CERT-IN
- DEFENCE & SECURITY
News: ‘Cooperate with CERT-In,
give details about threat alerts’: IT Ministry to Apple
What's
in the news?
● The
Ministry of Electronics and Information Technology (MeitY) sent a notice to
Apple, informing the Cupertino-based tech giant that the Indian Computer
Emergency Response Team (CERT-In) will investigate the matter of Apple
notifying Indian iPhone users that their devices may have been targeted in a
“state-sponsored” attack.
CERT-In:
● The
Indian Computer Emergency Response Team, commonly referred to as CERT-In, is a national agency responsible for
cybersecurity in India.
● The
agency was established under the provisions of section 70B of the Information Technology Act, 2000.
Nodal
Ministry:
● The
agency operates under the Ministry of Electronics and Information Technology (MeitY).
Role
of CERT-In:
● It
frequently provides advisories to organizations and users to help them
safeguard their data, information, and ICT (Information and Communications
Technology) infrastructure.
● CERT-In
actively seeks information from service
providers, intermediaries, data centers and body corporates to coordinate
response activities and emergency measures concerning cybersecurity incidents.
● It
offers round-the-clock security service
and serves as the central reporting point for cybersecurity incidents.
● The
agency is constantly on the lookout for potential cyber threats and is
responsible for managing any cyber incidents reported to it. This strengthens
the security defences of the Indian Internet domain.
● CERT-In
is spearheading the implementation of the Cyber
Crisis Management Plan (CCMP) across Central Government
Ministries/Departments/states and critical organizations operating in Indian
cyberspace.
● The
CCMP is a strategic document created to address cyber-related incidents.
CERT-In
Functions:
In the IT Amendment Act 2008, CERT-In has
been designated to perform the following functions in the area of cyber
security such as
● Collection,
analysis and dissemination of information on cyber incidents.
● Forecast
and alerts of cyber security incidents.
● Emergency
measures for handling cyber security incidents.
● Coordination
of cyber incident response activities.
● Issue
guidelines, advisories, vulnerability notes and whitepapers relating to
information security practices, procedures, prevention, response and reporting
of cyber incidents.
● Such
other functions relating to cyber security as may be prescribed.