India has announced a series of comprehensive measures to fortify its cybersecurity preparedness in the face of rapidly evolving digital threats. By implementing robust frameworks, coordinating among agencies, engaging private sector participation, and fostering international collaborations, the government seeks to safeguard its critical information infrastructure and ensure a secure cyberspace for its citizens and institutions.
The Indian Computer Emergency Response Team (CERT-In) remains at the forefront of the nation’s cyber defense. Designated under Section 70B of the Information Technology Act, 2000, CERT-In is tasked with responding to cybersecurity incidents, detecting breaches, and issuing advisories to mitigate threats. In parallel, the National Critical Information Infrastructure Protection Centre (NCIIPC), notified as the nodal agency under Section 70A of the IT Act, oversees the protection of computer resources whose compromise could endanger national security. Recognizing the sensitivity of cybersecurity breaches in critical infrastructure, the government avoids publicly disclosing such incidents, citing national security concerns.
Key initiatives aimed at enhancing national cybersecurity include the appointment of a National Cyber Security Coordinator to ensure streamlined collaboration among agencies. The establishment of the National Cyber Coordination Centre, under the auspices of CERT-In, serves as a centralized hub for monitoring the country’s cyberspace and detecting threats. This center also facilitates agency coordination by analyzing and sharing metadata for effective countermeasures. Complementing this effort is the Cyber Swachhta Kendra, a citizen-centric service focused on malware detection, botnet cleaning, and providing free tools for malware removal, along with cybersecurity tips and best practices.
The government has also created the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs, enabling efficient and coordinated responses to cybercrime across the nation. To augment threat intelligence, CERT-In operates an automated platform for collecting, analyzing, and sharing tailored alerts with organizations, bolstering proactive mitigation efforts. Its Cyber Crisis Management Plan provides a framework for countering cyber attacks and cyber terrorism, ensuring preparedness across central and state government entities and critical sectors.
Regular cybersecurity drills are conducted to assess the resilience of government and critical organizations, with 109 drills completed to date involving 1,438 entities. CERT-In continually issues alerts on the latest cyber threats, vulnerabilities, and protective measures, while 200 security auditing organizations empaneled by the agency support the adoption of information security best practices. Updated guidelines for information security and application design, including the introduction of Software Bill of Materials (SBOM) standards, have been implemented to aid public and private sector organizations in identifying vulnerabilities in their software assets.
CERT-In also actively promotes capacity building by training over 12,000 officials in securing IT infrastructure and mitigating cyber risks. Awareness campaigns targeting citizens and organizations disseminate educational material on cybersecurity hygiene via online platforms, addressing concerns such as deepfakes and cyber fraud.
The Ministry of Electronics and Information Technology (MeitY) has initiated public-private partnerships to further cybersecurity efforts. This includes the Cyber Surakshit Bharat program, aimed at equipping Chief Information Security Officers (CISOs) of government and public sector entities with the tools and knowledge to tackle cyber threats. MeitY has also collaborated with the Data Security Council of India to establish the National Centre of Excellence (NCoE), accelerating the development of cybersecurity technologies and entrepreneurship.
CERT-In’s collaboration with private companies enhances cyber threat intelligence sharing, best practices, and workforce training. International partnerships remain integral to India’s cybersecurity strategy, with CERT-In actively engaging with global forums, such as the Asia Pacific Computer Emergency Response Teams and the Forum of Incident Response and Security Teams, and maintaining formal agreements with countries including Japan, Russia, the United Kingdom, and Vietnam.
These efforts reflect India’s commitment to establishing a resilient cybersecurity ecosystem that not only protects critical infrastructure but also fosters innovation, cooperation, and public awareness. By combining technological advancements, policy frameworks, and international collaboration, India is poised to address the challenges posed by an increasingly complex digital landscape.
