Note4Students
From UPSC perspective, the following things are important :
Prelims level: CNA, CVE Program, CERT-IN
Mains level: Cyber security challenges for India
CERT-In has partnered with the Common Vulnerabilities and Exposures (CVE) Program and has been authorized as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.
What is CVE Program?
- CVE is an international, community-based effort and relies on the community to discover vulnerabilities.
- The vulnerabilities are discovered then assigned and published to the CVE List.
- Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
- Partners publish CVE Records to communicate consistent descriptions of vulnerabilities.
Mission of the Program
- The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
- The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.
Who are the CNAs?
- CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record.
- The CVE List is built by CVE Numbering Authorities (CNAs).
- Every CVE Record added to the list is assigned by a CNA.
- The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
- Each CNA has a specific Scope of responsibility for vulnerability identification and publishing.
Back2Basics: Indian Computer Emergency Response Team (CERT-IN)
- CERT-IN is an office within the Ministry of Electronics and Information Technology.
- It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens the security-related defense of the Indian Internet domain.
- It was formed in 2004 by the Government of India under the Information Technology Act, 2000 Section (70B) under the Ministry of Communications and Information Technology.
UPSC 2022 countdown has begun! Get your personal guidance plan now! (Click here)
Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024
Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. https://www.solution2pass.com/8010-questions.html