India has made only modest progress in developing its policy and doctrine for cyberspace security despite the geostrategic instability of its region and a keen awareness of the cyber threat it faces, according to a new report by the International Institute for Strategic Studies (IISS).
The report ‘Cyber Capabilities and National Power: A Net Assessment’, which has assessed cyber power for 15 countries, said while India has cyber-intelligence and offensive cyber capabilities, they are regionally focused, principally on Pakistan.
Third-tier power
“From the little evidence available on India’s offensive cyber capability, it is safe to assume it is Pakistan-focused and regionally effective. Overall, India is a third-tier cyber power whose best chance of progressing to the second tier is by harnessing its great digital-industrial potential and adopting a whole-of-society approach to improving its cyber security.”
The report divides the countries into three tiers based on analysis of core cyber-intelligence capabilities, cyber security and resilience, strategy and doctrine and offensive cyber capability. The U.S. is the only country in tier one with world-leading strengths in all categories, while countries like Australia, Canada, China, France, Israel, Russia and the United Kingdom are placed in tier two. India, along with Indonesia, Iran, Japan, Malaysia, North Korea and Vietnam, are in tier three with “potential strengths in some categories but significant weaknesses in others”.
India’s intelligence priorities are deeply shaped by internal and external terrorist threats, internal political violence and the ongoing conflict with Pakistan over Kashmir, it said. “Beyond the domestic threats, India’s cyber-intelligence capabilities have unsurprisingly been focused on its near abroad, particularly Pakistan. For example, there are indications that, since about 2010, Indian cyber teams have been targeting IP addresses in Pakistan [and to a lesser extent in China], as well as secessionist movements within India itself, in a significant cyber-surveillance and cyber-espionage operation.”
Further afield, however, India’s cyber-intelligence reach appears weak: it tends to rely on partnerships such as those with the U.S., the U.K. and France for a higher level of cyber situational awareness and to help it develop a greater reach of its own in future, the think tank said.
Large talent pool
It said the strengths of the digital economy include a vibrant start-up culture and a very large talent pool. The private sector has moved more quickly than the government in promoting national cyber security.
“As a nuclear power with large conventional forces, a burgeoning digital economy and a determination to increase its geopolitical influence, India is the target of cyber espionage by a wide range of states. However, it knows its defensive capabilities are relatively weak,” it said, adding that as a result, the country pursues diplomatic efforts to bring the governance of cyberspace within the rules-based international order, while maintaining a realistic approach to dealing with the states that are targeting its networks.
