In today’s information-centric world, cybersecurity is crucial to foreign policy for national security, economic stability, and international relations. As countries depend more on digital infrastructure, protecting this domain has become essential. Governments face increasing cyber threats like espionage, data theft, and attacks on critical systems. India, a growing digital economy, acknowledges cybersecurity’s strategic role in its foreign policy, reflecting a deep understanding of cyber threats and the need for coordinated national and international responses.  

India’s Cybersecurity Landscape

The Indian Computer Emergency Response Team (CERT-In) plays a crucial role in managing cyber threats and incidents. The India-US Cyber Security Dialogue highlights the significance of international cooperation for sharing practices, joint exercises, and coordinated responses. India's involvement in the UN Group of Governmental Experts (UNGGE) shows its dedication to establishing global norms for responsible state behavior in cyberspace. India’s vast and rapidly expanding digital ecosystem, with over 700 million internet users, positions it as a major player in the global digital economy. A notable incident, the alleged Chinese cyber intrusion into India’s power grid amid heightened border tensions, highlighted these vulnerabilities. In response, India has developed a multi-faceted cybersecurity strategy as part of its foreign policy, emphasizing robust measures to safeguard national security and public trust. India’s active role in forums like the UN Group of Governmental Experts (UNGGE) and the Global Forum on Cyber Expertise (GFCE) reflects its commitment to shaping global cybersecurity norms and fostering international cooperation for a rules-based cyberspace order.

Strategic Frameworks and Policies

India’s National Cyber Security Policy (NCSP) 2013 aims to safeguard personal and financial information while strengthening cyberspace security laws. It focuses on creating a secure computing environment and enhancing capabilities to respond to cyber threats. The policy stresses updating legal frameworks and introducing new regulations to address emerging cyber risks. A significant aspect is the formation of dedicated cybercrime cells and specialized law enforcement agencies. CERT-In provides critical alerts and coordinates responses to cybersecurity incidents. While NCSP 2013 sets a foundational framework for India’s cybersecurity strategy, its success relies on addressing legal limitations, improving agency capabilities, and ensuring equitable access to resources and training. Future efforts should refine existing policies, strengthen institutions like CERT-In, and develop comprehensive strategies to manage evolving cyber threats.

National Cyber Security Strategy 

This draft strategy aims to improve the security of cyberspace by focusing on governance, resilience, and capability development. It emphasizes the importance of international cooperation in cyber defense. One of the pivotal aspects of NCSS 2020 is the focus on strengthening cyber threat intelligence. India has been a frequent target of cyber-attacks, with incidents such as the malware attack on the Kudankulam Nuclear Power Plant in 2019 highlighting vulnerabilities in critical sectors. The strategy emphasizes the establishment of a National Cyber Security Operations Centre (NCSOC) to ensure real-time threat monitoring and response. By leveraging advanced technologies like artificial intelligence (AI) and machine learning (ML), the NCSOC aims to predict, prevent, and mitigate cyber threats more effectively.

 Data Protection and Privacy

The Personal Data Protection Bill, 2019, underscores India's commitment to data privacy. It aligns with global standards like the GDPR, signaling India's intent to harmonize its data protection laws with international norms. the bill introduces the concept of data fiduciaries, akin to data controllers in the GDPR, who are responsible for processing personal data and ensuring compliance with the law. This accountability framework is essential for fostering trust in the digital economy. It places a burden on companies to implement robust data protection measures and be transparent about their data processing activities. For example, tech giants like Google and Facebook, which collect vast amounts of user data, will be required to overhaul their data handling practices to meet the stringent requirements of the bill. Critics argue that certain provisions grant excessive power to the government, potentially undermining the very privacy protections the bill seeks to establish.

Cyber Attacks and Diplomacy: The Case of China

In 2020, cyberattacks attributed to Chinese groups targeted Indian power grids, financial institutions, and healthcare systems. These incidents underscored the geopolitical tensions between the two countries. India's response combined technical defenses and diplomatic measures. By raising the issue in international forums, India sought to highlight the risks posed by state-sponsored cyber activities. This case illustrates how cyber incidents can escalate into broader diplomatic conflicts and necessitate a coordinated policy response.

India-US Cybersecurity Cooperation

The Indo-US Cyber Framework, signed in 2016 and renewed in 2021, highlights India's collaborative approach to cyber defense. This agreement promotes the exchange of cyber threat information, best practices, and joint exercises to build a strong defense against common adversaries. It allows both nations to share intelligence on cyber threats and vulnerabilities. For instance, during the 2017 WannaCry ransomware attack, the framework enabled the US to provide insights into the malware’s behavior and mitigation strategies, aiding India’s response. Additionally, the “Cybersecurity Cooperation Framework” includes joint training exercises simulating real-world cyber-attacks to test and improve both countries’ defense mechanisms, reinforcing their overall cyber defense posture.

 Regional Cooperation: BIMSTEC and ASEAN

India engages with regional organizations like BIMSTEC (Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation) and ASEAN (Association of Southeast Asian Nations) to address cybersecurity challenges. Initiatives such as the BIMSTEC Network of Policy Think Tanks and the ASEAN-India Track 1.5 Dialogue on Cyber Issues foster dialogue and capacity-building. These platforms enable India to share expertise, harmonize cyber policies, and build collective resilience against cyber threats.

 Challenges and Criticisms

India’s cybersecurity landscape is criticized for its fragmented approach, with different agencies managing various cyber policies, causing inefficiencies. Building a robust cyber defense requires significant investment in technology, skilled personnel, and research, but resource constraints hinder full implementation. Although there has been progress in data protection, comprehensive cybersecurity legislation remains absent, affecting enforcement and international cooperation. A NASSCOM report estimates that India needs around ₹8,000 crore ($1 billion) annually for cybersecurity; yet its actual spending is far below this target, weakening cyber defenses. Additionally, India faces challenges in balancing national sovereignty with international norms, as seen in its stance on UN cybersecurity norms, where it must navigate complex international frameworks while protecting strategic interests.

Future Directions

Enacting comprehensive cybersecurity laws will establish a strong legal framework to address emerging threats, with guidelines for critical infrastructure protection, data privacy, and international cooperation. Key actions include investing in capacity building through training professionals, supporting research, and fostering public-private partnerships. Strengthening international collaborations is crucial; India should engage in global cyber dialogues, contribute to international norms, and build alliances to combat threats. Enhancing public awareness through education on safe online practices is essential for grassroots risk mitigation. India should also participate in forums like the UNGGE and GFCE to influence global cybersecurity policies and standards.

 As cyberspace becomes a contested domain, integrating cybersecurity into foreign policy is imperative for safeguarding national interests. India's approach, characterized by strategic frameworks, international cooperation, and capacity building, reflects a comprehensive understanding of these dynamics. However, addressing challenges such as legislative gaps, resource constraints, and coordination issues remains crucial. By adopting a holistic strategy, India can strengthen its cybersecurity posture, ensuring resilience against evolving cyber threats and maintaining its strategic edge on the global stage. Resource constraints also pose a significant hurdle. The development and maintenance of advanced cybersecurity infrastructure require substantial financial and human resources.

 References

1. Ministry of Electronics and Information Technology, Government of India. National Cyber Security Policy 2013. https://www.meity.gov.in/content/national-cyber-security-policy-2013-0

2. National Security Council Secretariat (NSCS), Government of India. Draft National Cyber Security Strategy 2020. https://www.meity.gov.in/sites/upload_files/dit/files/compilation_comments_NCSPwebv2_18112011.pdf

3. PRSIndia. Personal Data Protection Bill, 2019. https://prsindia.org/billtrack/the-personal-data-protection-bill-2019#:~:text=The%20Personal%20Data%20Protection%20Bill%2C%202019%20was%20introduced%20in%20Lok,Protection%20Authority%20for%20the%20same.

4. The White House. FACT SHEET: United States and India Expand Major Defense Partnership. https://www.whitehouse.gov/briefing-room/statements-releases/2023/01/31/fact-sheet-united-states-and-india-elevate-strategic-partnership-with-the-initiative-on-critical-and-emerging-technology-icet/

5. Ministry of External Affairs, Government of India. India-BIMSTEC Relations. https://www.mea.gov.in/Portal/LegalTreatiesDoc/022M3847.pdf

6. ORF Online. ASEAN-India Centre at RIS. Track 1.5 Dialogue on Cyber Issues. https://www.orfonline.org/public/uploads/posts/pdf/20230504162642.pdf

7. International Telecommunication Union (ITU). Global Cybersecurity Index 2020. https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf

8. Council on Foreign Relations (CFR). Cybersecurity and Digital Policy Program. https://www.cfr.org/programs/digital-and-cyberspace-policy-program

9. NASSCOM. Technology Sector in India 2023: Strategic Review. https://nasscom.in/knowledge-center/publications/technology-sector-india-2023-strategic-review

(The author is a Master’s student of politics and international relations at Pondicherry University, India. Views are personal. His X handle is  https://twitter.com/LPKMR1?t=6OVQZ4kBfVZdNkDoRp8klA&s=09 and LinkedIn profile  https://www.linkedin.com/in/lipun-kumar-sanbad-191397281?utm_source=share&utm_campaign=share_via&utm_content=profile&utm_medium=android_app )