The Government of India is stepping up efforts to combat the growing frequency and sophistication of cyberattacks by implementing legal, technical, and administrative policies to strengthen cybersecurity across the country. A nationwide integrated and coordinated system has been institutionalised to tackle cyber threats, ensuring the protection of critical infrastructure and private data.

Key Cybersecurity Measures National Cyber Security Coordinator (NCSC): Oversees coordination among various agencies under the National Security Council Secretariat (NSCS).

Indian Computer Emergency Response Team (CERT-In): The designated national agency under Section 70B of the IT Act, 2000, responsible for responding to cybersecurity incidents. National Cyber Coordination Centre (NCCC): Operated by CERT-In, this control centre monitors cyberspace for potential threats and facilitates information sharing among agencies. Cyber Swachhta Kendra (CSK): A public service initiative for botnet cleaning and malware analysis, offering free security tools and best practices for citizens and organisations. Indian Cybercrime Coordination Centre (I4C): Established by the Ministry of Home Affairs (MHA) to handle cybercrimes in a coordinated and effective manner. National Critical Information Infrastructure Protection Centre (NCIIPC): Set up under Section 70A of the IT Act, 2000, to safeguard critical digital assets from cyber threats.

Initiatives to Strengthen Cybersecurity Framework The government has rolled out multiple policies and regulatory frameworks to ensure data protection and cyber resilience, including: NCIIPC’s Threat Intelligence and Compliance Measures: Provides alerts, advisories, and security training to organisations handling Critical Information Infrastructure (CII). IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011: Mandates stringent data security protocols. IT Rules, 2021: Requires digital intermediaries to adopt robust security practices for data protection. Digital Personal Data Protection Act, 2023 (DPDPA): Ensures lawful data processing while safeguarding individual privacy. CERT-In’s Cyber Security Directions (2022): Establishes standards for incident reporting and prevention. Cyber Crisis Management Plan: A national framework for countering cyberattacks and cyber terrorism.

Strengthening Cyber Resilience Through Audits and Training Cybersecurity Mock Drills: CERT-In has conducted 109 drills, engaging 1,438 organisations across sectors. Security Audits: 200 cybersecurity auditing firms have been empanelled to enhance cyber resilience. Capacity Building: In 2024 alone, 12,014 officials underwent training through 23 cybersecurity programmes