At ISC2 Secure India in Bengaluru last week, Dr Sanjay Bahl, Director General, CERT-In & Controller of Certifying Authorities (CCA) in India, said Trust needs to be qualitative and measurable. Trust at scale is critical, as we are in the age of machine-to-machine communication.
We are in the age of agentic AI, where machines communicate directly to broker services or exchange information. When humans leave decision-making to machines (agents, in this case), it becomes crucial to establish trust as a process. Trust at scale is critical, as we are in the age of machine-to-machine communication.
“It is essential to build trust in the digital age. Like quality, trust is free. But you need to think of it as a process, so that you can measure it, like quality,” said Dr Sanjay Bahl, Director General, CERT-In & Controller of Certifying Authorities (CCA) in India.
The fusion of physical and digital environments and the convergence of emerging technologies have driven unprecedented demand for computational power. But it has also increased cyber risk, said Dr Bahl.
“Supercomputers, cloud computing, high-performance computing, quantum machines, large-scale AI compute clusters, and emerging biocomputing are converging not as parallel tracks but as a single fused ecosystem creating an unprecedented computational ecosystem as the backbone of our digital future.
It is reshaping science and society not just as engines of progress but as essential to national security, scientific research, and global economic leadership. It has also created a dramatically expanded cyber-attack surface threatening the fragile backbone of trust in the digital age.”
He urged delegates at the conference to think about ways to make India’s digital ecosystem robust and trustworthy.
Building Trust at Scale
Building trust in digital technology, among more than a billion Indian users, may seem far-fetched or impossible to achieve. But Dr Bahl alluded to a CERT-In initiative that proved the naysayers wrong and even drew the attention of the World Economic Forum last year.
CERT-In initiated Cyber Swachhta Kendra in 2017 after the government of India introduced the Swachh Bharat Abhiyan mission (cleanliness campaign).
“We wanted to extend this [cleanliness campaign] to cyberspace and protect users from bots and malware, which they were not even aware of,” Dr. Bahl said.
During the demonetization and COVID phases in India, more users began using digital devices for paperless, digital transactions.
With no (or outdated) antivirus solutions, their devices became infected with malware, and users began to lose trust in their digital devices.
CERT-In faced the challenge of reinstating trust – at scale.
Cyber Swachhta Kendra was launched in 2017 to address this challenge and instil confidence among users and organisations.
Built on the foundations of a public-private partnership (PPP), the Indian government worked closely with private industry players and the academic and research communities. The ISPs provided user IP addresses, while some software companies offered their anti-malware solutions free of cost, for download from the CERT-in portal.
“When the WannaCry [ransomware attack] happened [May 2017], we were working with multiple CERTs. And we gathered some indicators and shared them with academia. This enabled them to develop an antidote, which we put on the Cyber Swachhta Kendra website to protect users.”
Today, 98% of India’s Internet users and 1,700 organisations benefit from Cyber Swachhta Kendra. These numbers were achievable in a short span of time because antivirus software and timely CERT-In technical advisories are offered free of cost.
Dr Bahl said the PPP collaboration model is a “win-win-win” for all. “Citizens benefited because it was conceived as an end-user project.”
Cyber Swachhta Kendra proves that building trust at scale is possible through close collaboration and sharing of threat intelligence.
The project caught the attention of the World Economic Forum, Global Communications Group, which released a video on Cyber Swatchh on January 18, 2025 – ahead of its annual meeting in Davos, on 20th of January, 2025.
Brian Pereira is an ISC2 chapter member and attended the first ISC2 Secure India conference last week.
