Cyber Security in India : Role of CERT-In

CERT-In is a low-profile (Indian) government organization.

The Government of India established the Computer Emergency Response Team  (“CERT-IN”) to ensure Internet security. Many institutions, including the Ministry of Home Affairs, courts, the intelligence services, the police and the National Human Rights Commission, may call on it for specialist expertise. CERT-IN’s stated mission is “to enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration” [Source]

I had a chance to be at CERT-In last week. The experience was overall good, unlike typical dirty government office with laid-back employees, I saw employees enthusiastic about their work (and a colorful office).

As I understood the primary job of CERT-In is to

  1. raise awareness (among public sector and private sector) regarding system and network security through regular training sessions.
  2. provide help during website defacements
  3. release regular security bulletins to keep Indian (security) community on recent threats and attacks

I met a few employees there and the key things which came out of the discussion are

  1. Cert-In is too small as compared to Cert-US due to budget constraints (and hence employees are  over-burdened).
  2. They do not offer “government job”[read job security], just a contract-based employment.
  3. They do not offer a competitive pay hence people regularly move to take jobs in private sector.

A view at the CERT-In defacement statistics show how grave is this threat for India. At this crucial stage, when apart from air, water and land, internet is the new way of inflicting significant monetary damage as well as intelligence. When other countries are establishing new cyber defensive and offensive capabilities, I wonder when will the Indian government realize that rather than spending billions on establishing new IITs, its probably better to spend a fraction of that to hire good cyber security specialists.
Readers should note that unlike USA, Cert-In has to play a much bigger role in India due to lack of other equivalents organizations like  DHS cyber command (USA).

Disclaimer:The article is based on the personal experience of author and the claims made are not verified independently. In case you have any objections, please mention that in comments or contact me.