GS Paper III · Internal Security · Unit 3 · April 2026
💻 Challenges to Internal Security through Communication Networks
Cyber Threats · State-Sponsored Warfare · Ransomware · Social Media & Radicalisation · Deepfakes · AI · 5G · CII · Media Threats · Operation Sindoor Cyber War · India's Counter-Strategy · DPDPA 2023
Exam Compass — Highest PYQ-Density Topic in GS3
Asked EVERY year since 2013 · What UPSC tests · Key frameworks · 2025 current affairs
📌 The Defining Quote — Use in Every Intro
"Cyberspace is the fifth domain of warfare, alongside land, sea, air, and space." — General Bipin Rawat, India's first Chief of Defence Staff. This quote frames cybersecurity as a national security issue, not merely a technical one — exactly how UPSC wants you to treat it.
🎯 What UPSC Wants (Based on 10 Years of PYQs)
⚠️ High-Value Distinctions UPSC Tests
370M
Malware attacks on India in 2024 (DSCI)
1M+
Ransomware attacks detected in 2024
2,011
Cyberattacks/week on Indian orgs (2025)
46%
Year-on-year increase in cyberattacks
1.5M
Attacks during Op Sindoor (May 2025)
2024
UN Cybercrime Convention adopted
Communication Networks & Critical Information Infrastructure
What Makes Networks Critical · CII Definition · Cascading Effect · Digital India Vulnerabilities
📖 Cyberspace — Definition
Per India's National Cyber Security Policy (NCSP 2013): "Cyberspace is a complex environment involving interactions between people, software, and services supported by global ICT networks." It is borderless, intangible, and offers anonymity — making it incredibly difficult to defend against malicious activities. Unlike physical domains, cyberspace has no territorial boundaries, making sovereignty, attribution, and jurisdiction extremely challenging.
🔌 Components of Communication Networks
Physical: Optical fibre cables, undersea cables, satellites. Wireless: Cellular (2G-5G), Wi-Fi, radio systems. Hardware/Software: Routers, servers, operating systems, applications. Key vulnerability: In 2024, damage to undersea cables in the Red Sea disrupted 25% of data traffic between Europe and Asia — showing how physical attacks create digital crises.
🏛️ Critical Information Infrastructure (CII)
Under Section 70 of IT Act 2000, CII refers to systems whose disruption would seriously impact national security, economy, public health, or safety. Recently declared as CII: ICICI Bank, HDFC Bank, NPCI IT resources. Sectors: banking, power grids, transport, healthcare, defence, telecom. Managed by NCIIPC (National Critical Information Infrastructure Protection Centre).
⚠️ The Cascading Effect — Must Explain in Mains
Modern critical sectors — finance, energy, banking, transport, healthcare, defence — are deeply interdependent and connected through communication networks. A failure in one triggers a "cascading effect" across others. Example: A cyberattack on the power grid could paralyse the banking system, ground transportation, disable emergency services — causing chaos far beyond the initial target. This interdependence is what makes CII attacks so dangerous and attractive to adversaries.
🔍 Digital India — Dual-Edged Sword
India's rapid digital transformation — UPI payments, e-governance, cloud adoption, 820 million internet users — has created massive economic benefits but also exponentially expanded the attack surface. Digital India, Smart Cities Mission, and e-governance success is directly dependent on a secure digital ecosystem. India is now a high-value target precisely because of its digital success.
Cyber Threats — Classification & Typology
Cyber Warfare · Cyber Espionage · Cybercrime · Cyber Terrorism · The Key Distinctions
🔑 The Core Distinction — Memorise This
Motivation is what separates the three main cyber threat types:
• Cyber Warfare — State-on-state; motivation = political/military disruption
• Cybercrime — Criminals; motivation = financial gain (ransomware, fraud, theft)
• Cyber Terrorism — Non-state actors with ideological goals; motivation = spread terror, advance political agenda
A single attack can overlap multiple categories (e.g., state-sponsored hackers committing what appears to be cybercrime to hide attribution).
• Cyber Warfare — State-on-state; motivation = political/military disruption
• Cybercrime — Criminals; motivation = financial gain (ransomware, fraud, theft)
• Cyber Terrorism — Non-state actors with ideological goals; motivation = spread terror, advance political agenda
A single attack can overlap multiple categories (e.g., state-sponsored hackers committing what appears to be cybercrime to hide attribution).
① Cyber Warfare — State-Sponsored Digital AssaultState Actor
Definition
Use of computer technology by a state to disrupt the activities of another state — attacking information systems for strategic, political, or military advantage. Unlike espionage (covert theft), cyber warfare aims for disruption and destruction.
India's Adversaries
China (APT Groups): State-linked hackers target India's critical infrastructure, government agencies, financial institutions. Escalated significantly since Galwan (2020) and Operation Sindoor (2025). Pakistan (APT36): Orchestrates DDoS, malware, phishing campaigns — especially during military tensions. During Op Sindoor: 1.5M attacks on Indian infrastructure including power grid (200K attacks), Income Tax, HAL, Railways, BSNL.
Grey-Zone Cyber Ops
Most state-sponsored cyber ops fall in the grey zone — designed to cause damage below the threshold of armed conflict. Example: 2020 cyberattack on Maharashtra power grid (attributed to China) during LAC standoff — a coercive signal without triggering conventional retaliation. Salami slicing in cyberspace mirrors salami slicing on the LAC.
Global Example
NSA surveillance (Snowden revelations) exposed large-scale US espionage including against India. Chinese Zhenhua Data leak revealed a state-linked company collecting vast personal data on foreign leaders, military figures, and influential individuals globally — digital threat intelligence gathering at an unprecedented scale.
② Cybercrime — Attacks for Financial Gain & DisruptionCriminal
Ransomware
Malware that encrypts victim's data and demands payment for decryption key. AIIMS New Delhi (Nov 2022): Ransomware attack took servers offline for 30+ hours — patient data of approx. 40 million compromised. Surgeries and appointments disrupted. WannaCry (2017): Hit AP Police systems and Mumbai JNPT port. India 2024: 1 million+ ransomware attacks detected. Healthcare, financial services, and BFSI are primary targets.
Data Breaches
BSNL (2024): Major telecom data breach exposing subscriber data. Hathway (2024): 41 million customer records leaked including Aadhaar details. SPARSH Defence Portal: Pensioner IDs and bank details of military personnel exposed. India saw 46% year-on-year increase in cyberattacks — averaging 3,201 attacks per week.
Financial Fraud
Phishing, vishing, UPI fraud exploiting India's massive digital payment base (UPI: 100B+ transactions in 2024). AI-phishing attacks on Indian banks using deepfake voices of senior executives to authorise fraudulent transfers. LockBit ransomware targeted Motilal Oswal (financial broker) threatening to release client data unless ransom paid.
Dark Web & Crypto
Stolen Indian data routinely appears on dark web forums for sale. Cryptocurrency (Bitcoin, Monero) used for ransomware payments and anonymous financial transactions — difficult for FIU-IND to trace. India's FIU-IND froze ₹1,200 crore in hawala/crypto-linked terror financing in 2022-23, but crypto remains a significant regulatory gap.
③ Cyber Terrorism — Digital Front of FearIdeological
Definition
Use of cyber capabilities to advance political or ideological objectives by spreading terror. Key distinction from cybercrime: Cyberterrorists don't seek financial gain — they seek political impact. An attack to steal credit card data = cybercrime; an attack to shut down a power grid to advance an extremist agenda = cyber terrorism.
Targets
Critical National Infrastructure (power grids, water supply, hospitals, transportation). Media platforms (to spread propaganda). Financial systems (to create economic panic). Government communications (to disrupt governance). Public platforms (to spread disinformation and inflame tensions).
Disinformation as Terror
During Operation Sindoor (2025), Pakistan-linked accounts ran coordinated disinformation campaigns portraying the Pahalgam attack as a "false flag," misrepresenting Op Sindoor as targeting civilians, and falsely claiming Indian military facilities were heavily damaged. Maharashtra Cyber's "Road of Sindoor" report documented 1.5M attacks — of which 150 successfully breached Indian digital infrastructure.
Key Cyber Incidents in India — Case Studies
AIIMS · Pegasus · Power Grid · BSNL · Hathway · WannaCry · Operation Sindoor Cyber Dimension
2022
AIIMS New Delhi Ransomware Attack — Server offline 30+ hours. Patient data of ~40 million potentially compromised. OPD, IPD, and lab services disrupted. Surgeries rescheduled. Highlighted catastrophic vulnerability of healthcare to cyber threats. Attacker demanded cryptocurrency ransom. Lesson: Critical health infrastructure needs dedicated cyber resilience — not just IT security.
2021
Pegasus Spyware — Alleged Political Surveillance — NSO Group's military-grade spyware allegedly used to target Indian journalists, opposition politicians, activists, and bureaucrats. Exploits zero-day vulnerabilities in mobile phones (iOS and Android). Can extract messages, activate camera/microphone, access passwords without user interaction. Created major privacy and governance controversy.
2020
Maharashtra Power Grid Attack — Attributed to Chinese APT group "Red Echo." 12 Indian power sector organisations targeted with malware. Mumbai experienced a major power outage in October 2020 — suspected connection. Demonstrated how China uses grey-zone cyber operations during military standoffs (Galwan was ongoing). Exposed critical OT (operational technology) vulnerabilities.
2024
BSNL Data Breach — Massive telecom data breach exposing subscriber data. Hathway Breach: 41 million customers' Aadhaar details, email and home addresses leaked via Laravel framework vulnerability. SPARSH Portal (Defence): Military pensioner IDs and bank details exposed via credential stuffing — national security implications. These breaches reflect systematic targeting of India's digital infrastructure at scale.
2025
Operation Sindoor — Cyber Warfare Dimension — Over 1.5 million cyberattacks on Indian infrastructure after May 7, 2025. APT36 (Pakistan) launched malware campaigns from late April 2025. DDoS attacks: President's website (19 hours), Power Grid (200,000 attacks), Income Tax, HAL, Indian Railways, BSNL. GPS spoofing also detected. Hacktivist groups from Bangladesh, Indonesia, Morocco obfuscated attribution. India's CERT-In, NCCC, and NCIIPC activated to coordinate response.
Operation Sindoor — The Cyber Dimension (2025)
First India-Pakistan Cyber War · APT36 · DDoS · Disinformation · India's Response
🚨 Most Examinable 2025 Current Affairs for UPSC
Operation Sindoor demonstrated for the first time that India-Pakistan conflict now has a fully integrated cyber dimension — making it the most relevant and exam-ready current event for Unit 3. Any UPSC question on cyber threats in 2026 can be anchored to this event.
Op Sindoor — Cyber War Timeline & AnalysisCurrent Affairs 2025
Pre-Op Phase
From April 17, 2025 — two days after the Pahalgam attack — Pakistan's APT36 group began reconnaissance operations against Indian government mail servers and defence infrastructure. Lure files designed to mimic urgency and legitimacy circulated to deceive officials. This pre-positioning before kinetic attacks is a hallmark of modern hybrid warfare.
Hacktivist Wave
April 23-26, 2025: Religiously-motivated hacktivist cells defaced exposed Indian websites. DDoS attacks surged dramatically between April 22 and May 10, 2025 — peaking at 7 attacks per hour on May 7 (the day of Operation Sindoor kinetic strikes). Tactics: DDoS, website defacement, data leaks, malware infiltration.
Scale of Attack
Maharashtra Cyber's "Road of Sindoor" report: 1.5 million cyberattacks; 150 successful breaches. Targets: Income Tax Department, HAL (Hindustan Aeronautics), Indian Railways, BSNL, Power Grid Corporation, President's website (19-hour DDoS). Also: GPS spoofing detected. Coordinated attacks from groups in Pakistan, Bangladesh, Indonesia, Morocco — deliberate obfuscation of attribution.
Disinformation War
Pakistani social media handles ran coordinated campaigns: (1) Portraying Pahalgam as a "false flag" operation, (2) Claiming Op Sindoor targeted civilians, (3) Questioning Indian military capabilities, (4) Fabricating footage of supposed Indian military losses. India released official videos to counter key false narratives. But fact-checkers were often left to respond without official backup — exposing a strategic communication gap.
India's Cyber Response
CERT-In, NCCC, and NCIIPC activated. India also launched its own cyber operations — Pakistani social media handles posted suspicious information and then retracted, suggesting successful counter-cyber pressure. India requested X (Twitter) to block 8,000+ Pakistan-linked accounts spreading disinformation. PIB Fact Check portal ran continuously to debunk false narratives.
Strategic Lesson
Cyberspace is now an integral theatre of modern conflict — not an add-on. Any future India-Pakistan or India-China kinetic conflict will have a simultaneous, fully coordinated cyber dimension. India needs a dedicated Cyber Command (currently under planning as part of Integrated Theatre Commands) and a formal National Cyber Warfare Doctrine.
Emerging Cyber Threats — Next Generation Challenges
5G Security · AI as Dual-Use · Deepfakes · Quantum Computing · Undersea Cables
📡 5G Security Implications
Massive attack surface expansion: 5G connects billions of IoT devices — each is a potential entry point. Software-defined networks are more flexible but also more vulnerable to software exploits than hardware-based 4G. Chinese equipment concern: Dominance of Huawei/ZTE in global 5G supply chain raises backdoor access and espionage concerns. India banned Chinese telecom equipment in sensitive areas. TRAI's role in ensuring 5G security standards is critical.
🤖 AI as a Dual-Use Technology
Offensive use: AI generates highly sophisticated phishing campaigns, personalised attack vectors, deepfakes for disinformation, automated malware that adapts to evade detection. DSCI 2025 report: AI-driven attacks will dominate the 2025 threat landscape. Defensive use: AI/ML for real-time threat monitoring, anomaly detection, predictive threat intelligence, automated incident response. The side that uses AI better in cyberspace will have decisive advantage.
🎭 Deepfakes — Weaponised Disinformation
AI-synthesised videos/audio create highly convincing false content. Uses: propaganda, defaming public figures, fabricating evidence, inciting communal unrest. Ukraine war (2022): Deepfake video of Zelenskyy "surrendering" circulated to demoralise troops. India: Deepfake videos of politicians circulated to create communal tension before elections. Challenge: No dedicated deepfake legislation yet in India — DPDPA and IT Act don't fully address this.
🌊 Undersea Cable Vulnerabilities
95% of global internet traffic travels through undersea cables. In 2024, Houthi rebel attacks on Red Sea undersea cables disrupted 25% of data traffic between Europe and Asia. India's connectivity to the world depends on landing stations at Chennai, Mumbai, Kochi. Physical attacks on cables = digital crisis without firing a single cyber weapon. Protection of undersea cable landing stations is now a national security priority.
⚛️ Quantum Computing Threat
Future quantum computers can break current RSA/AES encryption — threatening all encrypted communications, banking transactions, and classified government data. "Harvest now, decrypt later" strategy: adversaries already harvesting encrypted data to decrypt when quantum computing matures. India needs to invest in Post-Quantum Cryptography (PQC) standards. NIST (USA) released PQC standards in 2024 — India must align.
💰 Crypto-Terror Financing
ISIS, Al-Qaeda, and Pakistan-linked groups increasingly use Bitcoin, Monero for anonymous, decentralised, global terror financing. Evades traditional banking surveillance and FATF monitoring. FIU-IND's hawala crackdowns don't reach crypto effectively. India's challenge: No comprehensive crypto regulation framework yet. Virtual Digital Assets (VDA) rules under MoF are nascent. Crypto remains the most significant regulatory gap in India's counter-terror financing architecture.
Role of Media & Social Media in Internal Security Challenges
Broadcast Media Threats · Fake News · Radicalisation · Echo Chambers · Filter Bubbles · Disinformation
📡 Broadcast & Print Media — Security Threats
🔴 Revealing Operational Details
Live, minute-by-minute reporting of military or anti-terror operations is the most direct media security threat. During 26/11 Mumbai attacks, the Supreme Court heavily criticised TV channels for showing real-time movements of security forces — information that terrorists inside the Taj Hotel were monitoring via TV. India does not have a formal wartime media protocol (unlike the UK's D-Notice system). During Op Sindoor (2025), Indian media had to be repeatedly cautioned not to reveal sensitive operational details.
📰 Sensationalisation & Communal Content
Media can amplify communal tensions by: sensationalising violent incidents with religious framing, running unverified reports that inflame communities, platforming hate speech. "Paid news" and partisan reporting undermine democratic accountability. TRP-driven journalism prioritises drama over accuracy — particularly dangerous during terrorism incidents where fear amplification itself is the terrorist's goal. "Propaganda by the deed" requires media amplification to work — irresponsible journalism becomes part of the attack.
📱 Social Media — The Evolving Threat Matrix
Social Media Threats to Internal Security — 5 DimensionsCritical
Radicalisation
Terrorist and extremist groups have weaponised social media — social media plays a role in up to 90% of radicalisation cases. ISIS, Al-Qaeda use Telegram, encrypted WhatsApp groups, and YouTube for spreading ideology. Coded language and symbols evade automated detection. Lone wolves — Coimbatore (2022), Bengaluru Café (2024) — were radicalised entirely online. Filter bubbles created by recommendation algorithms accelerate radicalisation by only showing content that reinforces existing beliefs, leading to extremism.
Fake News & Disinformation
Viral misinformation during communal incidents, election periods, and military crises. During Op Sindoor (2025): Pakistani state and non-state actors ran coordinated disinformation portraying the Pahalgam attack as a "false flag" and fabricating Indian military losses. Weaponised disinformation is now a core state strategy — as potent as kinetic weapons in shaping public perception and morale.
Echo Chambers
Recommendation algorithms create filter bubbles — users only encounter content reinforcing their existing beliefs (confirmation bias). This insulates communities from different views, deepens polarisation, and increases risk of sudden flashpoint violence. Example: WhatsApp forwards with manipulated videos have triggered mob violence in India (Bidar fake news lynching, 2018). The algorithmic amplification of outrage is a structural feature, not a bug.
Insurgent Mobilisation
Khalistani groups use social media to mobilise diaspora support, organise illegal referendums, and fund separatist activities from Canada, UK, and Australia. NE insurgent groups use encrypted channels to coordinate across borders with groups in Myanmar. ISI uses social media to recruit OGWs and sleeper cell members within India — virtual handlers directing real-world operatives.
Data Colonisation
Global social media corporations (Meta, Google, X) collect massive data from Indian users — stored and controlled outside India. This creates a "data colonisation" risk: the data could be manipulated against India's interests or handed to foreign governments under their domestic legal orders. Reason India pushed for data localisation provisions and why DPDPA 2023 matters for national security beyond just privacy.
🔍 Analytical Insight — The Media Paradox
Free media is essential for democracy — but irresponsible media is a force multiplier for terrorism and communal violence. India walks a fine line: too little regulation allows disinformation and operational security breaches; too much regulation undermines the free press that holds power accountable. The solution lies in self-regulation, industry codes, algorithmic transparency, and targeted legal intervention — not blanket censorship.
India's Counter-Strategy — Building Digital Resilience
Legal Framework · Institutional Architecture · Key Initiatives · International Cooperation
⚖️ Legal & Policy Framework
IT Act, 2000 (Amended)
India's primary cybercrime legislation. Criminalises identity theft, phishing, cyber terrorism, and unauthorised access. Provides legal basis for blocking websites threatening national security. Designates and protects Critical Information Infrastructure (Section 70). Amendments strengthened cybercrime penalties.
Digital Personal Data Protection Act, 2023 (DPDPA)
India's first comprehensive data protection law. Establishes rights of "data principals" (individuals) and obligations of "data fiduciaries" (organisations). Replaces the inadequate IT Act data protection provisions. Key for UPSC 2024 (10m PYQ). Creates Data Protection Board. Mandates data breach notification. National security implications: prevents data colonisation.
National Cyber Security Policy (NCSP), 2013
India's first dedicated cybersecurity policy. Set goal of creating secure cyberspace and training 500,000 cybersecurity professionals. Now considered outdated — a new comprehensive NCSP 2.0 has been under development. Key gap: shortage of cybersecurity professionals remains the single biggest implementation challenge.
IT (Intermediary) Rules, 2021
Regulates social media intermediaries. Requirements: appoint Grievance Officers, identify first originator of harmful content (traceability), remove flagged content within 36 hours for significant social media intermediaries. Creates accountability for platforms like Twitter/X, Meta, WhatsApp. Contested on free speech grounds.
🏛️ Institutional Architecture
Core Cyber Institutions
CERT-In
Indian Computer Emergency Response Team — National nodal agency for cybersecurity incident response, issuing advisories, and coordinating national cyber defence. Conducted Bharat NCX 2024 — India's largest cyber drill simulating 2,000 attacks on banking and power grids; trained 150 agencies.
NCIIPC
National Critical Information Infrastructure Protection Centre — Mandated to protect CII from cyber threats. Manages sectors: energy, banking, healthcare, transport, telecom, defence. Under NTRO.
I4C
Indian Cyber Crime Coordination Centre — Under MHA. Platform for citizens to report cybercrimes (cybercrime.gov.in). Coordinates law enforcement response. Runs national cybercrime helpline 1930.
NCCC
National Cybersecurity Coordination Centre — Cyber intelligence agency. Screens communication metadata to detect real-time cyber threats. Coordinates with law enforcement.
NCSC
National Cybersecurity Coordinator — Under NSCS (National Security Council Secretariat). Leads whole-of-government approach. Advises PMO on cyber threats. Lt. Gen. M U Nair assumed role in 2023.
✅ Key Initiatives
Cyber Swachhta Kendra: Free malware/botnet detection tools for citizens — digital hygiene at scale
NATGRID: National Intelligence Grid integrating 21 databases for real-time security data access
CyberDome (Kerala): PPP model linking police, ethical hackers, and academia — UPSC 2019 PYQ
PIB Fact Check: Government unit to counter disinformation on social media in real time
Bharat NCX 2024: India's largest cyber exercise — 2,000 simulated attacks, 150 agencies trained
NATGRID: National Intelligence Grid integrating 21 databases for real-time security data access
CyberDome (Kerala): PPP model linking police, ethical hackers, and academia — UPSC 2019 PYQ
PIB Fact Check: Government unit to counter disinformation on social media in real time
Bharat NCX 2024: India's largest cyber exercise — 2,000 simulated attacks, 150 agencies trained
🌐 International Cooperation
UN Cybercrime Convention (2024): India supported and helped shape — 193 member states. Opens for signature 2025. India rejected the Budapest Convention over sovereignty/data access concerns
Bilateral: Cyber cooperation agreements with USA, UK, Singapore, France, Israel
QUAD Cyber Group: Coordinated cyber threat intelligence sharing
SCO-RATS: Counter-terrorism cyber coordination
Bilateral: Cyber cooperation agreements with USA, UK, Singapore, France, Israel
QUAD Cyber Group: Coordinated cyber threat intelligence sharing
SCO-RATS: Counter-terrorism cyber coordination
📺 Government Response to Media Threats
📋 Regulatory Bodies
Press Council of India (PCI): Self-regulatory body for print media — limited statutory powers. Needs strengthening. News Broadcasting & Digital Standards Authority (NBDSA): Self-regulatory for broadcast. Critiqued for ineffectiveness. Argument: grant PCI statutory powers for real accountability without endangering press freedom.
🚫 Platform Regulation
IT Rules 2021: Significant Social Media Intermediaries (>5M users) must appoint grievance officers, compliance officers, and nodal officers in India. Traceability clause: identify first originator of harmful messages. Content takedown within 36 hours. During Op Sindoor: India asked X to block 8,000+ Pakistan-linked disinformation accounts.
🔍 Counter-Disinformation
PIB Fact Check: Official government unit exposing fake news. Public awareness campaigns: "Verify before you share" initiatives. SOCMINT (Social Media Intelligence): Police monitoring for early warning of communal tensions. WhatsApp message forwarding limit (5 messages max) after mob lynching incidents reduced viral spread of fake news.
📌 Way Forward — What UPSC Expects
India's cyber strategy must move from reactive to proactive. Key priorities: (1) New comprehensive NCSP 2.0 — NCSP 2013 is outdated, (2) Dedicated Cyber Command under Integrated Theatre Commands, (3) Post-Quantum Cryptography (PQC) adoption, (4) Regulation of AI-generated deepfakes, (5) Crypto regulation framework for terror financing, (6) National Data Localisation framework under DPDPA, (7) Industry-government partnership (DSCI model) for threat intelligence sharing, (8) Scale up cybersecurity professionals — NCSP 2013 target of 500,000 remains unmet.
UPSC Mains PYQs & Probable Questions 2026
Asked Every Year Since 2013 · Complete PYQ List · 4 Probable Qs with Frameworks
📌 Complete PYQ List — Cyber Security & Media (2013–2024)
GS Paper 3 — All Relevant PYQsAsked Every Year
2024 ⭐⭐
10 Marks Describe the context and salient features of the Digital Personal Data Protection Act, 2023.
2022 ⭐⭐
15 Marks What are the different elements of cyber security? Keeping in view the challenges in cyber security, examine the extent to which India has successfully developed a comprehensive National Cyber Security Strategy.
2021 ⭐⭐
10 Marks Keeping in view India's internal security, analyse the impact of cross-border cyber attacks. Also discuss defensive measures against these sophisticated attacks.
2020 ⭐
10 Marks Discuss different types of cyber crimes and measures required to be taken to fight the menace.
2019 ⭐
10 Marks What is the CyberDome Project? Explain how it can be useful in controlling internet crimes in India.
2018 ⭐
10 Marks Data security has assumed significant importance in the digitized world due to rising cyber crimes. The Justice B.N. Srikrishna Committee Report addresses issues related to data security. What are the strengths and weaknesses of the Report relating to the protection of personal data in cyberspace?
2017 ⭐
10 Marks Discuss the potential threats of Cyber attack and the security framework to prevent it.
2015 ⭐
10 Marks India needs a "Digital Armed Force" to prevent crimes. Critically evaluate the National Cyber Security Policy, 2013 outlining the challenges perceived in its effective implementation.
2015 ⭐
10 Marks Religious indoctrination via digital media has resulted in Indian youth joining ISIS. What is ISIS and its mission? How can ISIS be dangerous for internal security?
2013 ⭐
12.5 Marks Cyber warfare is considered by some defense analysts to be a larger threat than even Al Qaeda or terrorism. What do you understand about Cyber warfare? Outline cyber threats which India is vulnerable to and the state of the country's preparedness.
2013 ⭐
10 Marks What are social networking sites and what security implications do these sites present?
🎯 Probable Questions — UPSC Mains 2026
🎯 Probable Q1 — Op Sindoor Cyber Dimension (250W, 15M) ⭐⭐ Highest Probability
Operation Sindoor (2025) demonstrated that modern warfare has a fully integrated cyber dimension. Analyse the cyber threats faced by India during and after Operation Sindoor and evaluate the adequacy of India's cyber defence architecture.
Intro: "Cyberspace is the fifth domain of warfare" — CDS Rawat. Op Sindoor (May 2025) proved this: 1.5M cyberattacks on Indian infrastructure alongside kinetic drone and missile exchanges — making it the first fully integrated India-Pakistan hybrid war.
Cyber Attacks During Op Sindoor:
• Pre-Op (April 17): APT36 reconnaissance on government mail servers and defence infrastructure
• Hacktivist wave (April 23-26): Low-level defacements, DDoS probes escalating to 7 attacks/hour on May 7
• Scale: 1.5M attacks; 150 successful breaches; targets: Income Tax, HAL, Railways, BSNL, Power Grid (200K attacks), President's website (19-hour DDoS), GPS spoofing
• Attribution obfuscation: Groups from Bangladesh, Indonesia, Morocco masking Pakistani involvement
• Disinformation war: Pakistan-linked accounts ran false narratives (Pahalgam as false flag, fake Indian military losses) — India's PIB Fact Check and X account blocks as counter
India's Cyber Architecture — Assessment:
✅ Institutional: CERT-In, NCIIPC, I4C, NCCC, NCSC — comprehensive in structure
✅ Bharat NCX 2024 cyber drill — 2,000 simulated attacks, 150 agencies trained
✅ NATGRID, MAC for intelligence coordination
❌ No dedicated Cyber Command — currently split across agencies
❌ No formal Cyber Warfare Doctrine — reactive, not proactive
❌ NCSP 2013 outdated — NCSP 2.0 under development but not yet released
❌ Strategic communication gap — disinformation often left to individual fact-checkers
❌ OT (Operational Technology) of power grid — poorly secured as 2020 Maharashtra attack showed
Way Forward: Dedicated Cyber Command under Integrated Theatre Commands; formal National Cyber Warfare Doctrine; NCSP 2.0; Post-Quantum Cryptography adoption; AI/ML for real-time threat monitoring; Counter-disinformation rapid response force
Conclusion: Op Sindoor proved that cyber resilience is now as important to national security as border security. India's architecture is structurally sound but operationally fragmented — the imperative is integration and offensive capability, not just defence.
Cyber Attacks During Op Sindoor:
• Pre-Op (April 17): APT36 reconnaissance on government mail servers and defence infrastructure
• Hacktivist wave (April 23-26): Low-level defacements, DDoS probes escalating to 7 attacks/hour on May 7
• Scale: 1.5M attacks; 150 successful breaches; targets: Income Tax, HAL, Railways, BSNL, Power Grid (200K attacks), President's website (19-hour DDoS), GPS spoofing
• Attribution obfuscation: Groups from Bangladesh, Indonesia, Morocco masking Pakistani involvement
• Disinformation war: Pakistan-linked accounts ran false narratives (Pahalgam as false flag, fake Indian military losses) — India's PIB Fact Check and X account blocks as counter
India's Cyber Architecture — Assessment:
✅ Institutional: CERT-In, NCIIPC, I4C, NCCC, NCSC — comprehensive in structure
✅ Bharat NCX 2024 cyber drill — 2,000 simulated attacks, 150 agencies trained
✅ NATGRID, MAC for intelligence coordination
❌ No dedicated Cyber Command — currently split across agencies
❌ No formal Cyber Warfare Doctrine — reactive, not proactive
❌ NCSP 2013 outdated — NCSP 2.0 under development but not yet released
❌ Strategic communication gap — disinformation often left to individual fact-checkers
❌ OT (Operational Technology) of power grid — poorly secured as 2020 Maharashtra attack showed
Way Forward: Dedicated Cyber Command under Integrated Theatre Commands; formal National Cyber Warfare Doctrine; NCSP 2.0; Post-Quantum Cryptography adoption; AI/ML for real-time threat monitoring; Counter-disinformation rapid response force
Conclusion: Op Sindoor proved that cyber resilience is now as important to national security as border security. India's architecture is structurally sound but operationally fragmented — the imperative is integration and offensive capability, not just defence.
🎯 Probable Q2 — NCSP & Cyber Strategy Evaluation (150W, 10M) ⭐⭐ High Probability
"India has a robust institutional architecture for cybersecurity but lacks a comprehensive and current National Cyber Security Strategy." Critically examine India's cybersecurity framework highlighting gaps and the way forward.
Intro: India is the world's second-largest internet user base — 820M+ users — and one of the most heavily targeted nations. 2,011 cyberattacks/week on Indian organisations (2025). The architecture exists but the strategy is dated.
India's Strengths:
Legal: IT Act 2000, DPDPA 2023, IT Rules 2021, UAPA (cyber terrorism)
Institutional: CERT-In, NCIIPC, I4C, NCCC, NCSC — comprehensive coverage of all threat layers
Initiatives: Cyber Swachhta Kendra, Bharat NCX, CyberDome (Kerala PPP), NATGRID
International: UN Cybercrime Convention (advocated by India, adopted 2024), bilateral cooperation with USA/UK/Israel
Critical Gaps:
• NCSP 2013 is outdated — doesn't address AI, deepfakes, 5G, cloud, quantum threats
• Shortage of cybersecurity professionals — NCSP 2013 target of 500,000 unmet
• No dedicated Cyber Command — fragmented across CERT-In, NCIIPC, NCSC, military cyber wings
• Encryption-privacy balance unresolved — "going dark" problem vs civil liberties
• OT (Operational Technology) security weak — SCADA systems controlling power grids, water supply are poorly protected
• No deepfake-specific legislation
• Crypto regulation framework absent — terror financing gap
Way Forward:
• NCSP 2.0 — address AI/ML, quantum, 5G, cloud, OT security
• Dedicated Cyber Command under Integrated Theatre Commands
• Post-Quantum Cryptography standards adoption
• AI/ML for real-time threat response
• Zero Trust Architecture for government networks
• National Cybersecurity Talent Pipeline — academic partnerships
Conclusion: India's cyber architecture is a house with strong walls but an old roof. The legal and institutional foundations are sound; the strategic and technological superstructure needs urgent renovation for 21st-century threats.
India's Strengths:
Legal: IT Act 2000, DPDPA 2023, IT Rules 2021, UAPA (cyber terrorism)
Institutional: CERT-In, NCIIPC, I4C, NCCC, NCSC — comprehensive coverage of all threat layers
Initiatives: Cyber Swachhta Kendra, Bharat NCX, CyberDome (Kerala PPP), NATGRID
International: UN Cybercrime Convention (advocated by India, adopted 2024), bilateral cooperation with USA/UK/Israel
Critical Gaps:
• NCSP 2013 is outdated — doesn't address AI, deepfakes, 5G, cloud, quantum threats
• Shortage of cybersecurity professionals — NCSP 2013 target of 500,000 unmet
• No dedicated Cyber Command — fragmented across CERT-In, NCIIPC, NCSC, military cyber wings
• Encryption-privacy balance unresolved — "going dark" problem vs civil liberties
• OT (Operational Technology) security weak — SCADA systems controlling power grids, water supply are poorly protected
• No deepfake-specific legislation
• Crypto regulation framework absent — terror financing gap
Way Forward:
• NCSP 2.0 — address AI/ML, quantum, 5G, cloud, OT security
• Dedicated Cyber Command under Integrated Theatre Commands
• Post-Quantum Cryptography standards adoption
• AI/ML for real-time threat response
• Zero Trust Architecture for government networks
• National Cybersecurity Talent Pipeline — academic partnerships
Conclusion: India's cyber architecture is a house with strong walls but an old roof. The legal and institutional foundations are sound; the strategic and technological superstructure needs urgent renovation for 21st-century threats.
🎯 Probable Q3 — DPDPA 2023 (150W, 10M) ⭐⭐ (Based on 2024 PYQ Pattern)
The Digital Personal Data Protection Act (DPDPA), 2023 is a landmark legislation for India's digital governance. Describe its salient features and assess its significance for India's internal security.
Context: India's first comprehensive data protection law — replacing inadequate IT Act 2000 provisions. Enacted after years of debate following Justice K.S. Puttaswamy judgment (2017) declaring privacy a fundamental right.
Salient Features:
• Data Principals: Individuals whose data is processed. Rights: access, correction, erasure, and nominating a representative
• Data Fiduciaries: Organisations that determine purpose/means of processing. Obligations: purpose limitation, data minimisation, security safeguards, breach notification
• Significant Data Fiduciaries: High-risk organisations with additional obligations
• Data Protection Board: Adjudicates complaints and imposes penalties (up to ₹250 crore per violation)
• Consent Framework: Explicit, informed, and revocable consent required
• Children's Data: Parental consent mandatory; no tracking/targeted advertising for minors
• Cross-border Transfer: Allowed to "trusted" countries (notified by GoI) — data localisation possible via notification
Internal Security Significance:
• Prevents data colonisation: Foreign apps/platforms cannot indefinitely harvest Indian user data for foreign intelligence services
• Reduces attack surface: Data minimisation means less data available to be stolen in breaches
• Counter-terror financing: Better data governance helps FIU-IND track suspicious financial patterns
• National sovereignty: Data localisation potential gives India leverage over cross-border data flows
Gaps/Concerns: Government exemptions for national security purposes are broad — potential for surveillance without oversight. Independent oversight mechanism for government data processing is weak.
Conclusion: DPDPA 2023 is India's most important digital governance legislation since IT Act 2000. For internal security, its greatest contribution is establishing data sovereignty — protecting Indian citizens' data from being weaponised against India's interests.
Salient Features:
• Data Principals: Individuals whose data is processed. Rights: access, correction, erasure, and nominating a representative
• Data Fiduciaries: Organisations that determine purpose/means of processing. Obligations: purpose limitation, data minimisation, security safeguards, breach notification
• Significant Data Fiduciaries: High-risk organisations with additional obligations
• Data Protection Board: Adjudicates complaints and imposes penalties (up to ₹250 crore per violation)
• Consent Framework: Explicit, informed, and revocable consent required
• Children's Data: Parental consent mandatory; no tracking/targeted advertising for minors
• Cross-border Transfer: Allowed to "trusted" countries (notified by GoI) — data localisation possible via notification
Internal Security Significance:
• Prevents data colonisation: Foreign apps/platforms cannot indefinitely harvest Indian user data for foreign intelligence services
• Reduces attack surface: Data minimisation means less data available to be stolen in breaches
• Counter-terror financing: Better data governance helps FIU-IND track suspicious financial patterns
• National sovereignty: Data localisation potential gives India leverage over cross-border data flows
Gaps/Concerns: Government exemptions for national security purposes are broad — potential for surveillance without oversight. Independent oversight mechanism for government data processing is weak.
Conclusion: DPDPA 2023 is India's most important digital governance legislation since IT Act 2000. For internal security, its greatest contribution is establishing data sovereignty — protecting Indian citizens' data from being weaponised against India's interests.
🎯 Probable Q4 — Social Media & Internal Security (150W, 10M) ⭐⭐ High Probability
Social media has become both a tool for democratic participation and a vector for threats to internal security. Examine the dual nature of social media with specific reference to radicalisation, disinformation, and communal violence in India.
Intro: India has 800M+ social media users. The same platform that enables citizen journalism and democratic accountability also radicalises lone wolves, spreads disinformation during communal crises, and serves as Pakistan's primary tool for psychological warfare against India.
Three Key Threat Dimensions:
1. Radicalisation (90% of cases involve social media):
• ISIS, Al-Qaeda use Telegram, encrypted WhatsApp for ideology and recruitment
• Filter bubbles/echo chambers accelerate radicalisation via confirmation bias
• Lone wolves: Coimbatore (2022), Bengaluru Café (2024) — entirely online radicalisation
• Khalistani groups: Canada-based diaspora radicalisation via YouTube, Telegram
2. Disinformation (Weaponised by State Actors):
• Op Sindoor (2025): Pakistan-linked accounts ran coordinated false narratives — "Pahalgam false flag," fabricated Indian military losses
• Pre-election: Deepfake videos of political leaders to influence voting
• Communal trigger content: Deliberately engineered viral content during religious festivals
3. Communal Violence (Direct Trigger):
• WhatsApp fake news triggered lynching incidents (2018: Bidar, UP, multiple cases)
• Videos manipulated to misattribute violence to one community against another
• "Propaganda by the deed" — terrorist attacks require media amplification; social media provides instant global platform
Government Response:
IT Rules 2021 (traceability, takedown obligations), PIB Fact Check, platform account blocks (8,000+ during Op Sindoor), SOCMINT monitoring, WhatsApp forward limits
Gaps: Encryption creates "going dark" problem; cross-border servers; algorithms are "black boxes"; no deepfake legislation
Way Forward: Algorithmic transparency mandates; CVE national framework; platform liability for verified disinformation; AI-powered counter-disinformation; community-based digital literacy programs
Conclusion: Social media is simultaneously India's most powerful tool of democratic expression and its most exploited security vulnerability. The solution is precision governance — targeting harms without damaging freedoms.
Three Key Threat Dimensions:
1. Radicalisation (90% of cases involve social media):
• ISIS, Al-Qaeda use Telegram, encrypted WhatsApp for ideology and recruitment
• Filter bubbles/echo chambers accelerate radicalisation via confirmation bias
• Lone wolves: Coimbatore (2022), Bengaluru Café (2024) — entirely online radicalisation
• Khalistani groups: Canada-based diaspora radicalisation via YouTube, Telegram
2. Disinformation (Weaponised by State Actors):
• Op Sindoor (2025): Pakistan-linked accounts ran coordinated false narratives — "Pahalgam false flag," fabricated Indian military losses
• Pre-election: Deepfake videos of political leaders to influence voting
• Communal trigger content: Deliberately engineered viral content during religious festivals
3. Communal Violence (Direct Trigger):
• WhatsApp fake news triggered lynching incidents (2018: Bidar, UP, multiple cases)
• Videos manipulated to misattribute violence to one community against another
• "Propaganda by the deed" — terrorist attacks require media amplification; social media provides instant global platform
Government Response:
IT Rules 2021 (traceability, takedown obligations), PIB Fact Check, platform account blocks (8,000+ during Op Sindoor), SOCMINT monitoring, WhatsApp forward limits
Gaps: Encryption creates "going dark" problem; cross-border servers; algorithms are "black boxes"; no deepfake legislation
Way Forward: Algorithmic transparency mandates; CVE national framework; platform liability for verified disinformation; AI-powered counter-disinformation; community-based digital literacy programs
Conclusion: Social media is simultaneously India's most powerful tool of democratic expression and its most exploited security vulnerability. The solution is precision governance — targeting harms without damaging freedoms.
⚡ Quick Revision — Cyber Security & Communication Networks
⚔️ Three Threat Types — The Core Distinction
Formula
Cyber Warfare: State vs State; motive = political/military disruption (China → power grid; Pakistan APT36 → Op Sindoor) | Cybercrime: Criminal actors; motive = financial gain (AIIMS ransomware, BSNL breach, UPI fraud, LockBit) | Cyber Terrorism: Non-state ideological actors; motive = terror + political agenda (ISIS online recruitment; Op Sindoor disinformation) | Key: What separates cybercrime from terrorism = motivation, not method
🔴 Key Incidents — Must Know
Formula
AIIMS (2022): Ransomware, servers offline 30+ hrs, 40M records | Pegasus: Spyware on politicians/journalists | Maharashtra Power Grid (2020): Chinese APT, Mumbai outage | BSNL/Hathway (2024): 41M records leaked | WannaCry (2017): AP Police + JNPT Mumbai | Op Sindoor (2025): 1.5M attacks, APT36, DDoS (President's site 19hrs, Power Grid 200K attacks), GPS spoofing, disinformation war
🏛️ Institutional Architecture
Formula
CERT-In: National incident response + Bharat NCX 2024 (2,000 attacks, 150 agencies) | NCIIPC: Protects CII (banking, power, health) | I4C (MHA): Citizen cybercrime reporting + law enforcement coordination | NCCC: Cyber intelligence, metadata screening | NCSC: Advises PMO, whole-of-government coordination | Cyber Swachhta Kendra: Free citizen malware tools | CyberDome (Kerala): PPP model
⚖️ Legal Framework
Formula
IT Act 2000: Cybercrime, CII (S.70), website blocking | DPDPA 2023: Personal data rights, consent, Data Protection Board, ₹250 crore penalty | NCSP 2013: First cyber policy — outdated; NCSP 2.0 pending | IT Rules 2021: Social media intermediary obligations (traceability, 36-hr takedown) | Budapest Convention: India declined (sovereignty) → advocates UN Cybercrime Convention (adopted 2024)
🆕 Emerging Threats
Formula
5G: Massive IoT attack surface; Huawei/ZTE backdoor concerns | AI: Deepfakes for disinformation; AI-phishing at scale; dual-use | Quantum: Will break RSA encryption; "harvest now, decrypt later" threat; need PQC | Undersea cables: 25% traffic disrupted (Red Sea 2024) | Crypto-terror: Bitcoin/Monero evades FATF; India lacks crypto regulation | Social media: 90% radicalisation cases; echo chambers; filter bubbles; disinformation
🚨 5 Analytical Points That Score in Mains:
① CII Cascading Effect: Always explain why cyberattacks on CII are disproportionately dangerous — a single attack on a power grid can paralyse banking, transport, emergency services, and governance simultaneously. This "cascading effect" is the core reason CII deserves separate legal protection under IT Act Section 70.
② Op Sindoor as a Doctrine Moment: Op Sindoor 2025 proved cyberspace is now an integral warfare domain, not a supplement. 1.5M attacks, APT36 malware, GPS spoofing, and coordinated disinformation ran alongside missiles and drones. This makes India's need for a Cyber Command and formal Cyber Warfare Doctrine urgent — use this argument in any cyber architecture question.
③ Budapest vs UN Convention — India's Position: India declined Budapest (sovereignty, data access concerns) but successfully advocated for the UN Cybercrime Convention (adopted 2024, 193 states). This shows India as a norm-shaper in global cyber governance — not just a participant. Use in any question on India's multilateral cyber diplomacy.
④ DPDPA 2023 — Security Angle Beyond Privacy: DPDPA is usually discussed as a privacy law, but its internal security value is: preventing "data colonisation" (foreign intelligence services harvesting Indian user data), reducing breach damage (data minimisation), and enabling data localisation for strategic data. Always add this dimension — it will surprise the examiner.
⑤ Social Media Paradox: Social media enables democracy (citizen journalism, accountability) AND threatens security (radicalisation, disinformation, communal triggers). The answer is not censorship (which creates a different security threat — authoritarian control) but precision governance — algorithmic transparency, deepfake legislation, and platform accountability without suppressing legitimate speech.
① CII Cascading Effect: Always explain why cyberattacks on CII are disproportionately dangerous — a single attack on a power grid can paralyse banking, transport, emergency services, and governance simultaneously. This "cascading effect" is the core reason CII deserves separate legal protection under IT Act Section 70.
② Op Sindoor as a Doctrine Moment: Op Sindoor 2025 proved cyberspace is now an integral warfare domain, not a supplement. 1.5M attacks, APT36 malware, GPS spoofing, and coordinated disinformation ran alongside missiles and drones. This makes India's need for a Cyber Command and formal Cyber Warfare Doctrine urgent — use this argument in any cyber architecture question.
③ Budapest vs UN Convention — India's Position: India declined Budapest (sovereignty, data access concerns) but successfully advocated for the UN Cybercrime Convention (adopted 2024, 193 states). This shows India as a norm-shaper in global cyber governance — not just a participant. Use in any question on India's multilateral cyber diplomacy.
④ DPDPA 2023 — Security Angle Beyond Privacy: DPDPA is usually discussed as a privacy law, but its internal security value is: preventing "data colonisation" (foreign intelligence services harvesting Indian user data), reducing breach damage (data minimisation), and enabling data localisation for strategic data. Always add this dimension — it will surprise the examiner.
⑤ Social Media Paradox: Social media enables democracy (citizen journalism, accountability) AND threatens security (radicalisation, disinformation, communal triggers). The answer is not censorship (which creates a different security threat — authoritarian control) but precision governance — algorithmic transparency, deepfake legislation, and platform accountability without suppressing legitimate speech.
