India not done enough to secure cybersecurity: IISS report

THE International Institute of Strategic Studies(IISS)  in its 2021 report on cybersecurity “Cyber capabilities and National Power: A Net Assessment”, rated 15 countries based on their cyber capabilities. India has a low rank.

The UK based think tank assessed the country’s capabilities in seven categories:

• Strategy and doctrine

• Governance, command and control

• Core cyber-intelligence capability

• Cyber empowerment and dependence

• Cybersecurity and resilience

• Global leadership in cyberspace affairs

• Offensive cyber capability

India is placed in the third tier along with Japan, Vietnam, Iran, North Korea among others. According to the report, countries in the third tier have strengths in some of these categories but demonstrate “significant weakness” in other criteria.

The US is the sole country in the first tier with its strengths across all seven categories mentioned above. The second tier includes the countries which have “world-leading” strengths in some categories. China, Russia, Israel, the UK, France are countries on the list among others.

The think tank does not regard cyber offensive capabilities possessed by non-state actors as the state’s capability unless it is supported by the ruling dispensation. The Russia-based Internet Research Agency and Iran-based Iranian Cyber Army are exceptions in this report. The think tank believes that there is sufficient evidence that the agencies have been receiving aid from their government.


The report suggested India’s cyber intelligence reach is weak beyond its immediate neighbours and has to rely on the US and other European nations for a wider reach. The report says that India’s offensive cyber capability is Pakistan-centric rather than focusing on China.

“Despite the geostrategic instability of its region and a keen awareness of the cyber threat it faces, India has made only modest progress in developing its policy and doctrine for cyberspace security,” the report read.

“Its approach towards institutional reform of cyber governance has been slow and incremental, with the key coordinating authorities in the civil and military domains only established in 2018 and 2019 respectively,” the report further read.

The report cited various government agencies like Intelligence Bureau (IB), Research and Analysis Wing (RAW), Defence Intelligence Agency (DIA), and National Technical Research Organisation (NTRO) as the backbone of India’s cybersecurity sphere.

The report said that India has a large digital economy but, as in other areas, its complex bureaucracy slows its advance in cybersecurity. There is an increased cyber activity post-military confrontation in Union Territory Ladakh that has increased the government’s concern.

The private sector was praised for moving at a faster pace than the government. “The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states.”


For the past three decades, the domain of cybersecurity has been dominated by the US. However, in recent years, it has felt threatened by its arch-rivals China and Russia.

“The US capability for offensive cyber operations is probably more developed than that of any other country, although its full potential remains largely undemonstrated,” the report said.

The US’s cybersecurity apparatus came into question after the alleged Russian interference in the 2016 US Presidential election. Besides this, there have been several reports on alleged Chinese attacks on American systems.

In 2020, the Russians were alleged to have launched the biggest attack against the SolarWinds systems. The attack famously came to be known as the “SolarWinds hack”.

Also Read: As US Loses its Edge, Game of Cyber Chicken Could Have Deadly Consequences – TheLeaflet

“There is copious public evidence indicating the world-leading sophistication, breadth, and depth of US core cyber-intelligence capabilities. These are centered on the extensive military-led cyber capabilities of the NSA, the complementary civilian-led cyber capabilities of the CIA, with its covert overseas remit, and those of the FBI, with its domestic security remit,” the report said.

The countries accessed in the report were:

  • Four of the five states that make up the Five Eyes intelligence alliance: the US, the UK, Canada, and Australia. Only New Zealand is left out of the list.
  • Three close cyber allies of the Five Eyes states: France, Israel, and Japan.
  • The four states that are hostile to the five eyes states: China, Russia, Iran, and North Korea.
  • The four emerging cyber states: India, Indonesia, Malaysia, and Vietnam.
The Leaflet