(a): The Indian Computer Emergency Response Team (CERT-In) has been functional since 2004 and has been mandated to serve as national agency for incident response as per provisions of section 70B of Information Technology Act, 2000.
(b): CERT-In is functioning as per its mandate as provided in section 70B of Information Technology Act, 2000.
As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), around 8.5 lakh cyber security incidents including phishing, network scanning and probing, virus/malicious code and website hacking have been handled during the years 2004 to 2019 (till October).
In order to achieve its mandate the following activities are carried out by CERT-In:
(i) The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on regular basis
(ii) CERT-In has empanelled 90 security auditing organisations to support and audit implementation of Information Security Best Practices.
(iii) CERT-In has formulated Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
(iv) Cyber security mock drills are being conducted regularly to enable assessment of cyber security posture and preparedness of organisations in Government and critical sectors. 44 such drills have so far been conducted by CERT-In where 265 organisations from different States and sectors such as Finance, Defence, Power, Telecom, Transport, Energy, Space, IT/ITeS, etc participated.
(v) CERT-In conducts regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks.
(vi) CERT-In is operating the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) launched by Government. The centre is providing detection of malicious programs and free tools to remove the same.
(vii) Government has set up National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities. Phase-I of NCCC has been made operational. NCCC is a multi stakeholder body and is implemented by Indian Computer Emergency Response Team (CERT-In) at Ministry of Electronics and Information Technology.
(c): For resolution of incidents involving systems outside the country, CERT-In devises response measures in coordination with its counterpart agencies in foreign countries.
(d) and (e): As per mandate of CERT-In under section 70B of Information Technology Act, 2000 and rules notified therein, service providers, intermediaries, data centres and body corporate shall report the cyber security incidents to CERT-In within a reasonable time of occurrence or noticing the incident to have scope for timely action. Appropriate notices are issued to body corporate in case of non-reporting of incidents to CERT-In.
*******
Download PDF Files
