When over 1.5 million cyberattack attempts were recorded against India's systems during Operation Sindoor in May 2025 — and attacks on government networks surged nearly sevenfold in the days that followed — the scale of the threat India faces in cyberspace became impossible to ignore. India is the second most targeted country in the world for cyberattacks. Between 2019 and 2023, attacks on Indian government systems increased by 138%. In 2024 alone, Indian citizens lost over ₹22,845 crore to cybercrime — a 206% increase from the previous year. The digital battlefield is not a future domain for India. It is a present one, contested daily by state actors, criminal groups, and hostile intelligence services operating from across its borders.

India's response has been systematic, increasingly sophisticated, and — following the operational lessons of Sindoor — is now accelerating. Building a credible cyber warfare capability is no longer a policy ambition. It is a strategic necessity for a country whose digital economy is already worth $402 billion and whose military, financial, and critical infrastructure systems are prime targets for adversarial disruption.

The Architecture India Has Built

India's cybersecurity administration is layered across multiple agencies, each with a distinct mandate. The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, serves as the national nodal agency for cybersecurity incidents across civilian infrastructure. The National Critical Information Infrastructure Protection Centre (NCIIPC), operating under the Prime Minister's Office, is responsible for securing India's most sensitive digital assets — power grids, telecom networks, financial systems, and defence networks. The Indian Cybercrime Coordination Centre (I4C), under the Ministry of Home Affairs, coordinates the national response to cybercrime at scale.

At the military level, the Defence Cyber Agency (DCyA) — established in 2019 and fully operational since 2021 — is the institutional backbone of India's military cyber capability. A tri-service agency of over 1,000 personnel operating from a command centre in Delhi and distributed locations, the DCyA integrates and coordinates the cyber, space, and special-forces capabilities of the three armed services. Its mandate, codified in the Joint Doctrine for Cyberspace Operations released in 2024 by the Chief of Defence Staff, treats cyber power as equal in strategic importance to land, sea, air, and space power — a doctrinal elevation that reflects the operational reality India experienced during Sindoor.

The Ministry of External Affairs' Cyber Diplomacy Division adds a fifth dimension — managing India's international cyber engagements, bilateral cybersecurity partnerships, and India's positioning in multilateral forums like the UN's cybercrime convention negotiations and the ITU's Global Cybersecurity Index, where India achieved Tier 1 status in 2024.

Operation Sindoor — The Cyber Dimension

Operation Sindoor was not just India's most significant kinetic cross-border operation in decades. It was also India's most intense cyber conflict to date. As Indian forces struck terror infrastructure in Pakistan and PoK in May 2025, Pakistani state-linked actors and affiliated hacktivist groups unleashed a coordinated campaign against Indian digital infrastructure — targeting government portals, financial systems, power grid control networks, and military communication nodes.

The 1.5 million recorded attack attempts in the days around Sindoor were a stress test of India's cyber defences at an intensity never previously experienced. CERT-In, the NCIIPC, and the DCyA coordinated a response that — by all accounts — successfully protected India's critical infrastructure from significant disruption. The Akashteer system's integration of cyber situational awareness with physical air defence operations was a notable milestone: India demonstrated that it could manage a simultaneous kinetic and cyber conflict without the latter degrading the former.

New space cyber security guidelines unveiled at the DefSat Conference in early 2026 — developed jointly with CERT-In and the SIA-India — reflect a further expansion of India's cyber defence perimeter. With over 1.5 million cyberattack attempts recorded during Sindoor targeting satellite-linked systems, the extension of cybersecurity frameworks to India's expanding space ecosystem is both timely and strategically significant.

The Offensive Dimension — India's Quiet Capability

India's public cybersecurity narrative has focused predominantly on defence — protecting infrastructure, responding to incidents, building resilience. But cyber power, as India's own Joint Doctrine acknowledges, is a two-way capability. The ability to defend India's cyberspace and the ability to operate offensively in adversaries' cyberspace are two sides of the same strategic coin.

India's offensive cyber capabilities are, by design, not publicly detailed. But the institutional infrastructure exists. The DCyA's mandate explicitly includes offensive cyber operations. DRDO's CAIR laboratory has been developing AI-powered cyber warfare tools alongside its autonomous systems work. The Army's AI roadmap for 2026–27 includes electronic warfare — AI for signal jamming, interception, and countering enemy electronic systems — as a core capability area. India's investment in AI-driven cyber offence, signal intelligence, and electronic warfare is a classified but real component of its defence posture.

What can be said is that India's approach reflects a deliberate doctrine of integrated deterrence — maintaining sufficient offensive capability to deter adversaries from cyber escalation, while building the defensive depth to absorb and respond to attacks when deterrence fails. The Iran war's demonstration that cyberattacks can paralyse critical infrastructure in tandem with kinetic strikes — as evidenced by disruption to Gulf financial networks and power systems — has reinforced for Indian planners that offensive cyber capability is not a luxury. It is a core element of any credible military deterrent.

The Gaps India Must Close

India's cyber architecture has real strengths. But three structural gaps remain that require urgent attention.

The first is institutional fragmentation. Responsibilities for cyber defence are split across CERT-In, NCIIPC, I4C, the DCyA, and multiple ministry-level bodies. While the 2025 Allocation of Business Rules amendment clarified some jurisdictional boundaries, the absence of a single, empowered national Cyber Command — with unified authority over both civilian and military cyber operations in a crisis — creates coordination delays that adversaries can exploit. India needs a unified apex cyber authority with the authority to act in real time.

The second is hardware sovereignty. India's critical infrastructure remains significantly dependent on foreign-sourced hardware — semiconductors, routers, network equipment — that carries embedded supply chain risks. As India discovered during Sindoor, the attack surface of indigenous systems can differ from that of commercial IT infrastructure in ways that existing security tools are not designed to detect. Building sovereign hardware for critical systems — linked directly to India's semiconductor and electronics manufacturing push — is a cybersecurity imperative as much as an economic one.

The third is the talent pipeline. India's IT sector produces world-class engineers, but the specialised skills required for military-grade cyber operations — offensive security, signals intelligence, cryptography, AI-driven threat detection — require dedicated training pathways that go beyond civilian cybersecurity certifications. The Defence Institute of Advanced Technology's AI and ML programmes are a start. They need to scale dramatically, and the pipeline between India's top technical institutions and the DCyA needs to be formalised and deepened.

The Strategic Imperative

India is not starting from scratch in cyberspace. It has institutions, doctrine, operational experience, and a talent base that many countries would envy. What it needs now is the same urgency it is applying to its autonomous systems, semiconductor, and air defence programmes — a recognition that cyberspace is not a supporting domain but a primary one, where India's security and prosperity are contested every day.

The invisible army India is building in cyberspace will be as important to its security in the decades ahead as the steel soldiers it is deploying on its borders. Both must be built with the same intent, the same resources, and the same sense of strategic purpose.

The Hind covers policy, power, and strategic affairs from India's perspective. Views expressed are analytical and editorial.