Latest news with #NCIIPC
Time of India
11-07-2025
- Business
- Time of India
1,172 phishing domains flagged; NTRO briefs parliamentary panel, says matrix formulated to address data security threat
Cybersecurity threat India's cybersecurity agency on Thursday revealed that it had identified 1,172 phishing domains in the first half of 2025. The data was shared by the National Critical Information Infrastructure Protection Centre (NCIIPC), which operates under the National Technical Research Organisation (NTRO). Officials from NCIIPC presented the findings to the Parliamentary Standing Committee on Home Affairs, during a briefing on key cybersecurity threats, chaired by BJP Rajya Sabha member Radha Mohan Das Agarwal. The agency identified seven critical sectors namely Banking, financial services and insurance; power and energy; telecom; transport; strategic and public enterprises; health and governmen. 427 information infrastructures from 114 organisations have been classified as critical. Addressing the parliamentary panel, the agency said that steps will be taken to address the security threat and protect computers resources within the critical sectors based on a matrix formulated by NCIIPC in collaboration with concerned organisations. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Indian Express
22-05-2025
- Politics
- Indian Express
How India cut through the fog of cyber war during Operation Sindoor
Written by Arindrajit Basu The spate of kinetic hostilities between India and Pakistan in the aftermath of the Pahalgam attack was accompanied by a surge in offensive cyber activity from Pakistan-based non-state actors. It was unleashed against the critical information infrastructure and other sensitive assets in India's burgeoning digital ecosystem. India's cybersecurity and defense architecture stepped up to the plate effectively, preventing disruptions to online societal and financial functions. India is already one of the leading victims of state-sponsored cyber attacks worldwide, given its precarious geo-political location. As the 'new normal' in India-Pakistan ties takes shape, cyber attacks are likely to proliferate and India's cyber resilience will be tested. This entails cultivating a systemic approach that responds to and mitigates cyber threats in the medium- and long-term. My analysis is limited to resilience in the face of offensive cyber operations, understood as attacks that compromise the confidentiality, integrity, or availability of information technology systems or networks. Information operations or orchestrated disinformation campaigns need to be tackled through a different set of constitutional, legislative and policy levers, as others have already analysed for The Indian Express. In the past two decades, India has developed a panoply of cyber institutions. The establishment of the office of the National Cyber Security Coordinator (NCSC) which advises the Prime Minister's Office (PMO) and National Security Advisor (NSA) marked the recognition of cyber resilience as a key strategic priority. India's Computer Emergency Response Team (CERT-IN), set up legislatively through Section 70B of the Information Technology Act, detects and responds to cyber incidents, furthers capacity and awareness, and proactively issues cybersecurity advisories and guidelines. Other key cyber institutions include the National Critical Information Infrastructure Protection Centre (NCIIPC) in the PMO, the Defence Cyber Agency (DyCA) drawing from the three branches of the armed forces and the MHA's Indian Cyber Crime Coordination Centre (I4C) that deals with domestic cyber crime issues. During and after the hostilities, CERT-IN worked with the Ministry of Finance to ensure that day-to-day activities and functions in the banking, financial services, and insurance (BFSI) sector, including India's UPI, continued without any disruption. The cybersecurity teams in India's public and private sector banks worked in close coordination with CERT-IN and NCIIPC to conduct mock drills and deploy protective cybersecurity tools. Based on an advisory from CERT-IN, the Bombay Stock Exchange also implemented a number of safeguards, including restricting access to its website for users outside India. This effective institutional response during the recent crisis was enabled by long-term investment in funding and partnerships. The CERT-IN's budget allocation has consistently increased every year — from Rs 42 crore for the financial year 2019-20 to Rs 255 crore in this year's Union budget. The Union government has also ramped up its investment in other cybersecurity projects, including situational awareness and threat detection — Rs 782 crore this year, up from Rs 120 crore in 2019-20. Going forward, the budgetary needs and expenditure of India's cyber institutions should be continuously evaluated to ensure that skilled personnel are hired and appropriate technical tools and infrastructure are developed or purchased. India's cyber institutions have ramped up partnerships both with the private sector and international counterparts. CERT-IN and NCIIPC have started engaging more proactively with the security research community to detect and disclose vulnerabilities in information systems by hosting joint closed-door workshops and offering incentives and recognition. CERT-IN has entered into Memorandums of Understanding (MoUs) with private sector companies like Google and Mastercard to promote information sharing, joint research, and capacity building in both the public and private sectors. It has also set up the Threat Intelligence Exchange, a national platform to share threat intelligence with key stakeholders. India has utilised its geopolitical relationships to stitch together cyber-specific partnerships and coalitions. CERT-IN is a member of the global Forum of Incident Response Teams (FIRST), the premier global organisation fostering cooperation among cyber-incident response teams and organised a G20 cybersecurity drill during India's G20 presidency in 2023. The Quadrilateral Security Dialogue comprising India, Australia, the US and Japan has set up a Senior Cyber Group that engages in regular strategic dialogue and shapes standards and principles on supply chain resilience and critical infrastructure security. Notwithstanding its geopolitical clout, India has been reluctant to publicly articulate a definitive cyber doctrine or cyber strategy. Laying out the government's strategic thinking and overarching approach on issues such as cyber partnerships, global cyber norms and international law, cybersecurity financing, and the conduct of cyberoperations could further certainty and coordination among domestic stakeholders while burnishing India's global reputation as a responsible cyber power. However, given volatile geopolitical circumstances, such articulation must be careful to not constrain New Delhi's offensive or defensive options in cyberspace. India fares well on cyber resilience, as highlighted by its position in Tier-1 of the ITU's Global Cybersecurity Index. However, the fog of war necessitates continuous vigilance, evolution and cooperation with domestic and international partners. The writer is a non-resident fellow, Planetary Politics at New America. Views are personal
