CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment 133
12. India
Despite the geostrategic instability of its region and a
keen awareness of the cyber threat it faces, India has
made only modest progress in developing its policy
and doctrine for cyberspace security. Its approach
towards institutional reform of cyber governance
has been slow and incremental, with the key
coordinating authorities for cyber security in the civil
and military domains only established in 2018 and
2019 respectively. They work closely with the main
cyber-intelligence agency, the National Technical
Research Organisation. India has a good regional
cyber-intelligence reach but relies on partners,
including the United States, for wider insight. The
strengths of the Indian digital economy include
a vibrant start-up culture and a very large talent
pool. The private sector has moved more quickly
than the government in promoting national cyber
security. The country is active and visible in cyber
diplomacy but has not been among the leaders on
global norms, preferring instead to make productive
practical arrangements with key states. From the
lile evidence available on India’s oensive cyber
capability, it is safe to assume it is Pakistan-focused
and regionally eective. Overall, India is a third-
tier cyber power whose best chance of progressing
to the second tier is by harnessing its great digital-
industrial potential and adopting a whole-of-society
approach to improving its cyber security.
List of acronyms
CERT-In Computer Emergency Response Team India
DCA Defence Cyber Agency
DIA Defence Intelligence Agency
DSCI Data Security Council of India
IB Intelligence Bureau
ICT information and communications technology
NCCC National Cyber Coordination Centre
NCIIPC National Critical Information Infrastructure Protection
Centre
NTRO National Technical Research Organisation
RAW Research and Analysis Wing
Strategy and doctrine
The main lines of India’s current approach can be found
in ministerial speeches and in government regulations or
legislation, rather than in policy documents. In 2013, how-
ever, the Ministry of Communications and Information
Technology did release the country’s rst National Cyber
Security Policy,
1
a short document arming the need to
protect the government, businesses and citizens from
cyber aacks either by state or non-state actors. It pre-
sented basic recommendations for government organi-
sations and private companies, including the allocation
of budgets and personnel for cyber-security purposes
and the drafting of information-security policies. It also
set out national objectives, including the training of
500,000 cyber-security professionals over the following
ve years, the development of indigenous cyber-secu-
rity technologies, the establishment of public–private
partnerships, and the promotion of a culture of cyber
security and privacy that would encourage responsible
behaviour by internet users.
India’s thinking on cyber policy for the civil sector
continues to develop. Government ocials had planned
to issue a new national cyber-security strategy in 2020
