Strengthening India’s Cyber Security Architecture

In an increasingly fragmented global digital order, cybersecurity has emerged as a critical test of strategic autonomy. The divisions surrounding the United Nations Convention Against Cybercrime reveal the widening gap between shared principles and contested practices in cyberspace governance. As cyber threats grow transnational and technology-driven, countries like India face the dual challenge of securing its digital ecosystem while retaining institutional control over data and regulation. Cybersecurity, therefore, is no longer merely defensive, it is central to India’s role in shaping global digital governance. 

What are the Major Cyber Threats Confronting India? 

• AI-Enabled and Automated Cyber Attacks: The integration of artificial intelligence into cybercrime has significantly increased the scale, speed, and sophistication of attacks.  
  • AI is being used to generate highly convincing phishing emails, deep fake audio/video impersonations, and adaptive malware that can evade traditional detection systems.  
  • Automated vulnerability scanning allows attackers to identify and exploit system weaknesses in real time, making cyber defences reactive rather than preventive.  
    • For India, with its rapidly expanding digital public infrastructure, AI-driven attacks pose systemic risks. 
    • In 2024–25, Indian banks and NBFCs reported a surge in AI-generated phishing emails and voice-cloning scams, where fraudsters used deep fake audio to impersonate senior executives and authorise fund transfers. 
• Ransomware and Malware-as-a-Service (MaaS): Ransomware has evolved from isolated criminal activity into an organised, transnational business model. 
  • Malware-as-a-Service enables even low-skill actors to launch complex attacks by renting ready-made tools. Ransomware accounted for one of the top three cyber threats reported to CERT-In in recent years. 
  • Indian sectors such as healthcare, municipal services, education, and MSMEs are increasingly targeted due to weak cyber hygiene and low recovery capacity.  
    • For instance, AIIMS Delhi in 2022 suffered a major ransomware attack that paralysed patient registration, lab services, and OPDs for nearly two weeks, exposing vulnerabilities in critical healthcare systems. 
• Data Breaches and Exploitation of Cloud Vulnerabilities: As Indian institutions rapidly migrate to cloud-based systems, misconfigurations, weak access controls, and poor encryption practices have emerged as major vulnerabilities.  
  • Large-scale data breaches expose sensitive personal, financial, and biometric data (eg, Aadhaar data leaked) , undermining citizen trust in digital governance.  
    • For instance, In 2023, data linked to CoWIN beneficiaries, including names, Aadhaar-linked details, and phone numbers, was reportedly accessible through a Telegram bot, highlighting vulnerabilities in access controls and third-party integrations rather than core databases.  
  • Such breaches also have cross-border implications, complicating law enforcement and accountability. 
• Social Engineering and Digital Financial Fraud: Cybercriminals increasingly exploit human behaviour rather than technical loopholes, as seen in the rise of “digital arrest” scams. 
  • UPI-based frauds, SIM-swap attacks, and fake investment platforms disproportionately affect first-time digital users.  
    • This reflects the gap between rapid financial inclusion and digital literacy, making citizens the weakest link in cybersecurity. 
  • In 2024 alone, Indian citizens reported losses of over ₹22,845 crore to cyber fraud. This was a 206% increase from 2023's reported ₹7,465 crore loss. 
• Attacks on Critical Information Infrastructure (CII): India’s power grids, telecom networks, transport systems, and financial markets are becoming high-value targets for cyberattacks.  
  • Disruption of critical infrastructure can have cascading effects on public order, economic stability, and national security.  
    • The increasing interconnection of operational technology (OT) with IT systems has expanded the attack surface. Such threats blur the line between cybercrime and cyber warfare. 
  • For instance, in October 2020, a malware attack linked to foreign actors affected Mumbai’s power grid, causing widespread outages and raising alarms about cyber-physical attacks. 
• Advanced Persistent Threats (APTs) and State-Sponsored Espionage: APTs involve long-term, stealthy cyber intrusions aimed at espionage rather than immediate damage. 
  • India faces growing risks of cyber-espionage targeting defence establishments, research institutions, strategic industries, and government databases.  
  • These attacks are often difficult to attribute and detect, allowing adversaries to siphon sensitive information over extended periods. APTs reflect the geo-politicisation of cyberspace. 
    • In 2025, Maharashtra Cyber reportedly identified seven Advanced Persistent Threat (APT) groups that carried out over 15 lakh cyber attacks on critical infrastructure websites across India in the aftermath of the Pahalgam terror strike. 
• Internet of Things (IoT) and Identity-Based Threats: The rapid proliferation of IoT devices—smart meters, cameras, medical devices, and industrial sensors, has expanded India’s cyber threat surface. Many devices lack basic security features such as regular updates or strong authentication.  
  • Simultaneously, identity theft and synthetic identities are being used to bypass authentication systems, enabling fraud and unauthorised access. These threats challenge conventional perimeter-based security models. 
  • For instance, compromised CCTV cameras and routers in Indian cities have been used to form botnets for DDoS attacks. 

What Steps Has India Taken to Address Rising Cyber Threats?   

• Institutional Strengthening - I4C and "Pratibimb" Deployment: The Indian Cyber Crime Coordination Centre (I4C) has been elevated to an "attached office" of the MHA to wage a data-driven war against the "Jamtara Model" of organized fraud.
  • By deploying the "Pratibimb" software, the state now maps the geospatial location of active SIMs used by cybercriminals in real-time, enabling physical raids rather than just digital blocks.
  • The Pratibimb module has significantly strengthened cybercrime enforcement by helping arrest over 6,000 accused, uncover 17,000+ criminal linkages, and assist in 36,000+ cyber investigations across India. 
• Strategic Indigenization- Project "Maya" and "Chakravyuh": To eliminate "backdoor" vulnerabilities in foreign software, the Defense Ministry has replaced Microsoft Windows with the indigenous "Maya OS" (based on Ubuntu) across all internet-facing defense terminals.  
  • This is fortified with "Chakravyuh," a specialized endpoint detection system designed to create a deceptive layer that traps lateral movement by APT (Advanced Persistent Threat) groups. 
• Regulatory "Teeth"- CERT-In’s 6-Hour Reporting Mandate: The government has mandated that all service providers and data centres report cyber incidents to CERT-In within six hours of detection..  
  • In 2025, CERT-In handled over 29.44 lakh cyber incidents, issuing 1,530 alerts, 390 vulnerability notes, and 65 advisories, reflecting large-scale national cyber response capability. 
• Supply Chain Hygiene- "Trusted Telecom Portal" & NCRF: Recognizing hardware as a Trojan horse, the government activated the "Trusted Telecom Portal" which bans telecom operators from sourcing gear from "non-trusted" nations (primarily targeting Chinese OEMs).  
  • Simultaneously, the National Cyber Security Reference Framework (NCRF 2024) has been finalized to guide critical sectors. 
  • For instance, the National Critical Information Infrastructure Protection Centre (NCIIPC) now actively audits key critical sectors (like Power). 
    • Further, BSNL's 4G rollout is completely compliant with the "Trusted Source" norms. 
• Citizen-Centric Firewalls- "Sanchar Saathi" and  "Chakshu" : The launch of "Sanchar Saathi" has democratized threat intelligence by allowing citizens to identify and disconnect unknown mobile connections registered in their name.  
  • This was bolstered by the "Chakshu" facility (2024), which crowdsources data on suspected fraud communications (calls/WhatsApp), feeding directly into a centralized AI engine that blacklists repeat offenders across all telecom operators instantly. 
  • For instance, under Sanchar Saathi, as of December 2025, over 42 lakh stolen/lost mobile devices have been successfully blocked.. 
• Promotion of "Cyber Hygiene"- Cyber Swachhta Kendra (CSK): To counter the "silent" threat of botnets (zombie devices used for DDoS attacks), the government operates the Botnet Cleaning and Malware Analysis Centre.  
  • This facility detects infected devices across ISP networks and provides free "cleaning tools" to citizens, actively reducing the nation's "attack surface" by sanitizing compromised consumer electronics without user intervention. 
• Future-Proofing Sovereignty-"Bharat 6G Alliance": Learning from the 5G experience, India is aggressively actively shaping 6G standards now to ensure future networks are "Secure by Design" rather than dependent on foreign proprietary tech.  
  • The goal is to own the intellectual property (IP) for security protocols, ensuring that the next generation of critical telecom infrastructure is immune to foreign "kill switches" or surveillance backdoors. 
  • Bharat 6G Vision targets 10% of global 6G patents by 2030 to control security standards.  
    • Further, based on India's contributions, the ITU 6G Framework now includes 'Ubiquitous Connectivity' as one of the six usage scenarios of 6G and also includes coverage, interoperability and sustainability as capabilities of 6G technology. 
• Legislative Deterrence-Digital Personal Data Protection (DPDP) Act, 2023 :Moving from "guidelines" to "statutory liability," this Act fundamentally alters the corporate security culture by imposing a "cost on negligence."  
  • It mandates that companies (Data Fiduciaries) implement robust encryption and safeguards not just for compliance but to avoid crippling financial penalties, effectively making cybersecurity a boardroom priority rather than just an IT concern. 
    • For instance, the highest penalty up to ₹250 crore applies to failure of a Data Fiduciary to maintain reasonable security safeguards. 
  • Together, these provisions position India as a serious stakeholder in the global cyber governance framework, signalling a shift towards accountability-driven data protection standards.

What are the Key Issues Associated with India's Cyber Security Architecture?  

• Institutional Fragmentation & "Siloed" Command: The architecture suffers from a lack of a unified "Cyber Command," with responsibilities split across multiple agencies (CERT-In, NCIIPC, NTRO) that often operate in silos.  
  • This overlapping jurisdiction without a single executive authority creates critical delays in attribution and coordinated response during large-scale state-sponsored attacks, leaving the "golden hour" of mitigation lost to bureaucratic coordination. 
• The "Hardware Sovereignty" Gap (Supply Chain Risk): India’s critical infrastructure remains dangerously reliant on foreign-sourced hardware (semiconductors, routers, CCTV), creating "Trojan Horse" risks where embedded backdoors can bypass software firewalls.  
  • This dependency means that even with indigenous OS like "Maya," the underlying physical layer remains susceptible to foreign "kill switches" activated during geopolitical tensions. 
  • For instance, India leads the world in Telecom Equipment imports with 47,974 shipments. And, foreign-manufactured IoT components represent a significant risk to critical sectors of the nation. 
• Critical Infrastructure "Air-Gap" Fallacy: Vital sectors like Power and Railways rely on outdated Operational Technology (OT) that was never designed for internet connectivity but is now being recklessly digitized.  
  • This convergence of IT and OT exposes undefended legacy systems to modern ransomware, as operators falsely believe they are safe behind "air-gaps" (offline networks) which are easily breached via vendor maintenance laptops. 
  • For example, Oil India Ltd (Assam) suffered a ransom demand cyberattack (2022) that halted operations. 
• The "Skill-Gap" & AI-Driven Asymmetry: Despite being a global IT hub, India suffers a severe deficit of niche "Blue Team" (defenders) and "Red Team" (offensive) strategists, leaving networks vulnerable to automated AI-attacks.  
  • The current workforce is trained in general IT support, not in combating sophisticated, AI-generated polymorphic malware that evolves faster than human defenders can patch. 
  • For instance, there are currently 25,000 to 30,000 active openings for cybersecurity roles across India, indicating the level of skill gap. 
• The "Mule Account" Economy & Financial Fraud: The explosive growth of digital payments has outpaced digital literacy, creating a massive ecosystem of "rented" bank accounts used to launder fraud money.  
  • The issue is not just technical hacking but a socio-economic failure where thousands of citizens knowingly or unknowingly "lease" their identities to cyber syndicates, making money trails nearly impossible to trace. 
  • Although MuleHunter.AI was developed by the Reserve Bank Innovation Hub to identify mule accounts used in money laundering and digital fraud, its rollout has been slow. 
• Geopolitical "Attribution" Crisis and Diplomatic Limbo: India lacks a formal, transparent Cyber Attribution Policy.  
  • Unlike the US or UK, which have established frameworks for "naming and shaming" or issuing joint diplomatic statements on state-sponsored actors, India generally maintains a policy of "strategic silence". 
  • Without a standardized evidentiary framework to publicize findings, India remains stuck in a "gray zone" where sophisticated actors from neighboring states can paralyze infrastructure with plausible deniability, knowing that India’s response will likely be limited to domestic "patches" rather than diplomatic or strategic retaliation. 
• Deep Fake Hyper-Personalization and "Trust Erosion": The architecture is failing to keep pace with "Social Engineering 2.0," where Generative AI is used to create hyper-personalized deepfakes for "Digital Arrest" scams and corporate identity theft.  
  • The current defensive focus is on securing "networks," but it is defenseless against the manipulation of "human trust," as current laws like the IT Act are sluggish to address the velocity of AI-generated misinformation that can trigger market volatility or social unrest in minutes. 
  • For instance, Delhi Police arrested eight individuals across three states in a case involving the alleged duping of an elderly NRI couple, who were reportedly defrauded of over ₹14 crore through a ‘digital arrest’ scam, with links traced to operators in Cambodia and Nepal. 

What Measures are Needed To Strengthen India’s Cyber Security Architecture? 

• Build Deep Technical and Institutional Capacity: India must invest in advanced expertise in cyber law, digital forensics, AI governance, and cross-border data regulation by creating specialised cadres within government.  
  • Continuous upskilling of police, prosecutors, regulators, and diplomats is essential to bridge the gap between technology and policy making. Without such capacity, India risks remaining a rule-taker in global cyber governance. 
• Strengthen Public–Private Partnerships: Since most digital infrastructure is privately owned, India needs structured and trust-based public–private partnerships for cyber threat intelligence sharing.  
  • Joint cyber drills, legal safe-harbours, and clear liability frameworks can improve real-time response to cybercrime. Such collaboration is crucial to tackle ransomware, financial fraud, and platform-based crimes. 
• Undertake Urgent Domestic Regulatory and Administrative Reforms: India must streamline overlapping cyber institutions, clarify mandates, and improve coordination among agencies.  
  • Stronger enforcement of data protection rules, faster cybercrime investigation procedures, and constitutionally aligned AI regulation are needed. Administrative effectiveness, not just new laws, will determine cybersecurity outcomes. 
• Prepare Institutionally for Polycentric Global Governance: With declining multilateral consensus, cyber governance will increasingly operate through bilateral, plurilateral, and sector-specific arrangements.  
  • India must develop the capacity to engage across multiple forums simultaneously while safeguarding strategic autonomy. Institutional agility will be critical in managing this complexity. 
• Integrate Cybersecurity with National Security Planning: Cybersecurity should be treated as a core pillar of national security alongside defence and economic security.  
  • Integrating cyber threat assessments into strategic and military planning will improve preparedness against state-sponsored cyber espionage and hybrid warfare. This reflects the reality of cyberspace as a continuous conflict domain. 
• Prioritise Protection of Critical Information Infrastructure: India must accelerate efforts to secure power grids, telecom networks, financial systems, and transport infrastructure.  
  • Regular stress testing, red-teaming exercises, and mandatory security standards for critical sectors are essential. Disruption of such infrastructure can have cascading national consequences. 
• Enhance International Cooperation Without Compromising Sovereignty: India should deepen cooperation on cybercrime investigation, digital evidence sharing, and capacity building while retaining control over data and regulatory choices.  
  • Selective engagement with trusted partners can deliver practical outcomes even in the absence of global consensus. Strategic flexibility is preferable to rigid alignment. 
• Strengthen Human Rights and Procedural Safeguards: Cybersecurity measures must be balanced with due process, privacy, and freedom of expression.  
  • Clear judicial oversight, proportional enforcement, and transparency in surveillance will enhance democratic legitimacy. This also strengthens India’s credibility in global digital governance debates. 
• Invest in Cyber Awareness and Digital Literacy: Reducing cyber risks requires empowering citizens through large-scale digital literacy and cyber hygiene programmes.  
  • Awareness of phishing, financial fraud, and data misuse can significantly reduce attack success rates. Human resilience remains the first line of cyber defence. 

Conclusion:

In an era of AI-driven threats and fragmented global cyber governance, cybersecurity has become central to India’s strategic autonomy. While India has taken notable institutional, legal, and technological measures, systemic gaps in capacity, coordination, and skills persist. The emerging polycentric global order demands that India simultaneously strengthen domestic cyber resilience and engage multilaterally with agility. Ultimately, India’s ability to secure cyberspace will shape its national security, economic stability, and global digital leadership.