Site Menu
Site Menu

What Is CERT-In and What Does It Do?

Posted on by Saish Bhise
CERT-In India cyber incident response authority monitoring cybersecurity threats under Indian law.

Understand what is CERT-In and its role in cyber incident response, legal powers, reporting requirements, and why it matters for India’s cybersecurity ecosystem.

Understanding CERT-In: India’s First Line of Defence Against Cyber Threats

As India’s digital footprint expands across banking, governance, healthcare, defence, and daily civilian life, cyber threats have shifted from being technical nuisances to matters of national security. Data breaches, ransomware attacks, infrastructure intrusions, and coordinated disinformation campaigns now pose systemic risks. At the centre of India’s cyber defence architecture stands CERT-In, an institution that remains widely referenced yet poorly understood by the public.

This article explains what CERT-In is, what it does, how it operates, and why it matters not just for governments and corporations, but for ordinary citizens navigating an increasingly hostile digital ecosystem.

What Is CERT-In?

CERT-In stands for the Indian Computer Emergency Response Team. It is the national nodal agency for cybersecurity incident response in India, established under the Information Technology Act, 2000.

CERT-In operates under the Ministry of Electronics and Information Technology (MeitY) and functions as India’s central authority for:

  • Monitoring cyber threats
  • Responding to cybersecurity incidents
  • Issuing security advisories
  • Coordinating incident response across sectors

In essence, CERT-In is the government’s early warning system and crisis-response unit for cyber incidents affecting India’s digital infrastructure.

Why CERT-In Was Created

Before CERT-In’s formal notification in 2004, India lacked a centralised cyber incident response framework. Cyber incidents were handled in silos by telecom operators, banks, law enforcement units, or private cybersecurity firms, often with delayed coordination.

CERT-In was created to address three structural gaps:

  1. Lack of real-time threat intelligence sharing
  2. Absence of standardised incident reporting
  3. No central authority to coordinate national-level cyber response

As cybercrime evolved from isolated hacking into organised, transnational operations, CERT-In’s role became foundational rather than advisory.

What Does CERT-In Actually Do?

CERT-In’s responsibilities extend far beyond issuing press advisories after major breaches. Its core functions include:

1. Cyber Incident Response and Coordination

CERT-In acts as the primary response body when significant cyber incidents occur, including:

  • Data breaches
  • Ransomware attacks
  • Website defacements
  • Malware outbreaks
  • Distributed Denial-of-Service (DDoS) attacks

It coordinates responses between affected entities, sectoral CERTs, law enforcement agencies, and international counterparts.

2. Threat Intelligence and Early Warnings

CERT-In continuously monitors cyberspace for emerging threats. When vulnerabilities or active exploit campaigns are detected, it issues:

  • Security advisories
  • Vulnerability notes
  • Early warning alerts

These advisories often include technical indicators such as IP addresses, malware hashes, and mitigation steps.

3. Mandatory Incident Reporting Enforcement

Under CERT-In’s 2022 Directions, certain cyber incidents must be reported within six hours of detection. This applies to:

  • Cloud service providers
  • Data centres
  • VPN providers
  • Financial institutions
  • Government bodies

Failure to comply can result in penalties under the IT Act.

4. Digital Forensics and Post-Incident Analysis

CERT-In supports technical investigations by:

  • Analysing malware samples
  • Tracing attack vectors
  • Identifying compromise indicators
  • Assisting forensic reconstruction

While CERT-In itself does not prosecute offenders, its findings often support law enforcement investigations and court proceedings.

5. International Cyber Cooperation

Cybercrime is rarely confined within national borders. CERT-In collaborates with:

  • Foreign CERTs
  • International cybersecurity forums
  • Multilateral cybercrime initiatives

This enables cross-border threat intelligence sharing and coordinated response to global cyber campaigns.

CERT-In vs Law Enforcement: A Critical Distinction

CERT-In is not a police agency.

  • It does not arrest offenders
  • It does not file charge sheets
  • It does not conduct criminal trials

Instead, CERT-In provides technical expertise and coordination, while criminal investigation and prosecution are handled by:

  • State cybercrime police units
  • Central agencies
  • Judicial authorities

This separation is deliberate and essential to preserve both technical neutrality and legal due process.

Why CERT-In Matters to Ordinary Citizens

While CERT-In’s work often appears abstract, its impact directly affects civilians:

  • Banking fraud advisories protect account holders
  • Telecom alerts reduce SIM swap risks
  • Malware warnings limit large-scale device infections
  • Infrastructure protection prevents service outages

In many cases, citizens benefit from CERT-In’s interventions without ever realising it.

Limitations and Criticisms

Despite its importance, CERT-In faces criticism on several fronts:

  • Limited public transparency in certain investigations
  • Resource constraints relative to the scale of threats
  • Compliance burden concerns raised by tech companies
  • Privacy debates around data retention directives

These criticisms are part of an ongoing policy debate and highlight the tension between cybersecurity, privacy, and civil liberties.

Conclusion: CERT-In as Digital Infrastructure, Not Just an Agency

CERT-In should be understood not merely as a government office, but as critical national digital infrastructure. In an era where cyber operations can destabilise economies and democracies, CERT-In’s role is foundational to India’s digital sovereignty.

Understanding what CERT-In does and does not do is essential for journalists, policymakers, technologists, and citizens alike.

Bibliography & Sources (With Hyperlinks)

  1. Indian Computer Emergency Response Team (CERT-In) – Official Website
    https://www.cert-in.org.in
  2. Ministry of Electronics and Information Technology (MeitY)
    https://www.meity.gov.in
  3. Information Technology Act, 2000
    https://www.meity.gov.in/content/information-technology-act-2000
  4. CERT-In Directions, 2022 (Incident Reporting Rules)
    https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf
  5. National Cyber Crime Reporting Portal – Government of India
    https://cybercrime.gov.in
  6. UN Office on Drugs and Crime – Cybercrime Programme
    https://www.unodc.org/unodc/en/cybercrime/global-programme-cybercrime.html
  7. INTERPOL – Cybercrime Overview
    https://www.interpol.int/en/Crimes/Cybercrime

For deeper context on these power tactics, see our Cyber Policy, Law & Regulation.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *