India’s offensive cyber capability is “Pakistan-focused” and “regionally effective”, and not tuned towards China, says a new report by International Institute for Strategic Studies (IISS), an influential think tank that has done a qualitative assessment of cyber power in 15 countries.
A country’s cyber capabilities have been assessed in seven categories: strategy and doctrine; governance, command and control; core cyber-intelligence capability; cyber empowerment and dependence; cyber security and resilience; global leadership in cyberspace affairs and offensive cyber capability.
The US is the only country in the first tier, for its world-leading strengths across “all” categories.
India has been put in the third tier meant for countries that have strengths or potential strengths in some of these categories but “significant weaknesses” in others. Also in this category are: Japan, Iran, Indonesia, Vietnam, Malaysia and North Korea.
In the second tier, with world-leading strengths in “some” categories are: Australia, Canada, China, France, Israel, Russia and the United Kingdom.
According to the report to be released Monday: “The military confrontation with China in the disputed Ladakh border area in June 2020, followed by a sharp increase in Chinese activity against Indian networks, has heightened Indian concerns about cyber security, not least in systems supplied by China.”
The report said that despite the geo-strategic instability of its region and a keen awareness of the cyber threat it faces, India has made only “modest progress” in developing its policy and doctrine for cyberspace security.
Greg Austin, who leads the IISS programme on Cyber, Space and Future Conflict and played a leading role in the preparation of the report, told The Indian Express Sunday: “India has some cyber-intelligence and offensive cyber capabilities but they are regionally focused, principally on Pakistan. It is currently aiming to compensate for its weaknesses by building new capability with the help of key international partners – including the US, the UK and France – and by looking to concerted international action to develop norms of restraint.”
The report said that India’s approach towards institutional reform of cyber governance has been “slow and incremental”, with key coordinating authorities for cyber security in the civil and military domains established only as late as 2018 and 2019 respectively.
These work closely with the main cyber-intelligence agency, the National Technical Research Organisation.
“India has a good regional cyber-intelligence reach but relies on partners, including the United States, for wider insight”, the report said.
It said that the strengths of the Indian digital economy include a vibrant start-up culture and a very large talent pool. “The private sector has moved more quickly than the government in promoting national cyber security.”
The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states, the report said.
“India is a third-tier cyber power whose best chance of progressing to the second tier is by harnessing its great digital-industrial potential and adopting a whole-of-society approach to improving its cyber security,” the report said.
The report also assessed China’s cyber power as clearly inferior to that of the US, and substantially below the combined cyber power of the US network of alliances.
The countries covered in this report are US, United Kingdom, Canada and Australia (four of the Five Eyes intelligence allies); France and Israel (the two most cyber-capable partners of the Five Eyes states); Japan (also an ally of the Five Eyes states, but less capable in the security dimensions of cyberspace, despite its formidable economic power); China, Russia, Iran and North Korea (the principal states posing a cyber threat to Western interests); and India, Indonesia, Malaysia and Vietnam (four countries at earlier stages in their cyber-power development). It is an ongoing study, which will cover a total of 40 countries, including Germany, Singapore, Nigeria among others.
Asked about the roadmap for India to move up, Austin said the key is “political will” and “how India organises its intelligence agencies.” He said that one of the “leapfrog opportunities” for governments to be more effective in cyberpower is “how they align themselves with other governments.”