Introduction
A robust cyber foundation allows a country to ensure the safety, accessibility, and equitability of its cyberspace for its citizens, the responsibility of which falls under its cybersecurity administration.[1] With 971 million internet subscribers, India’s digital landscape is growing rapidly. In 2022–23, India’s digital economy was valued at 11.74 percent of its national income, contributing $402 billion to the gross domestic product (GDP), and is projected to make up a fifth of the GDP by 2030. India also recorded the highest volume of digital payment transactions of 18.3 billion in March 2025. Advancements in AI have contributed to a significant rise in internet-connected smart devices and appliances in the last five years, further increasing India’s digital surface.
A driver of social and economic progress, Indians use cyberspace to exercise their fundamental rights and access public welfare services, placing onus on the government to protect it from attacks and ensure its access. India’s cyberspace is the second most targeted in the world, and is increasingly facing ransomware, phishing, and supply chain attacks, alongside data breaches and AI-powered attacks. Between 2019 and 2023, cyber attacks on the Indian government increased by 138 percent. The Reserve Bank of India reported that data breaches cost India $2.18 million in 2023, a 28 percent increase in three years.
In 2024, India secured Tier 1 status in the International Telecommunication Union (ITU) Global Cybersecurity Index. The Index termed legal, technical, capacity development, and cooperation measures as its areas of relative strength. It also noted India’s organizational measures as an area for potential growth, placing an onus on India’s cybersecurity administration to handle cyber threats around the clock due to its’s growing digital surface and evolving cyber threat matrices.
India’s cybersecurity administration comprises agencies and departments across ministries that work together to safeguard India’s cyberspace. These include the National Security Council Secretariat (NSCS) under the Prime Minister’s Office (PMO), the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA), the Defence Cyber Agency (DCyA) under the Ministry of Defence (MoD), and the Computer Emergency Response Team (CERT-IN) under the Ministry of Electronics and Information Technology (MeitY). The Ministry of External Affairs (MEA), through its Cyber Diplomacy Division (CDD), also facilitates international partnerships and navigates multilateral cyber engagements. With multiple actors involved, India’s cybersecurity administration structure lacked clarity over which agency would deal with which aspect of cybersecurity.
In September 2024, the Allocation of Business (AoB) Rules, 1961, was amended, clarifying India’s cybersecurity administration structure by assigning various cybersecurity responsibilities to each ministry and agency. The Department of Telecommunications (DoT) under the Ministry of Communications was assigned telecom network security matters, while “cybersecurity” and “cyber crime” were assigned to the MeitY and the MHA, respectively. The amendment also tasked the NSCS with providing “overall coordination and strategic direction for cybersecurity,” establishing it as the nodal agency.
This article will highlight the significance of this amendment and map and analyze India’s current cybersecurity administration structure.
The Significance of the Allocation of Business Rules Amendment
India’s cyber administration structure, as designated by the erstwhile AoB rules, has been criticized for a lack of clarity, leading to confusion in the administration. The erstwhile AoB Rules did not make cybersecurity the sole remit of any one ministry, and this, in the past, led to turf wars between the involved ministries. For example, there have been reports of the MHA pitching to stake claims to CERT-In, the country’s nodal cybersecurity agency that operates under MeitY.
At this juncture, the clear designation of cybersecurity duties under the amended AoB Rules is expected to improve coordination across agencies, allowing them to effectively handle cyber threats, thus strengthening India’s cyber foundation.
A clear cyber administration structure may also help vulnerable citizens identify the right authorities within the administration for cyber incident response and protection. The private sector, at the forefront of cybersecurity innovation, is also likely to better engage with the government. Considering that geopolitics and international relations extend to cyberspace, a streamlined administrative structure will also help strategic partners facilitate cyber cooperation.
So how is the current cybersecurity administration structured following the AoB rules amendment?
At the Top: The National Security Council Secretariat
At the apex level, the PMO comprises the NSCS, described as “India’s foremost institution for strategic policy analysis and coordination on matters of national security.” The NSCS’s role was to assist the national security adviser (NSA) on national security matters to the prime minister and the National Security Council.
In April 2015, the government appointed the first national cybersecurity coordinator within the NSCS, responsible for advising the prime minister on cybersecurity-related issues with the NSA and other ministries. The national cybersecurity coordinator works closely with the MEA on cyber partnerships and also organizes cybersecurity incident response and cyber defense exercises involving all government agencies, such as the Bharat National Cyber Security Exercise (NCX).
The September 2024 amendment further tasked the NSCS with providing overall coordination and strategic direction for cybersecurity. Notably, cybersecurity has been delineated as a separate item in the AoB list, among the NSCS’ other responsibilities. Under the AoB amendment, the national cybersecurity coordinator will now offer overall coordination and strategic direction to all relevant departments and ministries and will act as a nodal point of contact for cybersecurity issues. The national cybersecurity coordinator is also the secretary for the national cybersecurity secretariat, under the NSA. The secretariat was created following the AoB rules amendment in 2024 and comprises of secretaries of various ministries, fostering overall cyber security coordination among the government and different sectors.
Drafting national cybersecurity policies or strategies, like the National Cybersecurity Reference Framework, which was released in 2024, also falls under the purview of the national cybersecurity coordinator. For example, in order to update the National Cyber Security Policy of 2013, a task force was created in July 2019, headed by the NCSC with representatives from fourteen different agencies and ministries. It prepared and submitted a draft National Cyber Security Strategy, which is yet to be released.
Among the intelligence agencies housed within the PMO, the National Technical Research Organisation (NTRO), established in 2004, directly reports to the NSA. Modelled after the U.S. National Security Agency, the NTRO gathers intelligence, performs signal interception, and engages in cyber operations. The NTRO also secures digital networks to connect other Indian intelligence agencies and operates a database for these agencies to offer cyber intelligence. For example, in 2023, the NTRO tracked and informed eight government agencies on Raccoon Stealer, a malware that was used to target and steal sensitive data from computer systems. The NTRO is also part of a technical coordination group that examines proposals and requests from intelligence agencies on high-tech equipment. Reports, however, indicate a lack of public articulation on NTRO’s cyber operations.
Protecting India’s Critical Infrastructure
Critical infrastructure consists of assets that are vital to a country’s society, economy, and national security. Critical information infrastructure (CII) can be defined as internet-connected systems used in critical infrastructures. The IT Act, 2008, defines CII as computer resources whose destruction or incapacitation could have a debilitating impact on national security, economy, public health, or safety.
In India, the NTRO houses and directs the National Critical Information Infrastructure Protection Centre (NCIIPC), the nodal agency for protecting CII. The NCIIPC broadly defines sectors under CII as banking, finance and insurance, power, energy, telecom, health, transport, and strategic and public enterprises. Further computer systems and networks of the government are also regarded as protected systems.
The NCIIPC assumes national importance considering the growing instances of cyber-attacks on critical services, such as the ransomware attacks on All India Institute of Medical Sciences (AIIMS) in 2022 and 2023. While the AoB rules do not specifically list the functions of the NCIIPC, Section 70A of the Information Technology (IT) Act, 2008, holds the NCIIPC responsible for CII protection, including R&D.
Importantly, the NCIIPC also offers near real-time threat intelligence and situational awareness through its analytic center and issues alerts and advisories. For example, it’s February 2025 advisory addressed the cyber vulnerabilities in health equipment such as a USB-C blood glucose monitoring system.
The NCIIPC also sets rules and guidelines for procurement, best practices, and standards for CIIs. For example, it coordinated with the NSCS on the National Cybersecurity Reference Framework that suggested critical sectors like banking, telecom, and energy to only use Indian products and services. Further, the NTRO releases a bimonthly NCIIPC “Common Vulnerabilities and Exposures (CVE) Report” that highlights weaknesses in the cyber products used by CIIs and offers patches to address them. Finally, the NCIIPC also conducts periodic training and capacity programs for information security personnel of the government, PSUs, and private sector organizations. For example, the NCIIPC in April 2024 organized the Critical Information Infrastructure Security Exercise for chief information security officers, chief technology officers, and chief risk officer of all CII entities to boost their cyber defense skills.
Beyond the NCIIPC, regulators of the protected sectors also play a vital role by issuing guidelines and regulations. For example, the Reserve Bank of India has issued a cybersecurity framework for banking. The Central Electricity Authority also recently issued a draft regulation for the power sector.
Securing India’s Cyberspace
While the NCIIPC focuses specifically on CII, the AoB Rules amendment assigned MeitY the responsibility for all matters pertaining to cybersecurity, along with lending support to other agencies.
Among other things, MeitY focuses on promoting cybersecurity initiatives and practices within the country. It conducts programs to raise awareness and develop capacities in cybersecurity, like the Cyber Surakshit Bharat initiative for CISOs and IT officials in government departments. It runs the Information Security Education and Awareness project aimed at developing human resources for cybersecurity and creating public awareness of cyber hygiene. It introduces new regulations and orders for cybersecurity, like the October 2024 update to the Comprehensive Regulatory Order for CCTV cameras sold in India to comply with strict security standards. To increase private sector participation, MeitY hosts the Cyber Security Grand Challenge that offers grants to innovators and startups to develop cybersecurity solutions.
CERT-In, under MeitY, serves as the national agency for computer security incident response. It collects, analyzes, and distributes information on cybersecurity incidents, performs forecasts, and issues alerts, directions, guidelines, and practices on how to respond to these incidents. Established in 2004, pursuant to Section 70B of the IT Act, 2000, CERT-In works with ministries, departments, state governments, PSUs, academic institutions, and citizens on cyber incident responses. The National Cyber Coordination Centre, led by the director general of CERT-In, coordinates between government agencies and provides cyber intelligence and alerts. For example, in April 2022, it issued a direction under Section 70B of the IT Act for mandatory reporting of cyber incidents to CERT-In within six hours of the incident being detected.
CERT-In also issues advisories to inform the public on cyber vulnerabilities and best practices, and partners with internet service providers (ISPs), regulators, and law enforcement agencies to track and take down fraudulent and phishing webpages. It also operates the Cyber Swachhta Kendra (CSK), a botnet cleaning and malware analysis center that works with ISPs and product companies to detect threats and offer free tools to remove them. CERT-In empanels security auditing organizations that perform periodic cyber audits of government websites and applications to prevent vulnerabilities and ensure compliance with best practices.
Another important function of CERT-In is to maintain a database of cybersecurity incidents around the country. In 2022 and 2023, CERT-In recorded 1.3 and 1.5 million cybersecurity incidents, respectively, and formulated a Cyber Crisis Management Plan to counter cyber attacks and cyber terrorism. It also offers support, leadership, and resources to cybersecurity incident response teams (CSIRT) at the state and sectoral level, like CSIRT-power and CSIRT-fin. For government infrastructure, websites, and portals, the National Informatics Centre (NIC) under MeitY, through NIC-CERT manages cybersecurity incidents and responses, and offers threat intelligence, alerts, tips, and advisories. Further, the Network Security Division of the NIC assesses, deploys, and manages the security of the government’s cyber infrastructure by performing audits of the NIC’s information infrastructure, including the government’s data centers.
Deterring Cyber Crime
The National Cybercrime Reporting Portal defines cyber crime as any unlawful act that involves the use of a computer, communication device, or computer network. The AoB rules amendment assigned the Department of Internal Security under the Ministry of Home Affairs (MHA) to deal with matters relating to cyber crime.
“Police” and “public order” are subjects under the seventh schedule of the Indian Constitution, making it the duty of the state government to handle crimes, including cyber crimes. However, cyberspace extends beyond state jurisdictions and may involve people of other nationalities or foreign jurisdictions, requiring coordination across law enforcement agencies.
The Indian Cybercrime Coordination Centre (I4C) was formed under the MHA to improve coordination between different law enforcement agencies across jurisdictions to deal with cyber crime. The I4C issues advisories to states and offers capacity-building programs for its police officers. For example, in October 2024, the I4C issued an advisory for states to recruit a special wing of cyber commandos within their police force to liaise with the I4C and stay abreast on cyber crime prevention and mitigation skills. Regional Cybercrime Coordination Centres (R4Cs) have also been planned or established across states with similar functions.
The I4C has different verticals under its wings. It operates the National Cybercrime Reporting Portal, which has been used over 140 million times since its inception in 2020, with more than 3.1 million complaints and 66,000 registered FIRs. It runs the National Cyber Forensic Laboratory that facilitates forensic analysis and investigation of cyber crime and tracks new technical developments used by criminals. It operates seven Joint Cybercrime Coordination Teams (JCCT) for interstate coordination and information sharing.
More notably, it also runs the Cyber Fraud Mitigation Centre that connects financial institutions, telecom companies, internet service providers, and law enforcement agencies. It also operates a separate system to deal with financial fraud, integrated with the National Payment Corporation of India and is looking to integrate more banks.
The I4C also recently unveiled a software called Pratibimb to help law enforcement agencies track active mobile numbers used in cyber crime using a geographic information system map, which has led to effective enforcement actions.
The I4C also blocks unscrupulous and fake SIM cards, International Mobile Equipment Identity (IMEI) numbers, websites, and mobile applications. It has blocked more than 295,000 SIM cards, 46,000 IMEI numbers, 2,800 websites, and 595 mobile applications. In January 2025, I4C ordered the removal of several applications citing violations of the IT Act and the Bhartiya Nyaya Sanhita after they failed to share user information related to hoax threats.
While I4C and CERT-In have many overlapping functions, the former focuses primarily on cyber crimes and on improving coordination between various Local Enforcement Agencies and jurisdictions. CERT-In, on the other hand, works across ministries and agencies, including I4C, to monitor system vulnerabilities, threats, and issue alerts on malware and botnets. CERT-In also does not have enforcement or investigative functions, unlike the MHA, which, through I4C, gathers evidence and supports investigations. Notably, the I4C is empowered under Section 66 of the Prevention of Money Laundering Act to support the Enforcement Directorate in investigating financial cyber crimes, including frauds in banking, online gaming, and betting companies.
Securing Telecommunication
Telecommunication networks are increasingly being subjected to cyber attacks and adversarial operations, as witnessed in the Salt Typhoon cyberespionage operation on U.S.-based telecom operators AT&T and Verizon. Such attacks have prompted countries to monitor their telecom supply chain and procure products only from trusted vendors. India’s telecom infrastructure has also been subjected to cyber attacks. The union government recently confirmed a data breach due to a cyber attack against Bharat Sanchar Nigam Limited (BSNL) in May 2024.
Considering these security threats, the AoB rules amendment assigned the Department of Telecommunications (DoT), under the Ministry of Telecommunications, matters relating to the security of telecom networks. In November 2024, the DoT drafted and notified the Telecom Cyber Security Rules. As per Section 22(1) and (2) of the Indian Telecommunications Act, 2023, the rules mandate telecom service providers to incorporate practices and comply with procedures to prevent/mitigate cyber threats. These include notifying cyber breaches within six hours of the incident, sharing the extent of a cyber-attack within twenty-four hours of the incident, sharing user traffic data for cybersecurity purposes when sought by the DoT, establishing necessary infrastructure for the collection and processing of data, and appointment of chief telecom security officers. The Telecom Cyber Security Rules thus makes the telecom service providers (TSPs) along with the DoT important stakeholders for cyber security and cyber incident response in telecom sector.
Through its Telecommunication Engineering Centre (TEC), the DoT also oversees the implementation of Mandatory Testing and Certification of Telecom Equipment (MTCTE) that mandates the testing and certification of telecom equipment before its sale, import, or use in India, to facilitate its quality and cybersecurity. This is done by TEC accredited laboratories and cover a vast range of telecom equipment. Further, the DoT’s Telecom Security Operation Centre (TSOC) detects cyber threats on Indian telecommunication networks, issuing alerts for mitigation. The DoT’s Digital Intelligence Platform shares information on misuse of telecom resources with stakeholders for the prevention of cyber crime and financial fraud. The DoT’s Telecom-CSIRT coordinates with CERT-In and other sectoral CSIRTs to respond to cyber incidents in the Indian telecom network.
The DoT also works with the NSCS and plays an overarching strategic role in ensuring telecom security. For example, on December 16, 2020, a cabinet committee on security approved the National Security Directive on Telecommunication Sector (NSDTS), to secure India’s telecom supply chain, by identifying trusted sources and products for integration into India’s telecom infrastructure. The NSCS also launched the Trusted Telecom Portal for the implementation of the NSDTS to assess vendors and components sourced by TSPs.
The national cybersecurity coordinator is the designated authority to decide on the inclusion of a vendor or a component as a trusted source or product. This decision is approved by the National Security Committee on telecom, headed by the deputy NSA, comprising personnel from relevant ministries, industry, and experts. Pursuant to the NSDTS, the DoT amended its telecom licenses, directing all licenses to connect only to trusted products, as a measure to enhance telecom network security.
Navigating Cyber Diplomacy
While the amended AoB rules don’t specify the role of cyber diplomacy, in India, the Cyber Diplomacy Division (CDD), established in 2017 under the MEA, deals with bilateral and multilateral cyber engagements. Headed by a joint secretary, the CDD complements the Disarmament and International Security Affairs division under MEA by engaging at the UN Open Ended Working Group (OEWG) on security of and in the use of information and communication technologies (2021–25). The OEWG strives for a secure and stable cyberspace through dialogue, norm-building, and confidence- and capacity-building. The CDD leads India’s regional and multilateral cyber cooperation, such as at the G20, the UN Global Digital Compact, and the Shanghai Cooperation Organization (SCO). It leads bilateral cyber relations and dialogues with strategic partners like the India–EU Cyber Dialogue in March 2025. Notably, the CDD also coordinates and consults with the NCSC, MHA, MeitY, CERT-In, the Defense Research and Development Organization (DRDO), DoT, and NCIIPC to receive periodic updates on cyber incidents and innovations/developments. In addition to the CDD, the NSCS also has strategic bilateral cyber security dialogues with the United States, the United Kingdom, France, and Russia, among others, and also engages in cyber meetings of the SCO, the Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC), the Quad, and other minilaterals.
The New and Emerging Strategic Technologies (NEST) Division, established in 2020 to assess the geopolitical implications of emerging and strategic technologies, functions as a nodal point to coordinate India’s positions on these technologies at various multilateral, normative, and standardization platforms. With rising implications of emerging technologies like AI and quantum on cybersecurity, NEST’s role in informing the government on the geopolitical effects of these emerging technologies on cybersecurity will become more crucial.
Finally, CERT-In also engages internationally through India’s cyber dialogues to improve cyber situational awareness and response. For example, in November 2024, it participated in the Third Cyber Policy Dialogue between India and the Netherlands that focused on expanding collaboration with the Dutch Z-CERT. It also has memorandums of understanding with Bangladesh, Brazil, Egypt, Estonia, Japan, Russia, the United Kingdom, Uzbekistan, and Vietnam.
CERT-In is also a member of regional and international forums like the Asia Pacific Computer Emergency Response Teams and Forum of Incident Response and Security Teams (FIRST). It is also an accredited member of the Task Force for Computer Security Incident Response Teams (TF-CSIRT) and Trusted Introducer. While the task force promotes collaboration between CSIRTs in Europe and neighboring regions and liaises with other global and regional organizations, Trusted Introducer is a clearinghouse for all security and incident response teams.
Strengthening Cyber Defense
The amended AoB rules also do not mention the role of the Indian Armed Forces or the Ministry of Defence in cybersecurity. Cyberspace has emerged as one of the theaters of warfare in the last thirty years, prompting India to extend cybersecurity to its defense establishment, considering its vulnerability to adversarial attacks. The 2023–24 Department of Personnel Training (DoPT) annual report noted that a crucial defense unit was attacked by ransomware, indicating the pertinence of securing India’s defense infrastructure and enhancing its cyber defense.
The Defence Cyber Agency (DyCA), established by the MoD in 2019 and operational since 2021, is an integrated tri-services agency of the Indian Armed Forces that ensures the cybersecurity of defense infrastructure. It coordinates and controls joint cyber operations of the armed forces and is expected to implement the “Joint Doctrine for Cyberspace Operations,” released in 2024 by the Chief of Defence Staff. The doctrine offers conceptual guidance to commanders and personnel of all armed services in planning and conducting cyber operations.
In terms of cyber incident response, all three services have established their respective CERTs that work with the DCyA to coordinate response and mitigation efforts.
The DCyA is also tasked with enhancing India’s cyber operational capabilities, including hacking, surveillance, and breaking encrypted systems, and is expected to play an important role in strengthening India’s cyber deterrence, making it costlier for adversaries to attack India’s cyberspace.
Additionally, the MoD releases periodic cybersecurity advisories to its department to ensure the cyber hygiene of armed personnel and staff. Further, to leverage private sector innovation, the MoD, under iDEX, has released grant challenges to build cybersecurity and quantum cryptography products for defense procurement. Further, the DRDO is responsible for ensuring cybersecurity compliance across all MoD offices, defense PSUs, and DRDO labs.
Where Does the Current Cybersecurity Administration Stand?
Emergence of the Hub and Spoke Model
The Parliamentary Standing Committee on Finance in 2023 reported the absence of a central authority to deal with cybersecurity within India’s administration, despite the NSCS’s role in coordination. The committee noted that the existing decentralized approach would disrupt a unified and proactive approach to dealing with cyber threats and recommended that a “centralized overarching authority” be established for cybersecurity.
Currently, India does not have such an authority. However, pursuant to the AoB amendment, a “hub and spoke” model has emerged, with the NSCS—the hub—coordinating with ministries, departments, and agencies on their respective designated cybersecurity functions—the spokes. However, it is unclear if the NSCS will assume the role of the “centralized overarching authority” or if it will continue to coordinate between various agencies and ministries.
It is worth noting that over-centralization could potentially also disrupt the whole-of-nation approach required to protect a cyberspace as large as India’s. An approach that advocates for a unified but differentiated responsibility of government, businesses, and academia could be more effective.
Functional Overlaps Persist Despite the AoB Rules Amendment
Despite clarifications brought in by the AoB rules amendment, functional overlaps persist across ministries and agencies. For example, both MeitY and MoD operate public-private innovation schemes like the Cyber Security Grand Challenge and iDEX challenges with different procurement channels. The TSOC under the DoT, NCIIPC, and CERT-In generate situational awareness, detect, and protect critical infrastructure like power and telecom. Both the NTRO and DCyA engage in cyber operations, with no clear delineation of their roles. Finally, considering that cybersecurity and cyber crime are closely related, I4C and CERT-In, designated to tackle cyber crime and ensure cybersecurity, respectively, may have overlapping functions.
More Clarity Needed on Inter-Ministerial/Agency Coordination
The Parliamentary Standing Committee on Communications and Information Technology reported that effective coordination among different agencies was required to tackle cyber crime. It recommended the creation of a nodal coordination center comprising representatives from all the relevant agencies to address issues in a unified and coordinated manner.
Currently, agencies and departments operating at the national and state levels follow a decentralized approach, allowing each sector to be proactive about cybersecurity without waiting for directions from the top. This also allows for quick decisionmaking for a cyberspace as large as India’s and aligns with the quasi-federal structure.
Despite the AoB rules amendment, ambiguity persists on how agencies at the state and central levels will coordinate with each other. As noted, for example, it is still unclear how NCIIPC will work with other agencies like CERT-In, T-CSIRT, DoT, and MHA when a critical telecommunication infrastructure gets attacked.
While the national cybersecurity coordinator within the NSCS is tasked with coordinating strategic directions for these overlapping functions pursuant to the AoB rules amendment, a lack of an explicit framework to handle inter-ministerial/agency coordination may disrupt a unified approach.
Responding to Expanding Digital Landscape and Evolving Cyber Threat Matrix
Over the years, there have been calls to designate various critical and emerging technologies— such as satellites (including those of the private sector), undersea cables, and data centers—as critical information infrastructure, owing to their vitality. India’s expanding digital surface requires its cybersecurity administration to add new state capacities and resources for their protection, leading to the addition of new responsibilities.
As India’s digital transformation continues, an adaptive cyber administration will be paramount in dealing with the evolving landscape and complexity of cyber threats through advancements in AI and quantum computing and their cyber nexus. The designation of telecom security-related matters to the DoT under the amended AoB Rules reflects the government’s approach of adding newer responsibilities to ministries and departments for emerging cyber threats.
Conclusion
India’s current cybersecurity administration demonstrates an attempt to enforce a unified but differentiated responsibility that involves multiple stakeholders, including government agencies, the private sector, academia, and, most importantly, its citizens. While the AoB rules amendment suggests the country’s approach to centralize strategic decisionmaking and coordination, the designation of various ministries—the MHA for cyber crime, the MeitY for cybersecurity, and the DoT for telecommunications—indicates a whole-of-government approach. The emergence of a hub and spoke model can also be observed with the NSCS at the core and various ministries and agencies connecting at the middle.
However, functional overlaps still exist within the administration, and more clarity is needed on inter-ministerial and agency coordination. Emerging threats posed by AI and quantum may require a recalibration of the existing structure, including within new agencies and functions under existing ministries. For now, India appears to have adopted the age-old idiom: “If it works, don’t touch it.”
[1] Cybersecurity involves protection of cyber infrastructure, and cyber crime involves exploiting vulnerabilities in this infrastructure for malicious purposes.
