Government has stepped up efforts to secure its digital infrastructure against rising cyber threats, including ransomware attacks and cross-border cybercrime, as government services and critical systems become increasingly dependent on online platforms.
In a written response to Parliament on Wednesday, Minister of State for Electronics and Information Technology Jitin Prasada said the government is working to ensure a safe and accountable cyberspace through continuous monitoring, audits and incident response measures led by agencies such as the Indian Computer Emergency Response Team and the National Critical Information Infrastructure Protection Centre.
CERT-In, which is designated as the national agency for responding to cyber incidents under Information Technology Act, 2000, monitors threats across sectors and issues regular alerts and advisories on emerging vulnerabilities, including those linked to artificial intelligence driven attacks. It also coordinates responses with affected organisations and supports system restoration after incidents.
As part of these efforts, CERT-In issued comprehensive cyber security audit guidelines in July 2025, setting out a standardised framework for annual security audits across sectors, including critical infrastructure.
According to the government, 231 security auditing organisations have been empanelled to support implementation of information security best practices.
The National Informatics Centre, which manages core digital infrastructure for government departments, conducts annual security audits of critical systems through CERT-In empanelled agencies.
These audits cover central ministries, state governments and national data centres, as well as key web applications and databases. Measures include the deployment of endpoint detection tools, removal of legacy systems and round-the-clock threat monitoring using artificial intelligence and machine learning based tools.
The government has also introduced zero trust security principles across NIC managed infrastructure and conducts regular cyber awareness programmes for government employees. Sector-specific incident response teams have been set up for areas such as finance and power to improve detection and response within high-risk domains.
To improve preparedness, cyber security mock drills are held periodically, while all government bodies are required to follow a cyber crisis management plan designed to ensure coordinated recovery during major attacks. More than 200 sensitisation workshops have been conducted to familiarise organisations with these procedures.
On the citizen side, CERT-In operates the Cyber Swachhta Kendra, which provides free tools to detect and remove malware and issues daily alerts on botnet infections. The government is also investing in skills development through awareness programmes and specialised training, including a certification focused on securing artificial intelligence systems.
