Description
Source: INDIAN EXPRESS
Disclaimer: Copyright infringement not intended.
Context:
- The Ministries of Information Technology and Home Affairs are both competing for control of CERT-In.
Details:
About Computer Emergency Response Team (Cert-In)
|
Ministry
|
- Department of Information and Communications Technology
|
|
Legal Basis
|
- Section 70B of the Information Technology Act, 2000 (amended in 2008)
|
|
Establishment Year
|
|
|
Primary Functions
|
- Responding to cyber threats (e.g., hacking, phishing)
- Improving security defenses of the Indian Internet domain
- Gathering, analyzing, and disseminating information on cyber events
- Forecasting and alerting on cyber security incidents
- Implementing emergency response procedures for cyber issues
- Coordinating operations related to cyber incidents
- Publishing guidelines, advisories, vulnerability notes, and whitepapers on information security
- Undertaking other cybersecurity-related responsibilities as required
|
|
Notable Incident
|
- Detected major issue in Android Jelly Bean's VPN functionality (March 2014)
|
|
Empanelment
|
- CERT-In empanelled auditors list (e.g., Security Brigade)
|
|
Auditor Responsibilities
|
- Conducting security assessments of websites, networks, and applications
|
|
Operational Scope
|
- First responder to cybersecurity crises
|
|
- Educating stakeholders on best practices for securing cyber infrastructure
|
|
Future Focus
|
- Series of trainings to explore proactive, reactive, and training mandates, identifying areas for improvement
|
Significance of CERT-IN
National Security
- With the digital transformation, critical infrastructure such as banking, power, and healthcare have become increasingly dependent on IT systems. A breach could have catastrophic consequences; hence, CERT-IN plays a vital role in national security by protecting these assets from cyber threats.
Public Awareness
- By issuing regular bulletins, alerts, and advisories, CERT-IN keeps the public informed about potential cyber threats and vulnerabilities, helping individuals and organizations adopt better security practices.
International Collaborations
- CERT-IN collaborates with global cybersecurity bodies, sharing information about threats and defense mechanisms. This collective effort is crucial for combating transnational cybercrimes.
Current Debates
Arguments for MHA Control
- Enhanced Law Enforcement: MHA argues that cybersecurity incidents often have criminal aspects that require law enforcement intervention. Bringing CERT-IN under Ministry of Home Affairs could streamline the process of investigating and prosecuting cybercrimes.
- Coordination with Intelligence Agencies:Ministry of Home Affairs claims that having CERT-IN under its jurisdiction would improve coordination with intelligence and law enforcement agencies, potentially leading to more efficient handling of threats.
Arguments for MeitY Control
- Technical Expertise: MeitY, being a specialized body in technology and IT, is argued to have the necessary technical expertise to handle cybersecurity issues more effectively.
- Continuity and Focus: Keeping CERT-IN under MeitY ensures that the focus remains on the technical and infrastructural aspects of cybersecurity rather than purely on enforcement.
Must Read Articles:
CERT-in and RTI: https://www.iasgyan.in/daily-current-affairs/cert-in-and-rti
Source:
https://indianexpress.com/article/india/both-home-and-it-ministries-pitch-for-control-of-nodal-cyber-security-watchdog-cert-in-9450203/#:~:text=At%20present%2C%20Cert%2DIn%20comes,ambit%20would%20help%20law%20enforcement.
|
PRACTICE QUESTION
Consider the following statements:
- It is the national nodal agency for responding to computer security incidents.
- It has been operational since January 2004.
- It is a functional organization under the Ministry of Commerce and Industry.
Which of the statements given above is/are correct?
(a) 1 only
(b) 1 and 2 only
(c) 2 and 3 only
(d) 1,2 and 3
Correct Answer: (b)
|
