India has made only modest progress in building its policy and beliefs for cyberspace security, according to a new study that counts the country as a third-tier cyber power, with an offensive cyber capability focused specifically on Pakistan and not tuned towards China.
As per the study, the country can progress to the second tier by leveraging its digital-industrial potential and adopting a whole-of-security approach to improve its cybersecurity. In 2020, India appeared as the second-most targeted country for ransomware attacks after the US. It is, however, believed to be yet to embrace stringent policy-level changes to overcome cybersecurity issues.
The study, which has been based on a qualitative assessment of cyber power of 15 countries globally, conducted by the International Institute for Strategic Studies (IISS) revealed that while India has a good regional cyber-intelligence reach, it relies on partners, including the US and UK, for wider insight.
“India’s cyber command-and-control structure has been under development since the early 2000s but remains decentralised,” the researchers at the London-based think tank noted in the 182-page study. “Cyber-security powers are spread across a number of agencies, with reports of overlapping competencies and bureaucratic turf wars. The situation is further complicated by the country’s federal political structure.”
The study also mentioned that the country had frequently been the victim of cyber-attacks, including on its critical infrastructure. A significant proportion of those attacks has been attributed to China or Pakistan, the researchers said.
Citing the data from the Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology, IISS researchers noted that there were more than 394,499 incidents in 2019, and 2020 saw an upsurge in attacks particularly from China. There were also some attacks by North Korea that used Chinese digital infrastructure.
Last year, the government banned hundreds of Chinese apps and restricted participation of China-origin companies in the telecom sector to restrict access of entities working in China. However, the IISS study suggests that more tough moves need to be taken.
“Cyber-security powers are spread across a number of agencies, with reports of overlapping competencies and bureaucratic turf wars. The situation is further complicated by the country’s federal political structure,” the study said.
India does have competitive cyber-intelligence capabilities but those are said to be focused on its near abroad and particularly on Pakistan. The researchers also found the reach of India’s cyber-intelligence weak as it tends to rely on partnerships with the US, UK, and France for a higher-level of cyber-situational awareness and to help it build its native greater reach in future.