Over the past few years, India has been paying increasing attention to the threats of crime, terrorism, and espionage in cyberspace.

At the end of November 2014, India’s Communications and IT Minister, Ravi Shankar Prasad, cited official statistics that showed tens of thousands of cyber security breaches in recent years, including incidents of phishing, scanning, spam, malicious code, and website intrusions.

Petr Topychkanov
Topychkanov was a fellow in the Carnegie Moscow Center’s Nonproliferation Program.
More >

There is no question that India faces a significant cyberspace threat and that the number of cyber-attacks on Indian government structures is on the rise. The telecommunication and banking industries are also under threat. Ordinary Internet and mobile phone users frequently fall victim to these attacks. According to Kaspersky Lab, 7.9 percent of attacks on mobile devices in the world occurred in India, which made the country second only to Russia by number of such attacks.

In alphabetical order, Algeria, Bangladesh, Brazil, China, the European Union, Pakistan, Turkey, United Arab Emirates, and the United States topped the list of the states whose territories were used to launch cyber-attacks against India. Hacker groups with ties to governments and/or radical and terrorist organizations and organized crime figure prominently among the attackers.

India officially recognizes the poor state of its offensive and defensive cyber technologies. Apart from breaches of security protocol and inadequate monitoring and defense, India’s vulnerability in cyberspace stems from the import and use of foreign software and telecommunication equipment.

For instance, in 2009, the National Technical Research Organization purchased encryption devices for the Indian Air Force from the India-based Bharat Electronics Ltd, but it was subsequently discovered that the devices were made in China.

India is reacting to the spike in cybercrime. A total of 1,791, 2,876 and 4,356 cybercrime cases were registered under the Information Technology Act in 2011, 2012 and 2013. Some of these were classified under the cybercrime-related sections of the Indian Penal Code: a total of 422 (23.6 percent of all cases), 601 (20.9 percent) and 1,337 cases (30.7 percent) in 2011, 2012 and 2013, respectively. However, only 1 percent of those charged were convicted, which points to flaws in Indian law, as well as to the country’s limited law enforcement capabilities in the sphere of cybercrime.

The growing cyber threat should force India to take more active steps toward developing both offensive and defensive technologies in cyberspace. The state also needs to increase coordination between its agencies and develop a roadmap for guaranteeing cyberspace security. In the absence of a single strategy, about a dozen Indian agencies often find themselves out of sync with one another, which lowers the effectiveness of the steps they take, especially in light of the limited resources (7.8 million dollars in 2013) committed to their fight against cyber threats.

  • Petr Topychkanov