India's Cybersecurity Strategy and Global Cyber Governance
International Relations
- PYQs5
- Articles1
Foundation
Static background & why it matters
India's rapid digital transformation, driven by initiatives like Digital India, has made its economy and critical infrastructure increasingly reliant on cyberspace. This growing dependence, coupled with a complex geopolitical landscape, exposes the nation to a wide spectrum of cyber threats, ranging from state-sponsored espionage and sabotage to cybercrime and terrorism. Consequently, a robust national cybersecurity strategy and active participation in shaping global cyber governance norms are paramount for India's national security and economic stability.
UPSC focuses on India's national security, its role in international affairs, and its policy responses to global challenges, especially those impacting its digital economy and critical infrastructure.
- Critical Information Infrastructure (CII)
- Any computer resource, the incapacitation or destruction of which would have a debilitating impact on national security, economy, public health or safety.
- National Cyber Security Policy (NCSP) 2013
- India's foundational policy document aiming to protect information and information infrastructure in cyberspace, build capabilities, and promote cooperation.
- CERT-In
- Indian Computer Emergency Response Team, the national nodal agency for responding to computer security incidents.
- National Critical Information Infrastructure Protection Centre (NCIIPC)
- An organization under NTRO, mandated to protect India's critical information infrastructure.
Static core
Acts, bodies, facts & tables
India's Cybersecurity Strategy is built on the pillars of securing the national cyberspace, building resilient cyber infrastructure, and fostering a vibrant cybersecurity ecosystem. It emphasizes a multi-pronged approach involving legal frameworks, institutional mechanisms, capacity building, and international cooperation. The Information Technology Act, 2000 (amended 2008) provides the legal basis for cybercrime and electronic commerce, while various sectoral regulations address specific cybersecurity requirements.
Key institutions like CERT-In and NCIIPC form the operational backbone of India's cybersecurity defense. CERT-In handles incident response, vulnerability coordination, and threat intelligence, while NCIIPC focuses specifically on protecting critical infrastructure. The National Cyber Coordination Centre (NCCC) aims to generate situational awareness and coordinate responses to cyber threats in real-time.
- International Law Applicability
- India supports the applicability of existing international law, including the UN Charter, to state behavior in cyberspace.
- Multistakeholder Approach
- India advocates for the involvement of governments, private sector, academia, and civil society in cyber governance.
- Capacity Building
- A key focus for India, both domestically and in its engagement with other developing nations, to enhance collective cyber resilience.
- Responsible State Behaviour (RSB)
- India supports the development and implementation of norms for RSB in cyberspace to prevent conflict and ensure stability.
- Digital India Initiative
- While promoting digital inclusion and services, it also expands India's digital footprint and potential attack surface.
- Cyber Warfare Threat
- India faces significant threats from state-sponsored advanced persistent threats (APTs) targeting its critical infrastructure and strategic assets.
| Objective Area | Description |
|---|---|
| Secure Cyberspace | Protect information and information infrastructure in cyberspace. |
| Build Capabilities | Develop human resources and technical capabilities for cybersecurity. |
| Promote Cooperation | Foster partnerships between government, private sector, and international entities. |
| Create Ecosystem | Encourage indigenous R&D, products, and services. |
| Ensure Compliance | Promote a culture of security and compliance with best practices. |
| Feature | UN Group of Governmental Experts (GGE) | Open-Ended Working Group (OEWG) |
|---|---|---|
| Mandate | Consensus-based recommendations on international law and norms. | Broader, inclusive discussions on all aspects of cybersecurity. |
| Membership | Limited number of states (typically 25-30). | All UN member states. |
| Focus | Responsible State Behaviour, applicability of international law, CBMs. | Capacity building, international cooperation, existing and potential threats. |
| Output | Reports with consensus recommendations. | Annual reports, ongoing discussions, potential for future legally binding instruments. |
| India's Stance | Actively participates, supports GGE's consensus reports. | Actively participates, sees OEWG as a more inclusive platform. |
| Institution | Primary Role |
|---|---|
| CERT-In | National nodal agency for cyber incident response, vulnerability coordination, threat intelligence. |
| NCIIPC | Protection of Critical Information Infrastructure (CII) from cyber threats. |
| National Cyber Coordination Centre (NCCC) | Situational awareness, real-time threat intelligence, coordination of responses. |
| Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) | Provides tools and information to users to secure their systems. |
| Ministry of Electronics and Information Technology (MeitY) | Formulates policies, promotes R&D, oversees cybersecurity initiatives. |
| Type | Reference |
|---|---|
| Conceptual area | International Relations |
| Conceptual area | Science & Technology |
| Conceptual area | Geopolitics & International Conflicts |
| Conceptual area | Emerging Information Technologies |
| Body | Role |
|---|---|
| Indian Government | Develops domestic cyber resilience, engages in international forums |
| United Nations | Forum for international discussions on cyber norms |
Exam lens
Prelims framing, traps & PYQs
For Prelims, UPSC often tests knowledge of key institutions like CERT-In, NCIIPC, and NCCC, their mandates, and the year of the National Cyber Security Policy. Questions may also cover the IT Act, 2000, and India's stance on global cyber governance forums like the UN GGE and OEWG, or concepts like Critical Information Infrastructure (CII) and Responsible State Behaviour (RSB). Understanding the difference between various cyber threats (e.g., ransomware, phishing, APTs) is also crucial.
For Mains (GS-II and GS-III), questions can delve into India's comprehensive cybersecurity strategy, its strengths and weaknesses, and the challenges in its implementation. Topics include India's role in shaping global cyber norms, the debate between a legally binding instrument versus non-binding norms, the implications of cyber warfare for national security, and the balance between security and privacy. Analysis of India's multistakeholder approach, its efforts in capacity building, and the impact of emerging technologies (AI, 5G, IoT) on cybersecurity are also potential areas. Comparisons of India's approach with other major powers or regional blocs can also be asked.
- India's digital reliance increases its vulnerability to cyber attacks.
- Domestic cyber resilience is crucial but insufficient.
- India must actively engage in international discussions on cyber accountability and attribution.
- Shaping global cyber norms is vital for India's strategic interests.
| Year | Framing tags |
|---|---|
| 2025 | Factual recall, Conceptual understanding |
| 2025 | Multi-statement analysis, Factual recall |
| 2023 | Statement-based questions, Conceptual understanding |
| 2022 | Multi-statement analysis, Institutional roles and functions |
| 2016 | Factual recall, Institutional roles and functions |
Latest
Current affairs & evolution
India is actively pushing for a new, comprehensive UN cybercrime treaty while simultaneously updating its national cybersecurity strategy to address evolving threats and technological advancements. The increasing frequency and sophistication of cyberattacks, often linked to geopolitical tensions, underscore the urgency of these efforts.
India is currently working on a new National Cybersecurity Strategy, expected to replace the 2013 policy, to address the rapidly evolving threat landscape, including advanced persistent threats, ransomware attacks, and supply chain vulnerabilities. This updated strategy is likely to focus more on proactive defense, resilience, and a whole-of-nation approach.
Timeline
-
International Relations
Conceptual area
-
Science & Technology
Conceptual area
-
Geopolitics & International Conflicts
Conceptual area
-
Emerging Information Technologies
Conceptual area
-
Prelims 2016
Factual recall, Institutional roles and functions
-
Prelims 2022
Multi-statement analysis, Institutional roles and functions
-
Prelims 2023
Statement-based questions, Conceptual understanding
-
Prelims 2025
Factual recall, Conceptual understanding
-
Prelims 2025
Multi-statement analysis, Factual recall
-
Cyber warfare is outpacing global legal accountability
India, with its increasing reliance on digital infrastructure across critical sectors, faces heightened vulnerability to cyber operations and has a significant interest in actively participating in and shaping international discussions on accountability, attribution, and responsible state behavior in cyberspace.
See also
Dashed boxes: related topics without a notes page yet. Tap a solid box to open notes.
Past papers
2016–2025 · 4 questions
In the news
Cyber warfare is outpacing global legal accountability
India, with its increasing reliance on digital infrastructure across critical sectors, faces heightened vulnerability to cyber operations and has a significant interest in actively participating in and shaping international discussions on accountability, attribution, and responsible state behavior in cyberspace.
Try these PYQs
Consider the following statements with regard to BRICS:
I. 16th BRICS Summit was held under the Chairship of Russia in Kazan.
II. Indonesia has become a full member of BRICS.
III. The theme of the 16th BRICS Summit was Strengthening Multiculturalism for Just Global Development and Security.
Which of the statements given above is/are correct?
✅ Statement I: Correct
*The 16th BRICS Summit was held in Kazan, Russia, in October 2024 under Russia’s chairship. Russia held the rotating presidency in 2024, and the summit took place from October 22-24 in Kazan, the capital of Tatarstan.* ✅ Statement II: Correct
*Indonesia became a full member of BRICS in January 2025, becoming the first Southeast Asian nation and the 10th member of the bloc.* ❌ Statement III: Incorrect
*The theme of the 16th BRICS Summit is "Strengthening Multilateralism for Just Global Development and Security." The statement used "Multiculturalism" instead of "Multilateralism," making it incorrect for this question.* Therefore, only statements I and II are correct.
Consider the following statements :
Statement-I: Recently, the United States of America (USA) and the European Union (EU) have launched the 'Trade and Technology Council'
Statement-II: The USA and the EU claim that through this they are trying to begin technological progress and physical productivity under their control.
Which one of the following is correct in respect of the above statement?
* Statement 1 is correct: Trade and Technology Council was launched by the the United States of America and the European Union during the EU-US Summit on 15 June 2021 in Brussels. * Statement 2 is incorrect: Trade and Technology council, the USA and EU does not aim to bring technological progress and physical productivity under their control. Rather the initiative intends to promote pooling of digital resources such as AI models and computing power, and make them available to partner countries to address challenges in areas such as climate change and extreme weather, healthcare or smart agriculture.
With reference to the United Nations General Assembly, consider the following statements:
1. The UN General Assembly can grant observer status to the non-member States.
2. Inter-governmental organisations can seek observer status in the UN General Assembly.
3. Permanent Observers in the UN General Assembly can maintain missions at the UN headquarters.
Which of the statements given above are correct ?
Statement 1 is correct. The United Nations General Assembly may grant non-member states, international organizations, and other entities Permanent Observer Status. Statement 2 is correct. The General Assembly decided that observer status would be confined to States and intergovernmental organizations whose activities cover matters of interest to the Assembly. Statement 3 is correct. Permanent Observers may participate in the sessions and workings of the General Assembly and maintain missions at the UN Headquarters.
Which of the following is not a member of ‘Gulf Cooperation Council’?
The Cooperation Council for the Arab States of the Gulf, originally (and still colloquially) known as the Gulf Cooperation Council, is a regional intergovernmental political and economic union consisting of all Arab states of the Persian Gulf except Iran. Its member states are Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. The Charter of the Gulf Cooperation Council was signed on 25 May 1981, formally establishing the institution. Hence, option A is the correct answer.
India is one of the founding members of the International North-South Transport Corridor (INSTC), a multimodal transportation corridor, which will connect
The International North-South Transport Corridor (INSTC) is a multimodal transport network aimed at boosting trade between India, Central Asia, Russia, and Europe, using a combination of sea, rail, and road routes via Iran. The corridor connects Mumbai → Bandar Abbas (Iran) → Azerbaijan → Russia → Europe, with access to Central Asia.