India’s “regionally effective” offensive cyber capabilities remain focused on Pakistan, and aren’t tuned towards China, a new report by the International Institute for Strategic Studies (IISS) suggests.
In its report titled ‘Cyber Capabilities and National Power: A Net Assessment’, the think tank has done a qualitative assessment of the cyber capabilities of 15 major countries. Besides India, the report analysis the cyber capabilities of the United States, the United Kingdom, Canada, China, Russia, North Korea, Japan, and Israel, among others.
The research paper suggests that India has made “only modest progress” in developing its policy and doctrine for cyberspace security despite the geostrategic instability of South Asia and “awareness of the cyber threat it faces”.
“Its (India’s) approach towards institutional reform of cyber governance has been slow and incremental, with the key coordinating authorities for cybersecurity in the civil and military domains only established in 2018 and 2019, respectively,” the report suggested.
Researchers said that while India has a good regional cyber-intelligence reach, it relies on partners such as the United States, for a wider insight.
It also noted that the private sector has moved more quickly than the government in promoting national cybersecurity. “The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states.”
“From the little evidence available on India’s offensive cyber capability, it is safe to assume it is Pakistan-focused and regionally effective,” IISS said in the report.
It placed India in tier three of cyber powers whose best chance of progressing to the upper tier is “by harnessing its great digital industrial potential” and adopting a “whole-of-society approach to improving its cybersecurity”. China was placed in tier two.
In March, it was reported that the major power outage caused in Mumbai in October 2020 was the result of a Chinese cyber-attack. These reports were rejected by the Indian government. Beijing had also said it was 'highly irresponsible to blame it for the incident without sufficient evidence.India’s cybersecurity focus on Pakistan will have given useful operational experience and some viable regional offensive cyber capabilities. “[However] It will need to expand its cyber-intelligence reach to be able to deliver sophisticated offensive effect further afield, but its close collaboration with international partners, especially the US, will help it in that regard,” the report suggested.