India has made only modest progress in building its policy and beliefs for cyberspace security, according to a new study that counts the country as a third-tier cyber power, with an offensive cyber capability focused specifically on Pakistan and not tuned towards China. AS per the study, the country can progress to the second tier by leveraging its digital-industrial potential and adopting a whole-of-security approach to improve its cybersecurity. In 2020, India appeared as the second-most targeted country for ransomware attacks after the US. It is, however, believed to be yet to embrace stringent policy-level changes to overcome cybersecurity issues.
The study, which has been based on a qualitative assessment of cyber power of 15 countries globally, conducted by the International Institute for Strategic Studies (IISS) revealed that while India has a good regional cyber-intelligence reach, it relies on partners, including the US and UK, for wider insight.
“India’s cyber command-and-control structure has been under development since the early 2000s but remains decentralised,” the researchers at the London-based think tank noted in the 182-page study. “Cyber-security powers are spread across a number of agencies, with reports of overlapping competencies and bureaucratic turf wars. The situation is further complicated by the country’s federal political structure.”
The study also mentioned that the country had frequently been the victim of cyber-attacks, including on its critical infrastructure. A significant proportion of those attacks has been attributed to China or Pakistan, the researchers said.
Citing the data from the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology, IISS researchers noted that there were more than 394,499 incidents in 2019, and 2020 saw an upsurge in attacks particularly from China. There were also some attacks by North Korea that used Chinese digital infrastructure.
Last year, the government banned hundreds of Chinese apps and restricted participation of China-origin companies in the telecom sector to restrict access of entities working in China. However, the IISS study suggests that more tough moves need to be taken.
“Cyber-security powers are spread across a number of agencies, with reports of overlapping competencies and bureaucratic turf wars. The situation is further complicated by the country’s federal political structure,” the study said.
India does have competitive cyber-intelligence capabilities but those are said to be focussed on its near abroad and particularly on Pakistan. The researchers also found the reach of India’s cyber-intelligence weak as it tends to rely on partnerships with the US, UK, and France for a higher-level of cyber-situational awareness and to help it build its native greater reach in future.
In 2014, the government established the National Critical Information Infrastructure Protection Centre (NCIIPC) to boost India’s cyber-security measures. It helped promote policies and procedures “to secure and resilient” cyber infrastructure across areas including power and energy, banking, and telecom, among others.
The IISS study stated that the NCIIPC was not well equipped to handle cyber emergencies and wider resilience-planning. It also stated that there were indications that the NCIIPC had not coordinated well with other government bodies.
On the defensive part, India’s are said to be relatively frail, and the country is the target of cyber espionage by a wide range of states. The study also specified that it was “difficult to gauge the extent or orientation” of the country’s current investment in offensive capabilities. However, it said that there were some indications that the focus might have shifted more to countering China.
The study also talked about China’s cyber power that is claimed to be at least a decade behind the US.
IISS researchers considered the US as a top-tier cyber power, followed by China, Russia, the UK, Australia, Canada, France, and Israel in the second tier. However, the third tier that has India includes Indonesia, Japan, Malaysia, North Korea, Iran and Vietnam as the other countries. The prime purpose of the detailed study is to “assist national decision-making” and help governments as well as major corporations make strategic decisions.