How CERT-In Taking on Cyber Threats in India

NEW DELHI: Recognising cyber threats challenge, India has put in place robust capabilities to ensure a safe, trusted, and secure digital environment. At the centre of India’s cybersecurity architecture is the Indian Computer Emergency Response Team (CERT-In). With rising instances of online fraud, phishing, ransomware attacks, AI-driven scams, and threats to critical digital infrastructure, the need for a coordinated and resilient cybersecurity framework has never been greater.

WHAT IS CERT-IN?

CERT-In (Indian Computer Emergency Response Team) functions under the Ministry of Electronics and Information Technology (MeitY) and derives its legal mandate from Section 70B of the Information Technology Act, 2000. It was created to act as the central authority for responding to cybersecurity incidents, coordinating responses, and strengthening the overall cyber resilience of India’s digital ecosystem.

Its core mission is to protect India’s information infrastructure by analysing, responding to, and mitigating cyber threats while also promoting secure digital practices across sectors.

CERT-In provides the institutional depth for national cyber defence by overseeing incident management, enhancing systemic resilience, and promoting secure digital practices across government, industry, and society. Its work underpins the protection of India’s rapidly expanding digital ecosystem and supports confidence in digital platforms and services.

CORE FUNCTIONS

CERT-In is the national agency for cyber incident response in India. Its mandate includes the prevention of cyberattacks, real-time monitoring of cyber threats, and swift coordination with stakeholders to mitigate and contain cyber incidents.

• Promoting cybersecurity awareness among organisations and citizens.

• Facilitating information sharing through its automated cyber threat exchange platform.

• Sharing near-real time information on existing and potential cyber threats with organisations covering all sectors.

• Collaborating with international partners, industry and academia.

• Conducting regular training programmes, cybersecurity exercises/drills.

• Operating CSK (Cyber Swachhta Kendra) for ensuring cyber hygiene & a Command & Control Center for facilitating monitoring of cyber threats and attack campaigns.

• Coordinating mitigation measures with organisations and stakeholders during significant national and international activities.

• Institutionalising responsible vulnerability disclosure.

• Supporting incident investigations & supporting law enforcement agencies through its cyber forensics capabilities.

• Enabling organisations & providing guidance on cyber crisis management plan implementation to enhance national preparedness.

INDIA’S EXPANDING DIGITAL LANDSCAPE

Over the last decade, India’s digital footprint has grown exponentially. It is driven by rising internet penetration, widespread smartphone adoption, and the rapid expansion of digital public services. By 2025, internet connections in India crossed the milestone of 100 crore, reaching 100.29 crore, compared to 25.15 crore in March 2014. Average monthly data consumption per wireless data subscriber increased nearly 399 times, rising from 61.66 MB in 2014 to 24.01 GB in 2025, among the highest globally.

This strong digital foundation has enabled remarkable growth in digital payments. The Unified Payments Interface (UPI) has emerged as the central pillar of India’s digital payment ecosystem. In December 2025 alone, UPI processed over 21 billion transactions valued at more than Rs 27 lakh crore. While this digital expansion has significantly enhanced convenience and inclusion, it has also widened the attack surface for cyber threats. To address these risks, the Union Budget 2025-26 allocated Rs 752 crore for cybersecurity, underscoring the government’s strong focus on securing India’s digital infrastructure.

In this context, CERT-In’s role assumes critical importance as the cornerstone of India’s cybersecurity framework. CSIRT-Fin i.e. Computer Security Incident Response Team for the Financial Sector functioning under CERT-In, strengthens cybersecurity in the financial sector by enabling coordinated incident response, information sharing, and providing guidance and support for the Banking, Financial Services, and Insurance (BFSI) sector.

Through sustained operational engagement and coordinated response mechanisms, CERT-In ensures rapid containment of cyber incidents and supports the restoration of affected systems across sectors. Its continuous flow of actionable intelligence and guidance enables stakeholders to strengthen preparedness, reduce systemic risk, and respond effectively to evolving threats.

Together, these efforts contribute to minimising disruption, accelerating recovery, and reinforcing confidence in India’s digital ecosystem.

CERT-In serves as the cornerstone of India’s national cyber defence architecture through proactive threat detection, rapid incident response, and large-scale capacity building.

FRAMEWORKS ANCHORED BY CERT-IN Institutional Framework

To operationalise national cybersecurity policy and translate strategic intent into on-ground action, CERT-In anchors a set of specialised institutional frameworks. These mechanisms provide structured coordination, preventive safeguards, and rapid response capabilities across sectors, states, and entities.

The Cyber Swachhta Kendra (CSK): CSK (Botnet Cleaning and Malware Analysis Centre) is established by CERT-In to enhance cyber hygiene among citizens. The centre tracks networks of internet connected devices such as computers, mobile phones, IoT devices, and home routers—that are infected with malware. It provides free tools and guidance to help users clean infected devices and works closely with industry, academia, and internet service providers to identify compromised systems and alert users.

Security Assurance Framework: CERT-In operates a security assurance framework to strengthen the security of government and critical sector systems. Under this framework, certified IT security audit organisations conduct regular audits; vulnerability assessments and penetration testing are undertaken; and audit findings are analysed to identify common weaknesses. Based on these insights, CERT-In issues secure design guidelines and promotes best practices.

National Cyber Coordination Centre (NCCC): NCCC, implemented by CERT-In, monitors cyberspace at metadata level to detect potential cybersecurity threats for situational awareness. It facilitates real-time information sharing with concerned organisations, State governments, and other stakeholders, enabling timely preventive and response actions.

Computer Security Incident Response Teams (CSIRTs): CERT-In oversees a network of CSIRTs operating at the sectoral and State/UT levels. Sectoral CSIRTs support domains such as finance, power, and telecom, while State CSIRTs operate under respective State and UT governments.

Cyber Crisis Management Plan (CCMP): CERT-In has also developed a CCMP for government bodies, providing structured guidance during major cyberattacks and cyber terrorism incidents. The plan supports rapid response, recovery, and continuity of essential services, particularly for critical infrastructure.

Collectively, these institutional frameworks enable a whole-of-government and whole-of-society approach to cybersecurity. By integrating prevention, preparedness, response, and recovery, it ensures that India’s digital ecosystem remains resilient, adaptive, and secure amid evolving cyber threats. This layered institutional design strengthens national readiness while safeguarding critical infrastructure and citizens alike.

GLOBAL RECOGNITION

CERT-In’s sustained domestic efforts have increasingly resonated at the global level. Its operational scale, technology-driven approaches, and emphasis on collaborative cyber governance have positioned India as a credible and responsible stakeholder in the international cybersecurity ecosystem.

In the Global Cybersecurity Outlook 2025 published by the World Economic Forum (WEF), CERT-In has been highlighted for its deployment of AI-driven situational awareness systems to analyse and detect malicious domains and phishing activities, as well as for its real-time sharing of threat intelligence at the global level.

In April 2025, CERT-In contributed to the Cyber Resilience Compass report published jointly by the WEF and the University of Oxford, which identified seven critical domains of cyber resilience.

In February 2025, CERT-In was among the international partners to co-sign the joint high-level risk analysis report on Artificial Intelligence titled “Building Trust in AI through a Cyber-Risk-Based Approach”, published by France’s National Cybersecurity Agency (ANSSI). The report advocates a risk-based approach to enable trusted AI systems, secure AI value chains, and address emerging AI-related cyber risks.

Together, these recognitions underscore CERT-In’s growing influence and leadership in shaping global cybersecurity and AI risk governance. They underscore CERT-In’s emerging role in shaping global discussions on cyber resilience, threat intelligence sharing, and responsible AI risk governance.

KEY ACHIEVEMENTS IN 2025

• In 2025, CERT-In handled over 24.44 lakh cyber incidents, issuing 1,530 alerts, 390 vulnerability notes, and 65 advisories, reflecting large-scale national cyber response capability.

• Empaneled 231 certified security audit organisations to strengthen cybersecurity across government, public, and private sector ICT systems.

• A majority of these audits were carried out in the banking and financial institutions, power and energy, and transport sectors.

• Conducted 32 specialised technical training programmes and 98 cybersecurity awareness sessions for government, PSU, and private sector stakeholders.

• Trained 20,799 officers and cybersecurity professionals across government, PSUs, and industry through specialised capacity-building programmes.

• Conducted 122 cybersecurity drills and exercises of varying complexity.

• Conducted 95 awareness sessions covering 91,065 participants.

• Earned global recognition with leading international platforms such as the World Economic Forum, the University of Oxford, and France’s ANSSI.

CERT-In’s achievements in 2025 reflect its central role in safeguarding India’s rapidly expanding digital ecosystem. Through large-scale capacity building, rigorous audits, continuous awareness efforts, and the release of forward-looking guidelines and technical frameworks, CERT-In has strengthened institutional preparedness across government, industry, and society.

CONCLUSION

Amid the growing complexity and scale of cyber threats, CERT-In continues to anchor India’s cybersecurity ecosystem. Through continuously identifying and mitigating cyber risks, CERT-In has significantly strengthened national cyber resilience.

Its initiatives, ranging from institutional frameworks and sectoral & state CSIRTs to citizen-centric awareness programmes, demonstrate a comprehensive and forward-looking approach to securing India’s ICT infrastructure and protecting users. International recognition of CERT-In’s AI-driven innovations further underscores India’s growing leadership in cybersecurity.

Collectively, these sustained efforts reaffirm the Government of India’s commitment to safeguarding cyberspace and ensuring a safe, trusted, and secure digital future for all citizens.