As per the Crisis Management Plan for countering cyber attacks and cyber terrorism prepared by Government of India, States should draw up their own sectoral Crisis Management Plans and implement the same. Since there is lack of adequate expertise in Government/Government Agencies/Kerala IT Mission it emerged that there is need for setting up an ongoing permanent mechanism which would act as nodal agency for monitoring various cyber security related matters for Government of Kerala/Government Organisations.
The state government have therefore to ensure cyber security of Kerala felt the necessity for setting up of Computer Emergency Response Team-Kerala (CERT-Kerala or CERT-K) in line with CERT India (CERT-IN). The purpose of CERT-K is to coordinate security efforts and incident response for IT security problems on a state level in Kerala and to enhance the security of State Government's Communications and Information Infrastructure through proactive action and effective collaboration. CERT-K shall also oversee the implementation of crisis management plan of the Government of Kerala.
Objectives of CERT-K
- To collect and maintain a repository of all System/Website administrators of Kerala Government Websites/Web applications
- To create a suitably qualified and empowered personnel who can further knowledge and expertise in this area to advance the mission.
- Initiate proactive measures to increase awareness and understanding of Information security and computer security issues throughout the community of network users and service providers by disseminating security related information.
- To act as a nodal agency to conduct security audits or assessments of government and constituent IT infrastructure in the state, evolving security policy for the state.
- To act as a central point for monitoring, identifying vulnerabilities and suggesting remedial measures for correcting vulnerabilities in computer and communication systems(websites & e-governance applications) belonging to government and 'certify' any e-governance or e-commerce site in the state
- Build awareness and conduct education, training, research and development.
- Develop state's crisis management plan and implement the same in coordination with CERT-In with well laid policies and procedures of data recovery offering the following services to critical infrastructure clients.
- Vulnerability Reporting
- Incident Reporting
- Incident Analysis
- Vulnerability Assessment of various Kerala Government Websites
- Log analysis
- Coordination with CERT-In and HITECH CELL