The Tug of War for CERT-IN: IT Ministry vs. Home Affairs

Discover the ongoing dispute between India's IT Ministry and Home Affairs over the control of CERT-IN.

The Tug of War for CERT-IN: IT Ministry vs. Home Affairs

What’s in today’s article?

  • Why in News?
  • What is Computer Emergency Response Team (CERT-IN)?
  • Control of CERT-IN
  • Conclusion

Why in News?

Two ministries, Information Technology and Home Affairs, are making a strong pitch for the ownership of Computer Emergency Response Team (CERT-IN), the country’s nodal cybersecurity watchdog.

At present, Cert-In comes under the administrative control of the IT Ministry.

What is Computer Emergency Response Team (CERT-IN)?

  • About
    • The Computer Emergency Response Team (CERT-IN) is an organization under the Ministry of Electronics and Information Technology, Government of India.
    • It has been operational since 2004.
    • As per the Information Technology Amendment Act, 2008, CERT-In has been designated to serve as the national nodal agency responsible:
      • for responding to computer security incidents as they occur and
      • for enhancing the security of India’s communications and information infrastructure.
  • Functions

Incident Response

  • Providing technical assistance and advice to individuals and organizations in case of a cyber incident.
  • Coordinating responses to security incidents on the national level.

Cyber Security Awareness and Training

  • Organizing training programs, workshops, and conferences to educate stakeholders about cyber security threats and best practices.
  • Disseminating information on cyber threats, vulnerabilities, and protective measures.

Vulnerability Handling and Coordination

  • Identifying and analyzing vulnerabilities in computer systems and networks.
  • Coordinating with stakeholders to mitigate the impact of vulnerabilities and advising on preventive measures.

Security Quality Management Services

  • Offering security quality management services, including risk assessment, penetration testing, and security audits.
  • Developing guidelines, standards, and policies for the protection of information infrastructure.

Cyber Threat Monitoring

  • Continuously monitoring cyber threats to the country’s information infrastructure.
  • Providing early warning and alerts on potential and ongoing cyber threats.

Collaboration and Coordination

  • Collaborating with domestic and international cyber security organizations, law enforcement agencies, and industry partners.
  • Sharing information and best practices to enhance collective cyber security defenses.

Policy Development and Implementation

  • Assisting in the formulation of national policies and strategies related to cyber security.
  • Ensuring the implementation of government policies and regulations pertaining to cyber security.

Research and Development

  • Engaging in research and development activities to innovate and improve cyber security technologies and methodologies.
  • Promoting the development of indigenous cyber security solutions.
  • Few notable works of CERT-IN
    • CERT-In has been involved in high-profile investigations, such as the 2022 cyberattack on AIIMS Delhi.
    • It issued a cybersecurity directive in 2022, requiring VPN and cloud service providers to store customer information for five years.
    • CERT-In handled approximately 1.4 million cybersecurity incidents in 2022, with mitigation of vulnerable services being the most common.

Control of CERT-IN

  • Two key ministries in India, Information Technology (IT) and Home Affairs (MHA), are in a dispute over control of the CERT-IN.
  • Positions of the Ministries
    • Ministry of Home Affairs (MHA): Advocates for CERT-In to come under its control to enhance law enforcement capabilities, particularly in cyberspace, given CERT-In’s technical expertise and the MHA’s enforcement powers.
  • The MHA believes this integration would streamline cybercrime investigations.
    • Ministry of Information Technology (IT): Argues that CERT-In’s role is technical and extends beyond law enforcement, focusing on incident reporting, malware alerts, and advising on security infrastructure improvements.
  • The IT Ministry emphasizes that CERT-In’s technical functions are distinct from investigative powers, which the MHA holds.
  • Background
    • CERT-In, under the IT Ministry, performs technical functions like analyzing and disseminating information on cyber incidents, issuing alerts, and coordinating responses.
  • It does not have investigative powers like search and seizure.
    • The MHA, through the Indian Cyber-crime Coordination Centre (I4C), focuses on cybercrimes and coordination among law enforcement agencies.
    • Control of CERT-In could provide the MHA with needed technical expertise.
  • Dispute highlights an associated issue
    • The dispute is partly due to ambiguous Allocation of Business Rules (AoBR).
    • These rules do not designate cybersecurity solely to any one ministry, leading to overlapping responsibilities among the Prime Minister’s Office, Home Ministry, and IT Ministry.
    • Globally, CERTs can fall under either the Home office or the IT ministry, depending on the country.

Conclusion

The tussle between the IT Ministry and MHA over CERT-In highlights the evolving challenges in cybersecurity management and the need for clear delineation of roles and responsibilities among various governmental agencies.


Q.1. What is Indian Cyber-crime Coordination Centre (I4C)?

The Indian Cyber-crime Coordination Centre (I4C) is a government initiative aimed at addressing cybercrime in India. It coordinates law enforcement efforts, facilitates capacity building, and fosters collaboration among agencies to combat cyber threats and enhance cybersecurity.

Q.2. What is cyber security?

Cybersecurity is the practice of protecting computer systems, networks, and data from digital attacks, unauthorized access, and damage. It involves implementing measures such as encryption, firewalls, and intrusion detection to ensure the confidentiality, integrity, and availability of information.

Source: Both Home and IT ministries pitch for control of nodal cyber security watchdog Cert-In

Latest UPSC Exam 2025 Updates

Last updated on June, 2025

UPSC Notification 2025 was released on 22nd January 2025.

UPSC Prelims Result 2025 is out now for the CSE held on 25 May 2025.

UPSC Prelims Question Paper 2025 and Unofficial Prelims Answer Key 2025  are available now.

UPSC Calendar 2026 is released on 15th May, 2025.

→ The UPSC Vacancy 2025 were released 1129, out of which 979 were for UPSC CSE and remaining 150 are for UPSC IFoS.

UPSC Mains 2025 will be conducted on 22nd August 2025.

UPSC Prelims 2026 will be conducted on 24th May, 2026 & UPSC Mains 2026 will be conducted on 21st August 2026.

→ The UPSC Selection Process is of 3 stages-Prelims, Mains and Interview.

UPSC Result 2024 is released with latest UPSC Marksheet 2024. Check Now!

UPSC Toppers List 2024 is released now. Shakti Dubey is UPSC AIR 1 2024 Topper.

→ Also check Best IAS Coaching in Delhi

Vajiram Editor
Vajiram Editor
UPSC GS Course 2026
UPSC GS Course 2026
₹1,75,000
Enroll Now
GS Foundation Course 2 Yrs
GS Foundation Course 2 Yrs
₹2,45,000
Enroll Now
UPSC Prelims Test Series
UPSC Prelims Test Series
₹6000
Enroll Now
UPSC Mains Test Series
UPSC Mains Test Series
₹16000
Enroll Now
UPSC Mentorship Program
UPSC Mentorship Program
₹85000
Enroll Now
Enquire Now