From UPSC perspective, the following things are important :
Prelims level : CNA, CVE Program, CERT-IN
Mains level : Cyber security challenges for India
CERT-In has partnered with the Common Vulnerabilities and Exposures (CVE) Program and has been authorized as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.
What is CVE Program?
- CVE is an international, community-based effort and relies on the community to discover vulnerabilities.
- The vulnerabilities are discovered then assigned and published to the CVE List.
- Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
- Partners publish CVE Records to communicate consistent descriptions of vulnerabilities.
Mission of the Program
- The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
- The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.
Who are the CNAs?
- CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record.
- The CVE List is built by CVE Numbering Authorities (CNAs).
- Every CVE Record added to the list is assigned by a CNA.
- The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
- Each CNA has a specific Scope of responsibility for vulnerability identification and publishing.
Back2Basics: Indian Computer Emergency Response Team (CERT-IN)
- CERT-IN is an office within the Ministry of Electronics and Information Technology.
- It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens the security-related defense of the Indian Internet domain.
- It was formed in 2004 by the Government of India under the Information Technology Act, 2000 Section (70B) under the Ministry of Communications and Information Technology.