Cyber Security Architecture In India

In an increasingly fragmented global digital order, cybersecurity has emerged as a critical test of strategic autonomy. The divisions surrounding the United Nations Convention Against Cybercrime reveal the widening gap between shared principles and contested practices in cyberspace governance. As cyber threats grow transnational and technology-driven, countries like India face the dual challenge of securing its digital ecosystem while retaining institutional control over data and regulation. Cybersecurity, therefore, is no longer merely defensive; it is central to India’s role in shaping global digital governance. 

What are the Major Cyber Threats Confronting India? 

• AI-Enabled and Automated Cyber Attacks: The integration of artificial intelligence into cybercrime has significantly increased the scale, speed, and sophistication of attacks.
  • AI is being used to generate highly convincing phishing emails, deep fake audio/video impersonations, and adaptive malware that can evade traditional detection systems.  
  • Automated vulnerability scanning allows attackers to identify and exploit system weaknesses in real time, making cyber defences reactive rather than preventive.
    • For India, with its rapidly expanding digital public infrastructure, AI-driven attacks pose systemic risks. 
    • In 2024–25, Indian banks and NBFCs reported a surge in AI-generated phishing emails and voice-cloning scams, where fraudsters used deep fake audio to impersonate senior executives and authorise fund transfers. 
• Ransomware and Malware-as-a-Service (MaaS): Ransomware has evolved from isolated criminal activity into an organised, transnational business model.
  • Malware-as-a-Service enables even low-skill actors to launch complex attacks by renting ready-made tools. Ransomware accounted for one of the top three cyber threats reported to CERT-In in recent years. 
  • Indian sectors such as healthcare, municipal services, education, and MSMEs are increasingly targeted due to weak cyber hygiene and low recovery capacity.
    • For instance, AIIMS Delhi in 2022 suffered a major ransomware attack that paralysed patient registration, lab services, and OPDs for nearly two weeks, exposing vulnerabilities in critical healthcare systems. 
• Data Breaches and Exploitation of Cloud Vulnerabilities: As Indian institutions rapidly migrate to cloud-based systems, misconfigurations, weak access controls, and poor encryption practices have emerged as major vulnerabilities.
  • Large-scale data breaches expose sensitive personal, financial, and biometric data (eg, Aadhaar data leaked) , undermining citizen trust in digital governance.
    • For instance, In 2023, data linked to CoWIN beneficiaries, including names, Aadhaar-linked details, and phone numbers, was reportedly accessible through a Telegram bot, highlighting vulnerabilities in access controls and third-party integrations rather than core databases.  
  • Such breaches also have cross-border implications, complicating law enforcement and accountability. 
• Social Engineering and Digital Financial Fraud: Cybercriminals increasingly exploit human behaviour rather than technical loopholes, as seen in the rise of “digital arrest” scams.
  • UPI-based frauds, SIM-swap attacks, and fake investment platforms disproportionately affect first-time digital users.
    • This reflects the gap between rapid financial inclusion and digital literacy, making citizens the weakest link in cybersecurity. 
  • In 2024 alone, Indian citizens reported losses of over ₹22,845 crore to cyber fraud. This was a 206% increase from 2023’s reported ₹7,465 crore loss. 
• Attacks on Critical Information Infrastructure (CII): India’s power grids, telecom networks, transport systems, and financial markets are becoming high-value targets for cyberattacks.
  • Disruption of critical infrastructure can have cascading effects on public order, economic stability, and national security. 
    • The increasing interconnection of operational technology (OT) with IT systems has expanded the attack surface. Such threats blur the line between cybercrime and cyber warfare. 
  • For instance, in October 2020, a malware attack linked to foreign actors affected Mumbai’s power grid, causing widespread outages and raising alarms about cyber-physical attacks. 
• Advanced Persistent Threats (APTs) and State-Sponsored Espionage: APTs involve long-term, stealthy cyber intrusions aimed at espionage rather than immediate damage.
  • India faces growing risks of cyber-espionage targeting defence establishments, research institutions, strategic industries, and government databases.  
  • These attacks are often difficult to attribute and detect, allowing adversaries to siphon sensitive information over extended periods. APTs reflect the geo-politicisation of cyberspace.
    • In 2025, Maharashtra Cyber reportedly identified seven Advanced Persistent Threat (APT) groups that carried out over 15 lakh cyber attacks on critical infrastructure websites across India in the aftermath of the Pahalgam terror strike. 
• Internet of Things (IoT) and Identity-Based Threats: The rapid proliferation of IoT devices—smart meters, cameras, medical devices, and industrial sensors, has expanded India’s cyber threat surface. Many devices lack basic security features such as regular updates or strong authentication.
  • Simultaneously, identity theft and synthetic identities are being used to bypass authentication systems, enabling fraud and unauthorised access. These threats challenge conventional perimeter-based security models. 
  • For instance, compromised CCTV cameras and routers in Indian cities have been used to form botnets for DDoS attacks. 

What Steps Has India Taken to Address Rising Cyber Threats?   

• Institutional Strengthening – I4C and “Pratibimb” Deployment: The Indian Cyber Crime Coordination Centre (I4C) has been elevated to an “attached office” of the MHA to wage a data-driven war against the “Jamtara Model” of organized fraud.
  • By deploying the “Pratibimb” software, the state now maps the geospatial location of active SIMs used by cybercriminals in real-time, enabling physical raids rather than just digital blocks.
  • The Pratibimb module has significantly strengthened cybercrime enforcement by helping arrest over 6,000 accused, uncover 17,000+ criminal linkages, and assist in 36,000+ cyber investigations across India. 
• Strategic Indigenization- Project “Maya” and “Chakravyuh”: To eliminate “backdoor” vulnerabilities in foreign software, the Defense Ministry has replaced Microsoft Windows with the indigenous “Maya OS” (based on Ubuntu) across all internet-facing defense terminals.
  • This is fortified with “Chakravyuh,” a specialized endpoint detection system designed to create a deceptive layer that traps lateral movement by APT (Advanced Persistent Threat) groups. 
• Regulatory “Teeth”- CERT-In’s 6-Hour Reporting Mandate: The government has mandated that all service providers and data centres report cyber incidents to CERT-In within six hours of detection..
  • In 2025, CERT-In handled over 29.44 lakh cyber incidents, issuing 1,530 alerts, 390 vulnerability notes, and 65 advisories, reflecting large-scale national cyber response capability. 
• Supply Chain Hygiene- “Trusted Telecom Portal” & NCRF: Recognizing hardware as a Trojan horse, the government activated the “Trusted Telecom Portal” which bans telecom operators from sourcing gear from “non-trusted” nations (primarily targeting Chinese OEMs). 
  • Simultaneously, the National Cyber Security Reference Framework (NCRF 2024) has been finalized to guide critical sectors. 
  • For instance, the National Critical Information Infrastructure Protection Centre (NCIIPC) now actively audits key critical sectors (like Power).
    • Further, BSNL’s 4G rollout is completely compliant with the “Trusted Source” norms. 
• Citizen-Centric Firewalls- “Sanchar Saathi” and  “Chakshu” : The launch of “Sanchar Saathi” has democratized threat intelligence by allowing citizens to identify and disconnect unknown mobile connections registered in their name.
  • This was bolstered by the “Chakshu” facility (2024), which crowdsources data on suspected fraud communications (calls/WhatsApp), feeding directly into a centralized AI engine that blacklists repeat offenders across all telecom operators instantly. 
  • For instance, under Sanchar Saathi, as of December 2025, over 42 lakh stolen/lost mobile devices have been successfully blocked.. 
• Promotion of “Cyber Hygiene”- Cyber Swachhta Kendra (CSK): To counter the “silent” threat of botnets (zombie devices used for DDoS attacks), the government operates the Botnet Cleaning and Malware Analysis Centre.
  • This facility detects infected devices across ISP networks and provides free “cleaning tools” to citizens, actively reducing the nation’s “attack surface” by sanitizing compromised consumer electronics without user intervention. 
• Future-Proofing Sovereignty-“Bharat 6G Alliance”: Learning from the 5G experience, India is aggressively actively shaping 6G standards now to ensure future networks are “Secure by Design” rather than dependent on foreign proprietary tech.
  • The goal is to own the intellectual property (IP) for security protocols, ensuring that the next generation of critical telecom infrastructure is immune to foreign “kill switches” or surveillance backdoors. 
  • Bharat 6G Vision targets 10% of global 6G patents by 2030 to control security standards.
    • Further, based on India’s contributions, the ITU 6G Framework now includes ‘Ubiquitous Connectivity’ as one of the six usage scenarios of 6G and also includes coverage, interoperability and sustainability as capabilities of 6G technology. 
• Legislative Deterrence-Digital Personal Data Protection (DPDP) Act, 2023 :Moving from “guidelines” to “statutory liability,” this Act fundamentally alters the corporate security culture by imposing a “cost on negligence.”
  • It mandates that companies (Data Fiduciaries) implement robust encryption and safeguards not just for compliance but to avoid crippling financial penalties, effectively making cybersecurity a boardroom priority rather than just an IT concern.
    • For instance, the highest penalty up to ₹250 crore applies to failure of a Data Fiduciary to maintain reasonable security safeguards. 
  • Together, these provisions position India as a serious stakeholder in the global cyber governance framework, signalling a shift towards accountability-driven data protection standards.