Indian Computer Emergency Response Team (CERT-In) – Securing the National Cyber Space
Within few years of existence, CERT-In has been able to establish itself as a trusted referral agency with necessary capabilities to respond to cyber security incidents. In the process, CERT-In has been able to get into working relationships with all the leading security organizations and vendors across the world in the form of MoU, to achieve the necessary force multiplier effect in responding to cyber security incidents. In addition, specific capabilities have been developed to engage itself in effective cyber forensic as well as analysis of malicious codes.
CERT-In has published a Crisis Management Plan for Countering Cyber Attacks and Cyber Terrorism in the country and is working towards its implementation across Govt. and critical sectors in the country. In order to support the organizations in the critical sector and the Government in enhancing their ability to resist cyber attacks and improving their security posture, CERT-In has created a panel of IT security auditors that can provide wide range of security auditing services on commercial basis. With this kind of institution building activities, CERT-In is now able to provide its reactive and proactive services on 24x7 basis and is effectively collaborating the international agencies engaged in similar work for real time information sharing and problem resolution in the cyber space.
In order to effectively secure the Indian cyber space, CERT-In is assisting the Department of Information Technology to put in place a national cyber security strategy and a national information security governance policy. The elements of national cyber security strategy are:
Security legal framework and law-enforcement
Security early warning and response
Security compliance and assurance
Security education awareness and training
Security technology R&D
Security information sharing and cooperation
In pursuit of the cyber security strategy, CERT-In has been working towards Preventing cyber attacks against country’s critical information infrastructure; Reducing national vulnerability of cyber attacks and Minimizing damage and recovery time from cyber attacks.
Specific challenges in securing the cyber space are:
Reaching out to the user community in creating necessary awareness on the need for cyber security and also on the need for them to play their roles in a responsible manner.
Sharing of information with CERT-In with regard to the occurrence of cyber security incidents to enable better preparation and prevention.
Overcoming the technical and legal barriers to move beyond our country’s borders to reach the sources of trouble - Most serious cyber crimes such as economic fraud, cyber terrorism and cyber war fare are invariably perpetrated from sources located outside the country using networks of compromised computers located both inside and outside the country. Since the sources of trouble are outside the country, invariably there would be technical and legal challenges to deal with and actually getting to the root of the problem. For this purpose, increased international cooperation is the need of the hour and CERT-In has been able establish good working relationships with international organizations such as AP CERT & Forum of Incident response (FIRST, US) and overseas CERTs.
For ensuring safety and security of cyber space, it is not only necessary to have an effective incident response mechanism such as the one already established by CERT-In, but also develop suitable ability and mechanism to harness real time information on the cyber security incidents even before they occur. In view of this, future roadmap of CERT-In includes real time incidents information collection, analysis and dissemination for effective security incidents prevention and protection. With this, it would be possible for CERT-In to provide tailored security advisories to the users community in the country enabling them to take timely and effective preventive actions.
Input from the Department of Information Technology