13-Oct-2022: CERT-In and Power-CSIRTs jointly conduct Cyber Security Exercise “PowerEX-2022”

Indian Computer Emergency Response Team (CERT-In) in collaboration with Power-CSIRTs (Computer Security Incident Response Teams in Power sector), successfully designed & conducted the Cyber Security Exercise “PowerEX” for 193 invited Power Sector Utilities, here yesterday. The Exercise Planner Team of Power-CSIRTs’ officials worked along with CERT-In team on the exercise day as Exercise Coordinators. The Objective of the exercise was to “Recognize, Analyse & Respond to Cyber Incident in IT & OT Systems”.

The theme of the exercise was “Defending Cyber induced disruption in IT & OT infrastructure”. Exercise “PowerEX” was hosted by CERT-In on its exercise simulation platform. Around 350+ official from various Power Sector Utilities participated in the event. Exercise “PowerEX” was successful in meeting its objectives and helped the participants to learn, practice and respond to cyber security incidents.

31-Aug-2022: CERT-In hosts Cyber Security Exercise “Synergy” for 13 countries as part of International Counter Ransomware Initiative- Resilience Working Group

Indian Computer Emergency Response Team (CERT-In) under Ministry of Electronics & IT, Government of India, in collaboration with Cyber Security Agency of Singapore (CSA), today, successfully designed & conducted the Cyber Security Exercise “Synergy” for 13 Countries as part of the International Counter Ransomware Initiative- Resilience Working Group which is being led by India under the leadership of National Security Council Secretariat(NSCS).

The theme of the exercise was “Building Network Resiliency to counter Ransomware Attacks”. The exercise scenario was derived from real life cyber incidents, in which a domestic level (limited impact) ransomware incident escalates to a global cyber security crisis.

Exercise “Synergy” was hosted by CERT-In on its exercise simulation platform. Each State participated as a National Crisis Management Team having composition from different government agencies including National CERTs/CSIRTs, Law Enforcement Agencies (LEA), Communication & IT/ICT Ministry and Security agencies.

The specific objective of the exercise was to Assess, Share and Improve strategies and practices among Member-States to build network resiliency against ransomware & cyber extortion attacks.

Exercise “Synergy” was successful in meeting its objectives and provided insights for better coordination & cooperation among CRI Member States to build network resiliency and counter ransomware attacks.

28-Jun-2022: CERT-In extends timelines for enforcement of Cyber Security Directions till 25 September, 2022 for MSMEs and for the validation aspects of subscribers/customers details

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country as per provisions of section 70B of the IT Act, 2000. CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. CERT-In issued directions relating to information security practices in exercise of  powers bestowed u/s 70B(6) of the Information Technology Act to promote Open, Safe & Trusted and Accountable Internet in the country on 28 April, 2022.

Subsequently, in response to general queries received by CERT-In, a set of Frequently Asked Questions (FAQs) document was also released by Hon’ble Minister of State for Electronics & Information Technology & Skill Development and Entrepreneurship, Shri Rajeev Chandrasekhar on 18 May, 2022 to enable better understanding of various stakeholders as well as to promote Open, Safe & Trusted and Accountable Internet in the country.

MeitY and CERT-In are in receipt of requests for the extension of timelines for implementation of these Cyber Security Directions of 28th April, 2022 in respect of Micro, Small and Medium Enterprises (MSMEs). Further, additional time has been sought for implementation of mechanism for validation of subscribers/customers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers.

The matter has been considered by CERT-In and it has been decided to provide extension till 25 September, 2022 to Micro, Small and Medium Enterprises (MSMEs) in order to enable them to build capacity required for the implementation of the Cyber Security Directions. In addition, Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers are also provided with additional time till 25 September, 2022 for implementation of mechanisms relating to the validation aspects of the of subscribers/customers details. The order to this effect is available at https://www.cert-in.org.in/Directions70B.jsp

An additional set of FAQs is also being published at https://www.cert-in.org.in/Directions70B.jsp which would address specific queries received by CERT-In recently.

18-May-2022: Indian Computer Emergency Response Team (CERT-In) releases FAQs to address queries on Cyber Security Directions of 28.04.2022

Shri Rajeev Chandrasekhar, Minister of State for Electronics & Information Technology & Skill Development and Entrepreneurship, released a Frequently Asked Questions (FAQs) document here today i.e. on 18.05.2022. The document explains the nuances of the Cyber Security Directions of 28.04.2022 issued by CERT-In under sub-section (6) of section 70B of the Information Technology Act, 2000 for enabling better understanding of various stakeholders as well as to promote Open, Safe & Trusted and Accountable Internet in the country. The FAQs have been prepared in response to general queries received by CERT-In on the Cyber Security Directions issued on 28.04.2022.

While releasing the FAQs document, Shri Rajeev Chandrasekhar mentioned that Online Safety and Trust are important public policy objectives for the Narendra Modi Government. “As we take rapid strides towards achieving our target of $1 Trillion Digital Economy, it is equally important to ensure that Internet, which is presently accessed by 80 crore people and shall soon cover 120 crore people, remains open, safe & trusted and accountable”, he added.

In this context, the Government has undertaken many initiatives to create an atmosphere of online safety and trust to address cyber security by augmenting  infrastructure, situational awareness of cyber threats, cyber security research and development,  creating awareness and capacity building etc. For these programs an amount of Rs. 809.58 Crores have been spent during 2019-20 to 2021-22. An amount of Rs. 515 Crores is allocated for cyber security programs for the year 2022-23. MeitY is also  implementing a project entitled ‘Information Security Education and Awareness (ISEA) Project Phase II’ with an outlay of Rs. 96.08 crores with the objectives of capacity building in the area of information security, training of Government personnel and creation of mass information security awareness for various users. So far, a total of 78,021 candidates have been trained/under-going training in various formal/non-formal courses in Information Security through 52 institutions. Further, 5 Technical Universities participating under the project have reported around 2.74 lakh candidates as trained/ under-going training in formal courses in their respective affiliated colleges. So far, 22,881 Government personnel have been trained in the area of Information Security through direct/e-learning/VILT mode, which inter-alia includes 10,045 Government personnel of Central Ministries/Departments. So far, 1,360 awareness workshops have been conducted across the country covering 2,44,883 participants and 1,24,086 school teachers trained as Master Trainers in 41 training programmes. Around 5.75 crore estimated beneficiaries have been impacted through indirect mode.

Recently issued Cyber Security Directions are just one piece in the overall cyber security architecture that the Government is putting in place to counter emerging threats. “Cyber Security Rules were already in place but they are around 11 years old. 11 years is a long time in the internet era. Over this period, size, shape & dimension of Internet has changed significantly. The nature of user harms and risks in 2022 are different from what it used to be a decade back.  The perpetrators of cyber crime are both state and non state actors with sinister designs. Rapid & Mandatory reporting of incidents is a must and a primary requirement for remedial action for ensuring stability and resilience of Cyber Space.”, said Rajeev Chandrasekhar

FAQ & its significance: This FAQs, consisting of 44 questions, endeavors  to respond to general queries on these Cyber Security Directions in a simple and easily understandable manner  towards  operationalisation of these directions to achieve the objective for  all the  relevant entities  and  common user.

The FAQ consists of primarily three sections, namely-

• Section I: Basic Terminology and Scope of the Directions
• Section II: Directions under sub-section (6) of section 70B of the IT Act, 2000
• Annexure-I: Explanation for Types of Cyber Security Incidents to be Reported to CERT-In

Section I: comprises of the basic terminology and scope of the directions like- reason for these Cyber Security Directions; who do these Cyber Security Directions of 28.04.2022 apply to; the functions of CERT-In in the area of cyber security; method of reporting and format for incident reporting, etc.

Section II comprises of the nuances and explanations of the Cyber Security Directions like- areas the Cyber Security Directions cover; benefit of the directions to the users in the country; Do the directions affect the Right to Privacy of individuals; time frame for reporting and information to be shared while reporting incidents; various applicability aspects of these Cyber Security Directions; and clarifications related to logging requirements, time synchronization, and maintenance of specific information by entities, etc.

Annexure-I of the FAQs consists of an illustrative list of explanation of the types of incidents required to be reported to CERT-In.

The Cyber Security Directions of 28.04.2022 shall enhance overall cyber security posture and ensure Open, Safe & Trusted Internet in the country.

These FAQs on the Cyber Security Directions of 28.04.2022 are available at https://www.cert-in.org.in/Directions70B.jsp

28-Apr-2022: CERT-In issues directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country as per provisions of section 70B of the Information Technology Act, 2000. CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. CERT-In regularly issues advisories to organisations and users to enable them to protect their data/information and ICT infrastructure. In order to coordinate response activities as well as emergency measures with respect to cyber security incidents, CERT-In calls for information from service providers, intermediaries, data centres and body corporate.

During the course of handling cyber incidents and interactions with the constituency, CERT-In has identified certain gaps causing hindrance in incident analysis. To address the identified gaps and issues so as to facilitate incident response measures, CERT-In has issued directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of section 70B of the Information Technology Act, 2000. These directions will become effective after 60 days.

The directions cover aspects relating to synchronization of ICT system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centers, Virtual Private Server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers and custodian wallet providers. These directions shall enhance overall cyber security posture and ensure safe & trusted Internet in the country.

27-Oct-2021: CERT-In authorized as CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India

Indian Computer Emergency Response Team ( CERT-In) has been undertaking responsible vulnerability disclosure and coordination for vulnerabilities reported to CERT-In in accordance to its vulnerability coordination role as a National CERT since its inception. To move a step further in the direction to strengthen trust in “Make in India” as well as to nurture responsible vulnerability research in the country, CERT-In has partnered with the Common Vulnerabilities and Exposures (CVE) Program. In this regard, Indian Computer Emergency Response Team (CERT-In) has been authorized by the CVE Program, as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.

CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published to the CVE List.  Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. It is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities.

CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record. The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Record added to the list is assigned by a CNA. The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. Each CNA has a specific Scope of responsibility for vulnerability identification and publishing.

23-Aug-2018: 35% of cyber-attacks on Indian sites from China: CERT-In report.

A report sent to the National Security Council Secretariat (NSCS) and other security agencies by a department under the Ministry of Electronics and Information Technology has said that the maximum number of cyber-attacks on official Indian websites are from China, US and Russia. It has also flagged the possibility of “malicious actors from Pakistan using German and Canadian cyberspace for intruding into Indian cyberspace and carrying out malicious activities”.

The report, prepared by the Indian Computer Emergency Response Team (CERT-In), which comes under the ministry, analysed cyber-attacks from April-June 2018. CERT-In is the nodal agency which deals with cyber security threats like hacking and phishing. It collects, analyses and disseminates information on “cyber incidents”, and also issues alerts on “cyber security incidents”.

According to the report, it has been observed that China continues to “intrude” Indian cyberspace in a “significant” way. The cyber-attacks from China made up 35% of the total number of cyber-attacks on official Indian websites, followed by US (17%), Russia (15%), Pakistan (9%), Canada (7%) and Germany (5%).

Many of the institutions impacted by the malicious activities have been identified, and they have been advised to take appropriate preventive action. These include Oil and Natural Gas Corporation (ONGC), National Informatics Centre (NIC), Indian Railway Catering and Tourism Corporation (IRCTC), Railways, Centre for Railway Information Systems (CRIS) and some banks like Punjab National Bank, Oriental Bank of Commerce, State Bank of India and state data centres, particularly in Maharashtra, Madhya Pradesh and Karnataka.

The activities relating to intruding into the cyberspace are being regularly monitored. China continues to be intruding the cyberspace in a significant way followed by the US and Russia. It has also been observed that intruding activities are coming from Canadian and German cyberspace — most possibly suspected to have originated from Pakistan actors to target Indian websites.

They are targeting by sending spear phishing emails with malware attachments. Phishing attacks are usually in the form of an email from a trusted source where they ask for personal details such as bank details personal details, passwords.