Recent Threats Recent incidents involving ransomware attacks on Indian power grids and data breaches in defence systems have underscored vulnerabilities in critical infrastructure, raising serious concerns about national security. Previous cases, such as the October 2022 ransomware attack on Tata Power and cyberattacks targeting power grids near Ladakh, demonstrate the increasing sophistication of such threats.
The defence sector has also faced significant challenges, including a 2023 ransomware attack on a critical defence unit and the SPARSH pension portal breach, which exposed the sensitive data of thousands of defence personnel. Leaked information appearing on dark web platforms highlights the risks posed by these breaches.
With ransomware attacks in India rising by 24% in the first half of 2024 compared to the same period in 2023 and sophisticated cyberattacks often attributed to state-sponsored actors from China and Pakistan, strengthening cybersecurity frameworks is imperative to safeguard India’s critical infrastructure and national security.
Government Initiatives
India has been actively strengthening its cybersecurity framework through strategic initiatives and collaborations to address evolving cyber threats. The National Cyber Security Strategy (NCSS) 2023 aims to establish a robust framework for cyber resilience by focusing on securing critical infrastructure, promoting research and development in cybersecurity and building a skilled workforce. Developed under the guidance of the National Cyber Security Coordinator’s office, this strategy reflects India’s commitment to fostering a secure digital environment.
Key agencies such as CERT-In (Computer Emergency Response Team – India) and the Defence Cyber Agency (DCA) play pivotal roles in protecting India’s cyberspace. CERT-In, operating under the Ministry of Electronics and Information Technology (MeitY), is responsible for detecting, preventing and responding to cyber threats across various sectors. Meanwhile, the Defence Cyber Agency focuses on safeguarding India’s military networks and systems from cyberattacks, contributing to the nation’s defence preparedness. Additionally, initiatives like the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) aim to combat malware infections by offering free tools and raising public awareness about cyber hygiene.
India has also enhanced its cyber defence capabilities through international collaborations. With the United States, India has engaged in cybersecurity dialogues that focus on information sharing, capacity building and protecting critical infrastructure. Similarly, agreements with Israel have facilitated operational cooperation, joint exercises and the exchange of best practices to counter cyber threats. Partnerships with the European Union further strengthen India’s cybersecurity framework by addressing data protection, cybercrime prevention and skill development.
Other significant efforts include sector-specific protection initiatives for critical areas such as energy, banking and transportation. Public awareness campaigns like “Stay Safe Online” educate citizens on safe digital practices and the risks posed by cyber threats. Capacity-building programmes, including the National Cyber Security Awareness Month, aims to develop cybersecurity expertise and encourage professionals to contribute to the nation’s resilience. These comprehensive measures underscore India’s commitment to building a secure and resilient digital ecosystem in the face of growing cyber challenges.
Private Sector Collaboration
Public private partnerships are vital in strengthening India’s cybersecurity framework. Collaborative efforts between government agencies and private sector entities have facilitated the development of indigenous solutions, reducing reliance on foreign technologies and bolstering national cyber resilience. Initiatives such as those led by the Centre for Development of Advanced Computing (C-DAC), an autonomous body under the Ministry of Electronics and Information Technology, have been instrumental in fostering innovation in cybersecurity through high-performance computing and indigenous technology development.
The private sector has played a significant role in advancing cybersecurity capabilities. Under the “Make in India” initiative, startups like Kratikal and Lucideus have developed advanced solutions for cyber threat detection, mitigation and risk assessment. Established firms such as Infosys and TCS have also collaborated with the government to design robust cybersecurity frameworks for critical infrastructure. These companies contribute expertise, cutting-edge technologies and scalable solutions to enhance India’s digital security.
By integrating the strengths of both public and private entities, these partnerships highlight the importance of joint efforts in creating a secure and resilient digital infrastructure. This collaboration is crucial as India navigates an increasingly complex cyber threat landscape.
Challenges
India’s cybersecurity landscape faces significant challenges that hinder its ability to address evolving threats. A major issue is the shortage of skilled cybersecurity professionals. Despite increasing demand, the availability of trained experts in areas such as threat analysis, incident response and policy enforcement remains limited. This skill gap poses a risk to both private and public sector organisations in effectively countering cyberattacks.
Outdated infrastructure in critical sectors further exacerbates vulnerabilities. Legacy systems often lack robust security measures, making them prime targets for sophisticated cyberattacks. Efforts to modernise infrastructure have been initiated, but progress has been slow, leaving critical sectors such as power, banking and healthcare at risk.
On a global scale, the underdevelopment of international norms for cyber warfare adds complexity to India’s cybersecurity strategy. The absence of universally accepted guidelines for attribution, response and retaliation in cyberspace complicates policy enforcement and international collaboration. This lack of consensus makes it difficult for India to address cross-border cyber threats effectively.
Domestically, enhancing coordination among various cybersecurity agencies and improving data-sharing mechanisms are critical areas for improvement. Building a cohesive, unified approach across agencies, supported by robust data-sharing frameworks, is essential for strengthening India’s cybersecurity ecosystem.
Conclusion
India’s cybersecurity strategy must evolve rapidly to address sophisticated threats. Building resilience through innovation and collaboration will be key to the security of a nation’s digital future, build a secure cyberspace, develop a skilled workforce and foster international cooperation. The National Cybersecurity Strategy, 2020, is a comprehensive framework aimed at securing India’s digital infrastructure and ensuring a resilient cyberspace. By focusing on critical information infrastructure protection, capacity building, public- private partnerships and international cooperation, the strategy aims to create a robust cybersecurity ecosystem. Successful implementation of this strategy is essential to protect national interests, promote economic growth and safeguard the digital lives of Indian citizens in an increasingly interconnected world.