CERT-In and India’s Cyber Defence Framework

 

1. Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology (MeitY), is India’s national agency for cyber incident response under Section 70B of the Information Technology Act, 2000.

2. In 2025, CERT-In handled more than 29.44 lakh cyber incidents, showing the scale of India’s national cyber response and threat-management capability across sectors.

3. During 2025, CERT-In issued 1,530 alerts, 390 vulnerability notes, and 65 advisories, reflecting continuous monitoring and structured dissemination of cyber risk intelligence.

4. CERT-In identified and published 29 Common Vulnerabilities and Exposures (CVEs) in 2025, contributing directly to vulnerability reporting and cyber defence preparedness.

5. India’s digital ecosystem crossed 100.29 crore internet connections by 2025, compared with 25.15 crore in March 2014, greatly expanding the national cyber-risk surface.

6. Average monthly wireless data consumption per subscriber rose from 61.66 megabytes in 2014 to 24.01 gigabytes in 2025, indicating a massive deepening of digital activity.

7. In December 2025, Unified Payments Interface (UPI) processed more than 21 billion transactions valued at over ₹27 lakh crore, making financial-sector cybersecurity critically important.

8. The Union Budget 2025–26 allocated ₹782 crore for cybersecurity, signalling sustained policy emphasis on securing India’s expanding digital infrastructure.

9. CERT-In empanelled 231 certified cybersecurity audit organisations in 2025, strengthening audit, assessment, and security assurance capacity across Information and Communication Technology systems.

10. In 2025, CERT-In conducted 32 specialised technical training programmes and trained 20,799 officers and cybersecurity professionals across government, public sector undertakings, and industry.

11. CERT-In also conducted 95 cybersecurity awareness sessions covering 91,065 participants, expanding public and institutional cyber awareness during 2025.

12. A total of 122 cybersecurity drills and exercises were carried out in 2025 with participation from about 1,570 organisations across government, public, and private sectors.

13. Cyber Swachhta Kendra (CSK) covered 98 percent of India’s digital population by December 2025, engaged 1,427 organisations, and recorded 89.55 lakh malware-removal tool downloads.

14. Women Help Desks and citizen-focused cyber hygiene systems were complemented by CERT-In’s institutional mechanisms such as National Cyber Coordination Centre, sectoral Computer Security Incident Response Teams (CSIRTs), and Cyber Crisis Management Plan.

15. CERT-In’s work received global recognition in 2025 from platforms such as the World Economic Forum (WEF), University of Oxford, and France’s National Cybersecurity Agency (ANSSI) for cyber resilience and trusted Artificial Intelligence (AI) risk governance.

 

Must Know Terms :

 

1.CERT-In

Indian Computer Emergency Response Team (CERT-In) is India’s national nodal agency for cyber incident response. It functions under MeitY and is mandated under the Information Technology Act, 2000. In 2025, it handled over 29.44 lakh incidents and issued alerts, advisories, and vulnerability notes. Its role covers incident response, threat intelligence, training, audits, cyber drills, and national cyber resilience building.

2.Cyber Swachhta Kendra

Cyber Swachhta Kendra (CSK), also called the Botnet Cleaning and Malware Analysis Centre, is a citizen-focused cyber hygiene platform established by CERT-In. It helps detect infected devices, alert users, and provide free malware-removal tools. By December 2025, it covered 98 percent of India’s digital population, onboarded 1,427 organisations, and recorded 89.55 lakh downloads of cleaning tools.

3.NCCC

National Cyber Coordination Centre (NCCC) is a metadata-level cyber situational awareness platform implemented by CERT-In. It monitors cyberspace to detect possible threats and enables timely information sharing with government bodies, state authorities, and other stakeholders. Its significance lies in supporting preventive response and coordinated action by improving national-level cyber visibility across expanding digital networks and infrastructures.

4.CSIRT-Fin

Computer Security Incident Response Team for the Financial Sector (CSIRT-Fin) functions under CERT-In as the specialised cyber-response mechanism for banking, financial services, and insurance institutions. It strengthens sectoral resilience by coordinating incident response, sharing threat intelligence, and issuing support guidance. Its role has become increasingly important with the rapid growth of digital payments and financial technology systems in India.

5.CSIRT-Power

Computer Security Incident Response Team for the Power Sector (CSIRT-Power) acts as an extended arm of CERT-In to strengthen cybersecurity in the electricity and energy domain. It coordinates incident analysis, acts on threat intelligence, supports audits, and helps contain vulnerabilities affecting power infrastructure. This is critical because disruption in the power sector can create large-scale national security and economic risks.

6.CCMP

Cyber Crisis Management Plan (CCMP) is the structured response framework developed by CERT-In for government entities to handle major cyberattacks and cyber-terror incidents. It guides institutions on rapid response, containment, recovery, and continuity of essential services. The plan is important because it connects national preparedness with operational response during large-scale or high-impact cyber emergencies affecting critical infrastructure.

 

 

Key Takeaways

a) In 2025, CERT-In handled over 44 lakh cyber incidents, issuing 1,530 alerts, 390 vulnerability notes, and 65 advisories, reflecting large-scale national cyber response capability.

b) 231 cybersecurity audit organisations empanelled, significantly strengthening audit and vulnerability assessment capacity across critical Information Communication Technology infrastructure.

c) 98% digital populationcovered by Cyber Swachhta Kendra, 1,427 organisations onboarded, and 89.55 lakh malware removal tool downloads.

d) CERT-In’s sustained cybersecurity efforts have earned global recognition,with leading international platforms such as the World Economic Forum, the University of Oxford, and France’s ANSSI acknowledging India’s leadership in AI-driven threat detection, cyber resilience, trusted AI frameworks, and citizen-centric malware mitigation.

MCQ

1. MCQ1. CERT-In functions under which ministry?
   A) Ministry of Home Affairs
   B) Ministry of Electronics and Information Technology
   C) Ministry of Communications
   D) Ministry of Defence2. CERT-In is mandated under which section of the Information Technology Act, 2000?
   A) Section 66
   B) Section 69A
   C) Section 70B
   D) Section 723. In 2025, CERT-In handled over how many cyber incidents?
   A) 19.44 lakh
   B) 24.44 lakh
   C) 29.44 lakh
   D) 34.44 lakh4. How many alerts were issued by CERT-In in 2025?
   A) 1,230
   B) 1,530
   C) 1,830
   D) 2,1305. How many vulnerability notes were issued by CERT-In in 2025?
   A) 290
   B) 390
   C) 490
   D) 590

   6. CERT-In identified and published how many Common Vulnerabilities and Exposures in 2025?
   A) 19
   B) 29
   C) 39
   D) 49

   7. By 2025, internet connections in India crossed:
   A) 80 crore
   B) 90 crore
   C) 100.29 crore
   D) 110.29 crore

   8. Average monthly wireless data consumption per subscriber rose to what level in 2025?
   A) 14.01 GB
   B) 18.01 GB
   C) 20.01 GB
   D) 24.01 GB

   9. In December 2025, UPI processed more than how many transactions?
   A) 18 billion
   B) 19 billion
   C) 20 billion
   D) 21 billion

   10. The Union Budget 2025–26 allocated how much for cybersecurity?
   A) ₹582 crore
   B) ₹682 crore
   C) ₹782 crore
   D) ₹882 crore

   11. How many certified cybersecurity audit organisations were empanelled by CERT-In in 2025?
   A) 131
   B) 181
   C) 231
   D) 281

   12. CERT-In conducted how many specialised technical training programmes in 2025?
   A) 22
   B) 32
   C) 42
   D) 52

   13. How many cybersecurity drills and exercises were conducted by CERT-In in 2025?
   A) 102
   B) 112
   C) 122
   D) 132

   14. By December 2025, Cyber Swachhta Kendra covered what share of India’s digital population?
   A) 88%
   B) 92%
   C) 95%
   D) 98%

   15. Cyber Swachhta Kendra recorded how many malware-removal tool downloads?
   A) 79.55 lakh
   B) 89.55 lakh
   C) 99.55 lakh
   D) 109.55 lakh