India is still a long way from emerging as a credible cyber power, according to a report

Not much progress has happened on India’s cyber power front even two years after a report ranked India as 21st among 30 countries that had either overtly or covertly indicated their desire to be a cyber power. Released in September 2020, the comprehensive global report, “National Cyber Power Index”, was published by the Belfer Centre of Harvard Kennedy School, USA, and was authored by Eric Rosenbach Co-Director, Belfer Centre, former Chief of Staff and Assistant Secretary for the US Department of Defence. The report measured these 30 countries on the perimeter of seven national objectives, using 32 intent indicators and 27 capability indicators. Not surprisingly, the US came first, followed by China.

The report had defined cyber power as a situation when a country effectively develops cyber capabilities to achieve its national objectives. The fact that India was found to be way behind even relatively smaller countries like Vietnam, Malaysia, Spain, Sweden, New Zealand, Singapore, among others, when it came to cyber capabilities as the ranking showed, confirmed the long-held theory that India was still a long way away from emerging as a credible cyber power.

The study report by the Belfer Centre was released more than one year after the Government of India had in May 2019 announced to set up a specialised Defence Cyber Agency (DCyA) that would function under the Ministry of Defence (MoD). The primary objective of this organization, that is headed by a Rear Admiral rank officer, and is the first joint cyber group of the tri-services, was to achieve India’s “national objectives” when it comes to the cyber space. The said body officially became operational in November 2019 and, according to unofficial sources, has 150 experts under it. Its achievements, if any, till now have not been made public. While world over, similar agencies, too, have preferred to stay away from putting out the “offensive” work that they do in public domain, the work that can be classified as “defensive” which generally connotes stopping a state-backed cyber-attack on critical institutions, are made public—something which the DCyA has not done so far.

Since DCyA’s inception, India has faced multiple critical cyber-attacks that have emanated from China, including breaking into the network of power grids of the country, that also led to the massive power outage in Mumbai, India’s financial capital, in October 2020, just days after the June Galwan clash. What the role played by the DCyA was, if any, before and after these China-backed cyber-attacks, has not been revealed. Whether it was required to stop these attacks, or mount similar attacks following these Chinese activities, too, has not been made public.

According to officials, the DCyA is still in its initial days and hence it would be unrealistic to expect it to perform miracles on the lines of what the other global agencies do. A report tabled by the Standing Committee on Defence, Lok Sabha, in February 2021 had indicated about the shortage of funds that was impending the work of the DCyA. “The projection under miscellaneous expenditure was Rs 660.94 crore, while allotment is Rs 294.00 crore. The Committee was informed during evidence that the carry forward burden from previous year is Rs 32.14 crore. Hence, the net availability is Rs 261.86 crore. Thus, the net shortfall is Rs 399.08 crore. The implications of shortfall in miscellaneous expenditure include inability to operationalise DSA /DCYA /AFSOD,” the report said.

The government is yet to officially announce the budgetary allocation that has been done to the DCyA. However, the reading of the Lok Sabha standing committee report makes it clear that the three special commands [Defense Space Agency (DSA), Armed Forces Special Operations Division (AFSOD) and DCyA] that were announced in May 2019, needed Rs 660 crore, but were allotted Rs 261 crore.

The Delhi-based Vivekananda International Foundation (VIF), an influential think that works in the sphere of India’s strategic planning, had in March 2019, published a seminal work titled, “Credible Cyber Deterrence in Armed Forces of India” which laid down the background and the playground rules that India needs to follow to emerge as an effective cyber power. In that document, it was stated that among the many objectives of DCyA, a primary task would be to conduct cyber enabled operations with kinetic power and recruit, train and deploy “cyber modules” and “lone wolf” operators for strategic intelligence and special tasks.

In May this year, South Korea’s spy agency, National Intelligence Service (NIS) became the first Asian country to join North Atlantic Treaty Organization NATO’s Cyber Defence Group. The cyber-defence group, which is based in Tallinn, Estonia, was established in May 2008. The NIS had submitted its application to join the group in 2019. It was given the membership only after it showed its capabilities and the power that it will bring to the table that has 27 NATO member countries and five contributing participants which are non-NATO countries, while participating in the world’s largest international live-fire cyber-defence exercise, “Locked Shields”. The other two countries who joined this body along with Korea were Canada and Luxembourg.

The induction of Korea was demanded by certain members of this group to better understand and counter the cyber threat posed by China, something which India is also facing. However, South Korea was chosen as the first Asian country to join this elite group which also proves that offensive cyber capabilities of Indian agencies, entrusted with the said job, are still in the nascent stage when it comes to global competition.