The Government is reinforcing cybersecurity measures to ensure a safe, open, trusted, and accountable internet. The Indian Computer Emergency Response Team (CERT-In) is designated under Section 70B of the IT Act, 2000 as the national agency for responding to cybersecurity incidents. CERT-In monitors cyber threats and provides remedial measures to affected organizations.

Additionally, the National Critical Information Infrastructure Protection Centre (NCIIPC) has been designated as the national nodal agency under Section 70A of the IT Act for protecting critical information infrastructure. Due to national security concerns, specific details of cybersecurity breaches in critical infrastructure are not publicly disclosed.

Key Cybersecurity Initiatives:

1. Institutional Framework for Cybersecurity
   • National Cyber Security Coordinator (NCSC) under the National Security Council Secretariat (NSCS) coordinates cybersecurity efforts across agencies.
   • National Cyber Coordination Centre (NCCC), implemented by CERT-In, acts as a control center for detecting and mitigating cyber threats in real time.
2. Citizen and Organizational Cyber Hygiene
   • Cyber Swachhta Kendra (CSK) provides botnet cleaning and malware analysis services. It offers free tools to remove malicious software and cybersecurity tips for citizens and organizations.
   • Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA) addresses cybercrime in a coordinated manner.
   • CERT-In’s Automated Cyber Threat Intelligence Exchange Platform proactively collects and shares alerts across sectors.
3. Cybersecurity Preparedness & Incident Response
   • Cyber Crisis Management Plan formulated for ministries, state governments, and critical sectors.
   • Regular Cybersecurity Mock Drills: CERT-In has conducted 109 drills, with participation from 1,438 organizations across various sectors.
   • CERT-In continuously issues alerts and advisories on cyber threats and countermeasures.
4. Cybersecurity Auditing & Guidelines
   • 200 security auditing organizations empanelled by CERT-In to audit and implement security best practices.
   • Guidelines issued in 2023 for government entities covering data security, identity and access management, application security, third-party outsourcing, and security monitoring.
   • Software Bill of Materials (SBOM) Guidelines (October 2024) introduced to help organizations track software components and fix vulnerabilities.
5. Capacity Building & Awareness
   • Cybersecurity Training: In 2024, 12,014 officials participated in 23 training programs on IT security.
   • Public awareness campaigns on cyber hygiene, including handbooks, videos, posters, and advisories, are disseminated via staysafeonline.in, infosecawareness.in, and csk.gov.in.

Collaboration with Private & International Partners

• Public-Private Partnership (PPP):
  • Cyber Surakshit Bharat (CSB) program educates Chief Information Security Officers (CISOs) of government, banks, and PSUs on cybersecurity challenges.
  • National Centre of Excellence (NCoE) in Cyber Security established in collaboration with the Data Security Council of India to boost cybersecurity technology and entrepreneurship.
  • CERT-In collaborates with cybersecurity companies for information exchange, best practices, and training.
• International Cooperation:
  • CERT-In is an active member of Asia Pacific Computer Emergency Response Teams (APCERT) and Forum of Incident Response and Security Teams (FIRST).
  • CERT-In has signed MoUs with Bangladesh, Egypt, Estonia, Japan, Maldives, Russia, the United Kingdom, and Vietnam for cybersecurity collaboration.

These measures are part of a comprehensive strategy to enhance India’s cybersecurity resilience, ensuring protection against emerging cyber threats while strengthening public and private sector cooperation.