The digital battlefield demands a proactive stance; India’s cyber counterattack will set the tone.
The recent Pahalgam attack has brought forward a new scenario for India. The nation now needs to be prepared for new kinds of attacks on its cyber assets and critical information infrastructure. India has always been a potential target for such attacks, and the ability of adversaries to execute them in the current circumstances has become significantly enhanced. Logically speaking, targeting critical information infrastructure in India could likely become a priority for state and non-state actors seeking to prejudicially impact the growth, progress, and prosperity of the nation.
The government is doing its own bit in terms of protecting critical information infrastructure. The National Information Infrastructure Protection Centre is doing a remarkable job in this regard. However, from a legal standpoint, India remains significantly behind other nations.
Currently, India does not have a dedicated law on cybersecurity. We also lack a comprehensive legal framework that can quickly address all issues pertaining to the protection of critical information infrastructure. The National Cyber Security Policy of 2013 was a promising document but remained largely a paper tiger without effective implementation.
At a time when AI-powered attacks are being targeted at Indian critical information infrastructure, India needs to develop a new approach. Not only does the country require dedicated legislation on cybersecurity, but it also needs to develop distinctive approaches to deal with AI-powered cybersecurity breaches through appropriate AI-powered responses.
India needs to deploy artificial intelligence for protecting its critical information infrastructure in a measured, human-controlled approach. The recent episodes in Spain, where massive electricity outages resulted in airports and trains coming to a grinding halt, demonstrate how networks and critical information infrastructure can be targeted. The possibility of similar attacks being directed against India cannot be ruled out.
India needs to establish a comprehensive National Cyber Resilience Plan. Such a plan is crucial for creating a resilient mindset in the Indian context. Unfortunately, in India, we still don’t give sufficient focus to cyber resilience, a concept that has gained tremendous importance globally in recent years.
The European Union, for instance, has introduced new legislation in the form of the EU Cyber Resilience Act, primarily aimed at promoting the growth and adoption of cyber resilience practices. India needs a detailed action plan outlining the response protocols in the event of an attack on its critical information infrastructure. This includes adequate definition of rights, duties, and responsibilities for all stakeholders regarding actions to be taken during a cyber attack.
The Information Technology Act of 2000 is now a 25-year-old legislation that has outlived its utility. It’s time for a comprehensive update rather than piecemeal amendments to Indian cyberlaw. The IT Act needs to be modernized with new provisions that effectively mirror the realities of emerging cybersecurity challenges.
The need of the hour is to move away from a knee-jerk reaction approach to a proactive investment in enabling legal frameworks for the protection of critical information infrastructure. This represents a good starting point, but much more needs to be done.
This becomes even more important because cybersecurity is directly connected to the protection and preservation of Indian sovereignty, security, integrity, and cyber sovereign interests. India is an important aspect of the global cybersecurity landscape, and what India does in terms of protecting its critical information infrastructure will go a long way in establishing benchmarking standards for other countries to follow.
India should adopt a collaborative approach where the public and private sectors work together holistically, contributing in their own ways to the protection and preservation of critical information infrastructure and the overall cybersecurity of the Indian cyber ecosystem.
