When Dr. Sanjay Bahl took charge of CERT-In, India’s cybersecurity challenge was already formidable. By 2025, internet connections had crossed the 100-crore mark, digital payments had become routine for millions, and critical public infrastructure—from power grids to financial networks—had become deeply networked. What followed was not just scale, but velocity.
Under Dr. Bahl’s stewardship, CERT-In expanded its role beyond a reactive incident-response unit into a national nerve centre for cyber resilience. In 2025 alone, the agency handled more than 29.44 lakh cyber incidents, issuing thousands of alerts, vulnerability notes, and advisories.
While these numbers are striking, they only partially capture the complexity of the task: responding in near real time to threats ranging from phishing campaigns and ransomware attacks to sophisticated, AI-enabled intrusions targeting critical infrastructure.
Anchored in Section 70B of the Information Technology Act, 2000, CERT-In’s mandate spans prevention, monitoring, coordination, and mitigation. Over time, this mandate has been interpreted expansively, with growing emphasis on preparedness and systemic resilience rather than episodic crisis management.
A Digital Boom—and a Rapidly Expanding Attack Surface
India’s digital growth story is by now well documented. Data consumption has surged nearly 400-fold since 2014, while Unified Payments Interface (UPI) transactions now number in the tens of billions annually. Government services, welfare delivery, commerce, and education increasingly rely on digital platforms.
But each advance has widened the attack surface. The same infrastructure that enables instant payments also attracts financial fraud. The same connectivity that links remote villages exposes first-time users to malware, botnets, and online deception.
Recognising this, CERT-In’s approach has evolved in parallel with India’s digital ambitions. Sector-specific response mechanisms—such as CSIRT-Fin for the financial sector and CSIRT-Power for the electricity grid—reflect this adaptive strategy. These units translate national threat intelligence into sector-level action, coordinating with banks, utilities, and regulators to contain incidents before they escalate into systemic failures.
Officials emphasise that the objective is not merely to respond to cyberattacks, but to reduce the likelihood that routine disruptions snowball into national emergencies.
From Incident Response to Institutional Architecture
What distinguishes CERT-In’s recent trajectory is the depth of institutional scaffolding built around cybersecurity. A network of 231 empanelled cybersecurity audit organisations now conducts regular assessments across government and critical sectors.
Findings from these audits inform secure design guidelines and responsible vulnerability disclosures, creating a continuous feedback loop between detection and prevention.
At the citizen level, initiatives such as the Cyber Swachhta Kendra illustrate a quieter but equally significant shift. By December 2025, the platform covered an estimated 98 percent of India’s digital population, issuing large-scale notifications on malware infections and offering free remediation tools. With nearly 90 lakh downloads, the programme underscores the recognition that national cybersecurity is inseparable from individual digital hygiene.
Parallel investments in training and preparedness have also expanded. CERT-In conducted dozens of specialised technical programmes and more than a hundred cybersecurity drills in 2025, involving over 1,500 organisations across sectors including defence, telecommunications, energy, transportation, and finance. These exercises, largely invisible to the public, test institutional reflexes during simulated crises.
Global Recognition and the Question of Trust
CERT-In’s growing profile has not gone unnoticed internationally. References by platforms such as the World Economic Forum, the University of Oxford, and France’s ANSSI to India’s AI-driven threat detection and citizen-centric malware mitigation signal a broader shift.
India is increasingly viewed not merely as a large digital market, but as a serious and responsible cybersecurity actor.
At the same time, the path ahead remains complex. As CERT-In’s reach expands, questions around transparency, proportionality, and trust—particularly in an era of AI-enabled surveillance and cross-border data flows—become more pronounced. Balancing rapid response with civil liberties, and national security with global cooperation, will define the next phase of institutional evolution.
For now, under Dr. Sanjay Bahl’s leadership, CERT-In stands as a case study in how a state institution adapts to the pressures of scale. In a digital ecosystem as vast and diverse as India’s, cybersecurity is no longer a background function. It has become a central pillar of governance—shaped one incident, one alert, and one coordinated response at a time.
