top of page

Evolution of Cybersecurity Architecture in India

Updated: Oct 9, 2023

"Cyber-related risks are a global threat of bloodless war. India can work towards giving the world a shield from the threat of cyber warfare." -PM Narendra Modi.

Cybersecurity and cyberwarfare have been in the spotlight for nearly a decade. In this digital world, these terms go hand in hand with increasing internet connectivity and the increasing number of ways to acquire digital weapons against a nation-state.

An illustration on the evolution of Cybersecurity Architecture in India in the past one decade.

Illustration by Geostrata

In simple terms, cybersecurity refers to the practice of applying technologies for the protection of internet-connected systems, networks, programmes, devices, and data from cyberattacks. It is a necessary condition of this global world to create a defensive policy for cyberwarfare. Cyberwarfare can be interpreted as politically motivated attacks by a nation-state through a network or computer-based systems.


There have been numerous cases of cyberattacks around the world, particularly in military and civil spaces. For instance, APT41, a Chinese state-sponsored hacking group, apparently hacked into six state government networks in the US between May 2021 and February 2022.

According to The Economic Times, India has been among the most vulnerable countries in terms of cyber attacks since the pandemic, as the digital transformation has both positive and negative effects.

The healthcare sector was the main target due to the development of vaccines and medications for COVID-19. The famous incident in this context is the ransomware attack on AIIMS Delhi. Other examples include the Air India Cyber Breach and the data leak of COVID patients. According to a recent study by the CyberRisk Alliance, there have been around 134 attacks per organisation on average in 2022.

Perpetual attacks from rivals and adversaries put India in a difficult situation in terms of cyber security. Hackers have even targeted India's critical infrastructure, like its nuclear power plants and its electric grid.

Widespread cybersecurity incidents have been distressing businesses, organizations, and individuals across India. In a report by the International Institute of South Asian Studies (IISS), India is ranked in the third tier in terms of cyber warfare capabilities. The same report further states that India has made "modest progress" in policymaking and developing doctrine to amplify cybersecurity.

The country lacks speed towards a broader approach to reforming cyber governance. India, however, fared well in terms of cyber intelligence capabilities. The report also praised the private sector for being more aware and vigilant on the topic of cybersecurity.

India has witnessed many serious and increasingly threatening cyberattacks in the recent past. For instance, in the month of November, the All India Institute of Medical Sciences (AIIMS), a critical health infrastructure, came under a cyber attack, which paralysed the servers of AIIMS Delhi and disabled all the online services for more than 15 days. In another instance, Indian banks have documented nearly 248 successful data breaches by hackers and criminals.

There have been attacks sponsored by the adversary nations, as India is moving at a fast pace towards a robust economy by deriving advantages from information and technology. To nullify the claims of India on the border disputes and to hinder India's speedy development, China has resorted to an option similar to cyber warfare.

It made a move to devastate India's Critical Infrastructure to disrupt the smooth and efficient functioning of its digital economy. For example, according to the New York Times, 'RedEcho', a Chinese hacker group, was responsible for Mumbai's power grid failure that led to the halting of trains, the shutting down of the stock market, and a hindrance in hospital services during the times when COVID-19 was at its peak.

There have been attempts by Pakistan to penetrate the defence networks of India through a group called APT36. It is believed to be a state-sponsored actor targeting the defence structure of India.


India, among the first few countries, propounded a modern National Cybersecurity policy in 2013. The vision of this policy was to build a secure and strong cyberspace for citizens, businesses, and the government and prevent privacy breaches. It aimed to protect information and information infrastructure in cyberspace, build capabilities to defend and prevent cyber threats, minimise damages, and reduce susceptibility through an institutional framework.

However, it did not bring revolutionary changes in terms of a coordinated approach. Hence, it led to the formulation of the National Cybersecurity Strategy (NCSS) 2020, a reformed version of the Cybersecurity Policy 2013. NCSS aimed to plug loopholes in cyber laws and improve cybersecurity through more strict audits. Cyber auditors were empowered to look carefully at the security features of cybersecurity organisations.

In 2004, The Computer Emergency Response Team (CERT-In) was established by the Government of India to report forecasts and alerts on cyber incidents. In 2014, the Prime Minister's Office created the position of National Cybersecurity Coordinator to look after the establishment of the Indian Cyber Crime Coordination Centre and coordinate with the state government and union territories on issues in cyberspace and social media.

The Ministry of Home Affairs created a new wing, the Cyber and Information Security Division, in 2017 to check extremism and cyber fraud as part of a major rearrangement of some of its crucial wings. It has been formed to track and counter identity theft, the dark net, trafficking, and cyberattacks on critical information infrastructure. In addition, the Ministry of External Affairs looks after cyberdiplomacy.

Cyberspace in India is being administered primarily by the National Technical Research Organisation under R&AW. The National Intelligence Grid and National Information Board form the top layer of agencies performing cyber operations.

The Defence Cyber Agency (DCA) was set up in May 2021 to thwart attacks on critical military infrastructure. It works closely with the Defence Research and Development Organisation, the National Technological Research Organisation, the National Security Council, and India's Research and Analysis Wing.

The National Cybersecurity Policy 2023 is also said to be in its final stages of approval. At the time of of writing this article, the NCSC is Lt. General MU Nair. Retd. Lt. General Rajesh Pant, National Cybersecurity Coordinator at the National Security Council Secretariat, provided the initial information that this policy is driven by the National Critical Information Infrastructure Protection Center under a project funded by the National Security Council Secretariat.

The policy focuses on the cybersecurity of critical sectors of the nation, including telecom, transportation, finance, power and energy, strategic and government entities, and health.

International cooperation is also a contributing factor in the development of cybersecurity in India. Recently, a Cybersecurity Business Development Trade Mission was sent by the US Department of Commerce to join hands and resolve the issue of cyber attacks.

The partnership between India and Israel on cybersecurity cooperation has been active since 2018. In July 2020, an MoU was signed between the Indian Computer Emergency Response Team (CERT-In) and Israel’s National Directorate of Cybersecurity (INCD) to facilitate exchanges of technology and knowledge sharing about the best practises in the field.

Another partner of India in this field is the European Union. To advance this cybersecurity partnership, they focus on capacity-building and convergence over global norms while reducing their vulnerabilities to cyberattacks.

The current capacities of Indian institutions for cybersecurity address small-scale cyberattacks, but they need more power to fight cyber warfare. India's cyber policies still seem to be designed for a form of espionage; thus, they need to be adjusted in the current view to attack and defend in case of a cyber war.

The regulations introduced in this direction avoid the necessity of cyber weapons and state-sponsored hacking incidents in peacetime. There is a need to develop focused R&D for the development of safe products with detailed identification of vulnerabilities and fixing the design of cyber weapons. The Indian Cyber Command must be constituted to provide solutions for developing cyberwar capabilities.

There are 22 apex bodies, organisations, and initiatives forming a nexus of high-ranking officials. This leads to disequilibrium and overlapping in the functioning of organisations. Hence, there must be a Coordination centre for these bodies to rectify these shortcomings and make every institution effective in its roles.

To improve the nation's cyber security, national policies need to augment information sharing and a system of real-time threat detection. India should use an offensive cyber strategy to stabilize the country in cyberspace and reduce its vulnerability to cyberattacks. The state should focus on building cyber offensive capabilities, while the current strategies should look after non-state data breaches.

To develop an effective cyberwarfare strategy, strategic capabilities must be developed to work in cyberspace in coordination with other operational domains. A specific action plan to counter state-sponsored attacks is necessary to strengthen national security.




Recent Posts

See All


bottom of page