India’s Cyber-Security

News: According to a report by International Institute for Strategic Studies (IISS), an influential think tank, India’s offensive cyber capabilityis “Pakistan-focused”and “regionally effective”, and not tuned towards China.


  • The report has done a qualitative assessment of cyber power in 15 countries. Four membersof the Five Eyes intelligence alliance – the United States, the United Kingdom, Canada and Australia.
  • Three cyber-capableallies of the Five Eyes states – France, Israel and Japan. Four countries viewed by the Five Eyes and their allies as cyber threats – China, Russia, Iran and North Korea. Four states at earlier stages in their cyber power development – India, Indonesia, Malaysia and Vietnam.

Highlights of the report:

  • The report has divided the 15 states into three tiers of cyber power:
  1. First Tier:States with world-leading strengths across all the categories in the methodology. The United States of America is the only country in this tier.
  2. Second Tier:States that have world-leading strengths in some of the categories. Australia, Canada, China, France, Israel, Russia and the United Kingdom are in this tier.
  3. Third Tier:States that have strengths or potential strengths in some of the categories but significant weaknesses in others. India, Indonesia, Iran, Japan, Malaysia, North Korea and Vietnam are in this tier.
  • This report provides confirmation of the likely durability of US digital-industrial superiorityfor at least the next ten years. There can be two reasons for this. In advanced cyber technologies and their exploitation for economic and military power, the US is still ahead of China. Since 2018, the US and several of its leading allies have agreed to restrict China’s access to some Western technologies.
  • By doing so, these countries have endorsed a partial decoupling of the West and China that could potentially impede the latter’s ability to develop its own advanced technology.

India Specific findings:

  • Despite the geo-strategic instability of its regionand a keen awareness of the cyber threat it faces, India has made only “modest progress” in developing its policy and doctrine for cyberspace security.
  • India has some cyber-intelligence and offensive cyber capabilitiesbut they are regionally focused, principally on Pakistan.
  • However, the military confrontation with Chinain the disputed Ladakh border area in June 2020, followed by a sharp increase in Chinese activity against Indian networks, has heightened Indian concerns about cyber security, not least in systems supplied by China.
  • India is currently aiming to compensate for its weaknesses by building new capability with the help of key international partners –including the US, the UK and France – and by looking to concerted international action to develop norms of restraint.
  • India’s approach towardsinstitutional reform of cyber governance has been “slow and incremental”, with key coordinating authorities for cyber security in the civil and military domains established only as late as 2018 and 2019 respectively. The key authorities work closely with the main cyber-intelligence agency, the National Technical Research Organisation. The strengths of the Indian digital economy include a vibrant start-up culture and a very large talent pool.
  • The private sector has moved more quickly than the government in promoting national cyber security.
  • The country is active and visible in cyber diplomacybut has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states.