CERT-IN

Source: INDIAN EXPRESS

Disclaimer: Copyright infringement not intended.

Context:

• The Ministries of Information Technology and Home Affairs are both competing for control of CERT-In.

Details:

About Computer Emergency Response Team (Cert-In)

Ministry	Department of Information and Communications Technology
Legal Basis	Section 70B of the Information Technology Act, 2000 (amended in 2008)
Establishment Year	January 2004
Primary Functions	Responding to cyber threats (e.g., hacking, phishing) Improving security defenses of the Indian Internet domain Gathering, analyzing, and disseminating information on cyber events Forecasting and alerting on cyber security incidents Implementing emergency response procedures for cyber issues Coordinating operations related to cyber incidents Publishing guidelines, advisories, vulnerability notes, and whitepapers on information security Undertaking other cybersecurity-related responsibilities as required
Notable Incident	Detected major issue in Android Jelly Bean's VPN functionality (March 2014)
Empanelment	CERT-In empanelled auditors list (e.g., Security Brigade)
Auditor Responsibilities	Conducting security assessments of websites, networks, and applications
Operational Scope	First responder to cybersecurity crises
	Educating stakeholders on best practices for securing cyber infrastructure
Future Focus	Series of trainings to explore proactive, reactive, and training mandates, identifying areas for improvement

Significance of CERT-IN

National Security

• With the digital transformation, critical infrastructure such as banking, power, and healthcare have become increasingly dependent on IT systems. A breach could have catastrophic consequences; hence, CERT-IN plays a vital role in national security by protecting these assets from cyber threats.

Public Awareness

• By issuing regular bulletins, alerts, and advisories, CERT-IN keeps the public informed about potential cyber threats and vulnerabilities, helping individuals and organizations adopt better security practices.

International Collaborations

• CERT-IN collaborates with global cybersecurity bodies, sharing information about threats and defense mechanisms. This collective effort is crucial for combating transnational cybercrimes.

Current Debates

Arguments for MHA Control

• Enhanced Law Enforcement: MHA argues that cybersecurity incidents often have criminal aspects that require law enforcement intervention. Bringing CERT-IN under Ministry of Home Affairs  could streamline the process of investigating and prosecuting cybercrimes.
• Coordination with Intelligence Agencies:Ministry of Home Affairs  claims that having CERT-IN under its jurisdiction would improve coordination with intelligence and law enforcement agencies, potentially leading to more efficient handling of threats.

Arguments for MeitY Control

• Technical Expertise: MeitY, being a specialized body in technology and IT, is argued to have the necessary technical expertise to handle cybersecurity issues more effectively.
• Continuity and Focus: Keeping CERT-IN under MeitY ensures that the focus remains on the technical and infrastructural aspects of cybersecurity rather than purely on enforcement.

Must Read Articles:

CERT-in and RTI: https://www.iasgyan.in/daily-current-affairs/cert-in-and-rti

Source:

https://indianexpress.com/article/india/both-home-and-it-ministries-pitch-for-control-of-nodal-cyber-security-watchdog-cert-in-9450203/#:~:text=At%20present%2C%20Cert%2DIn%20comes,ambit%20would%20help%20law%20enforcement.

PRACTICE QUESTION Consider the following statements: It is the national nodal agency for responding to computer security incidents. It has been operational since January 2004. It is a functional organization under the Ministry of Commerce and Industry. Which of the statements given above is/are correct? (a) 1 only (b) 1 and 2 only (c) 2 and 3 only (d) 1,2 and 3 Correct Answer: (b)