Sectoral Cert and CERT-UTK has been constituted by Department of Information and Science Technology, Govt. of Uttarakhand. 

CCMP envisages a layered security approach to strengthen cyber security posture

“Cyber Crisis Management Plan (CCMP) for countering Cyber Attacks and Cyber Terrorism-2020 has been approved by Government of Uttarakhand. This CCMP Plan is a outlines guideline and procedure for create a secure cyber ecosystem in the State of Uttarakhand and build a secure and resilient cyberspace for citizens, business, and government.

This Cyber Crisis Management Plan (CCMP) discusses types of cyber incidents, policies, actions and responsibilities for a coordinated, approach to prepare for rapid identification, information exchange, response, and remediation to mitigate and recover from malicious cyber related incidents impacting critical business functions and processes of the Government of Uttarakhand.

The purpose of this plan:

1. To establish the strategic framework and guide actions to prepare for, respond to, and begin to coordinate recovery from a cyber incident. 
2. To ensure that interruption or manipulations of critical functions/services in critical sector organizations are brief, infrequent and manageable and cause least possible damage.
3. To assist organizations to put in place mechanisms to effectively deal with cyber security crisis and be able to pin point responsibilities and accountabilities right down to individual level.
4. To defines quick response and remedial actions to mitigate and recover from malicious cyber related incidents impacting critical business functions.
5. To design and prepare for the reporting mechanism(s).

Guidelines and Standard Operating Procedure for Notification of Critical Information Infrastructure (CII) Uttarakhand-2020 has been approved by Government of Uttarakhand.

With the increasing convergence of communication technologies and shared Information systems, Critical Sectors are becoming increasingly dependent on their CII. These CIIs are interconnected, interdependent, complex and distributed across various geographical locations. Threats to CII, ranging from terrorist attacks, through organized crimes, to espionage, malicious cyber activities etc, are following a far more aggressive growth trajectory. Protection of CII and, hence, CI of the State is the one of the paramount concerns of the Government of Uttarakhand.

The purpose of CII Guidelines and SOP:

1.  Identifying and listing out of Critical Information Infrastructure (CII).
2. Declaring identified Information Infrastructure as Critical Information Infrastructure (Protected System) under the Section 70 of the IT Act 2000 (amended 2008). 
3. To access threats, vulnerabilities and risk associated with Critical Information Infrastructure and their implication.
4. Defining measures for end-to-end protection to the Critical Information Infrastructure.
5. Defining the guidelines to implement disaster recovery and business continuity plan for Identified Critical Information Infrastructure assets.
6. All the identified critical assets/resources under various CIIs of the State of Uttarakhand need to be gazette notified as “Protected System” under section 70 of IT Act 2000 (amended 2008). Any attack on a “Protected System” with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people, shall be treated as Cyber Terrorism under IT Act 2000 (amended 2008).