“CERT-In DG Dr. Sanjay Bahl: India’s Path to Global Cybersecurity Leadership”
As India accelerates the growth of its digital infrastructure, cybersecurity has emerged as a vital component of national resilience.
New Delhi [India], December 5:As India accelerates the growth of its digital infrastructure, cybersecurity has emerged as a vital component of national resilience. At the forefront of the country’s cyber defence is Dr. Sanjay Bahl, Director General of the Indian Computer Emergency Response Team (CERT-In), Government of India. Over the years, he has been instrumental in enhancing national cyber governance, incident response, risk management frameworks, and overall security capabilities. In this interview, Dr. Bahl shares insights on India’s strategic cyber priorities, sector-specific vulnerabilities, global collaborations, and the roadmap for fortifying the nation’s cyber ecosystem.
1. What is your vision for positioning India as a global leader in cyber resilience?
As the Director General of the Indian Computer Emergency Response Team (CERT-In), Government of India, my vision aligns with the Hon’ble Prime Minister’s digital agenda. From a cybersecurity point of view, I see this as a mission to amplify a safe, secure, trusted, vibrant and resilient digital future for our society, industry and government. This is the foundation on which India can build global leadership in cyber resilience.
2. Which sectors face the highest cyber risks today, and how is CERT-In tackling them?
The BFSI and fintech sector faces the highest level of cyber risk because of the 5 Ds: Digitization, Disruption, Democratisation, Decentralization and Data. These elements create a highly attractive environment for malicious actors.
At CERT-In, we respond to these risks through 24×7 incident monitoring and response, real-time threat intelligence, the National Cyber Coordination Centre, botnet and malware alerts through Cyber Swachhta Kendra, empanelled cyber auditors, large-scale cyber drills and our Cyber Abhyas Suvidha cyber range for advanced preparedness.
3. How can India build stronger coordination between government and industry in cyber defence?
A strong demonstration of this coordination is our Cyber Swachhta Kendra, which now covers 98 percent of India’s digital population. Through this platform, we offer free bot-removal tools, cyber hygiene guidelines and security utilities for both individuals and organisations. This public–private partnership with ISPs, antivirus companies, academia and government has significantly strengthened cyber hygiene.
In the energy and power sector alone, we recorded nearly a 90 percent reduction in botnet infections. The World Economic Forum has showcased this model as a global example of scalable cyber protection.
4. What role can CERT-In play in accelerating cybersecurity innovation among startups and SMEs?
Cybersecurity is a fundamental enabler of digital transformation. Under MeitY, we support startups by identifying and mentoring innovative cybersecurity technologies. At CERT-In, we also use some of these startup-developed tools in our operations, which helps them improve resilience and scalability.
For MSMEs, we created a baseline audit framework consisting of 15 Elemental Controls and 45 recommendations. This provides them with a structured approach to improving their cybersecurity posture and building trust across supply chains.
5. How is CERT-In balancing mandatory incident reporting with trust and data protection?
We have neutralised several coordinated cyber campaigns in recent years. The six-hour incident reporting mandate has been instrumental, as it enables near real-time coordination across sectors and allows us to issue timely advisories to other organisations at risk.
With continuous monitoring and advanced analytics, we detect anomalies early and contain threats faster. Throughout this process, we maintain a strong focus on building trust and ensuring data protection.
6. What are your priorities for developing India’s next generation of cybersecurity professionals?
India requires strong technological literacy to build cyber resilience. We are focusing on nurturing talent in AI security, quantum security, network security and domain-specific cybersecurity roles.
Key initiatives include the CERT-In and BITS Pilani cybersecurity certificate course, the CERT-In and SISA CISPAI program for securing AI and generative AI systems, a 60-hour Cyber Security Foundation Course for the financial sector, expanded certifications under MeitY’s ISEA programme and an upcoming course on Quantum Security.
7. How effective have CERT-In’s national cyber drills been in strengthening readiness across sectors?
Our drills are structured around the principles of anticipate, withstand, recover and evolve. These red-blue team exercises have significantly strengthened the readiness and incident management capabilities of organisations.
Our initiative with cooperative banks was highlighted in the World Economic Forum’s Global Cybersecurity Outlook 2025 as a replicable model for resource-limited institutions and an effective example of building cyber equity.
8. How is CERT-In preparing for threats driven by AI, quantum computing and advanced automation?
We are preparing the ecosystem by publishing extensive technical guidelines and whitepapers. These include documents on Software Bill of Materials, cybersecurity for smart cities, satellite communication security, unmanned aircraft systems, MSME cyber controls, AI system security and quantum readiness. These publications help organisations strengthen their defences against advanced and emerging threats.
9. What steps are being taken to enhance India’s role in global cybersecurity collaboration?
We are actively expanding India’s presence in global cybersecurity collaborations. This includes a joint high-level AI cyber risk analysis report with France’s National Cybersecurity Agency, contributions to the Cyber Resilience Compass report by the World Economic Forum and the University of Oxford, and technical reports for Asia Pacific CERT.
We participate regularly in global platforms such as the World Economic Forum, Global Forum for Cyber Expertise, ICANN, Internet Governance Forum, Financial Stability Board, SIFMA Quantum Dawn, QUAD, BRICS and United Nations working groups. These engagements strengthen India’s voice and leadership in shaping global cybersecurity policies.
10. What message would you give to India’s cybersecurity innovators and entrepreneurs?
This is an important phase for India’s cybersecurity ecosystem. I encourage innovators to strengthen public–private partnerships, develop resilient cyber solutions and accelerate the transition to a quantum-safe future. Together, we can make Bharat a global leader in cybersecurity. The next decade will be exciting, and collective effort will be the key to our success.
