How India cut through the fog of cyber war during Operation Sindoor.

by

The spate of kinetic hostilities between India and Pakistan in the aftermath of the Pahalgam attack was accompanied by a surge in offensive cyber activity from Pakistan-based non-state actors. It was unleashed against the critical information infrastructure and other sensitive assets in India’s burgeoning digital ecosystem. India’s cybersecurity and defense architecture stepped up to the plate effectively, preventing disruptions to online societal and financial functions.

Advertisement

India is already one of the leading victims of state-sponsored cyber attacks worldwide, given its precarious geo-political location. As the “new normal” in India-Pakistan ties takes shape, cyber attacks are likely to proliferate and India’s cyber resilience will be tested. This entails cultivating a systemic approach that responds to and mitigates cyber threats in the medium- and long-term.

My analysis is limited to resilience in the face of offensive cyber operations, understood as attacks that compromise the confidentiality, integrity, or availability of information technology systems or networks. Information operations or orchestrated disinformation campaigns need to be tackled through a different set of constitutional, legislative and policy levers, as others have already analysed for The Indian Express.

In the past two decades, India has developed a panoply of cyber institutions. The establishment of the office of the National Cyber Security Coordinator (NCSC) which advises the Prime Minister’s Office (PMO) and National Security Advisor (NSA) marked the recognition of cyber resilience as a key strategic priority.

India’s Computer Emergency Response Team (CERT-IN), set up legislatively through Section 70B of the Information Technology Act, detects and responds to cyber incidents, furthers capacity and awareness, and proactively issues cybersecurity advisories and guidelines. Other key cyber institutions include the National Critical Information Infrastructure Protection Centre (NCIIPC) in the PMO, the Defence Cyber Agency (DyCA) drawing from the three branches of the armed forces and the MHA’s Indian Cyber Crime Coordination Centre (I4C) that deals with domestic cyber crime issues.