhaar, and widespread internet penetration, making cyber resilience a strategic priority.
• Cyber threats have escalated globally, with ransomware attacks increasing by ~30% YoY and AI‑driven scams emerging as a new frontier.
• CERT-In’s 2025 performance report highlighted a 45% rise in incident handling capacity and the establishment of state‑level CSIRTs across 28 states and union territories.

Significance for India / Governance / Policy

• National Security: Cyber attacks on critical infrastructure (power grids, banking systems) can cripple essential services; CERT‑In’s rapid response mitigates such risks.
• Economic Stability: By safeguarding the BFSI sector and e‑commerce platforms, it protects billions of dollars of digital transactions.
• Trust in Digital Ecosystem: Enhances citizen confidence in online services, crucial for the success of Digital India.
• Policy Alignment: Supports MeitY’s Cyber Security Strategy 2025‑2030, emphasizing capacity building, public‑private partnership, and international cooperation.

Related Constitutional / Legal Provisions

• Information Technology Act, 2000 – provides the legal framework for cyber offences and empowers CERT‑In.
• Section 69A of the IT Act – allows interception, monitoring and decryption of information in the interest of sovereignty and integrity of India.
• Right to Information Act, 2005 – CERT‑In’s exemption underscores the balance between transparency and national security.

References

• Centre Exempts CERT‑In from Ambit of RTI Act – PIB
• CERT‑In 2025 Performance Report (MeitY)