Answer

Introduction

The number of cyber attack cases in India increased by 15 per cent per week on an average in 2023, affecting critical infrastructure, enterprises, and government agencies. India’s cyber risk profile intensifies with AI-driven threats, as India now serves over 936 million internet users (TRAI). The newly released Joint Doctrine for Cyberspace Operations (JDCO) is a step towards integrated cyber defence, focusing on threat-informed planning and real-time intelligence integration, but its implementation faces structural, capability, and coordination challenges.

Body

Strengths of Joint Doctrine for Cyberspace Operations (JDCO)

• Threat-informed, real-time response: Enables rapid adaptation to unpredictable and fast-evolving cyber threats.
  Eg: 2017 WannaCry ransomware crippled 300,000 systems globally within days, JDCO’s framework is designed to respond faster in such scenarios.
• Push for jointness in cyber warfare: Promotes integration across Army, Navy, and Air Force for cohesive and coordinated cyber defence.
  Eg: Joint service planning helps plug inter-service gaps seen in traditional siloed cyber defence mechanisms.
• Recognition of human capital needs: JDCO acknowledges the importance of skilled cyber professionals for both defensive and offensive operations.
• Indigenous capability emphasis: Prioritises self-reliance in cyber tools, reducing dependence on vulnerable foreign technologies.
  Eg: Aligns with Atmanirbhar Bharat in developing indigenous encryption, malware analysis, and intrusion detection systems.
• Strategic communication tool: JDCO acts as a signalling mechanism to adversaries, showing cyber preparedness while keeping operational specifics classified.
  Eg: Similar to how the U.S. Cyber Command releases doctrine summaries to deter aggression.
• International benchmarking: Draws lessons from established global cyber doctrines like those of the U.S., China, and Russia to enhance operational efficiency.
  Eg: Incorporates US-style offensive cyber posturing and China’s integrated network-electronic warfare strategies.

Gaps of Joint Doctrine for Cyberspace Operations (JDCO)

• Service-specific silos: Decades of distinct procurement and operational protocols across services hinder full integration.
  Eg: Army focuses on tactical cyber ops, Navy on maritime, and Air Force on space cyber, making joint operations challenging.
• Weak integration of the Defence Cyber Agency (DCA): DCA lacks sufficient authority, resources, and information-sharing capabilities to coordinate tri-service operations effectively.
• Overdependence on foreign tech: Despite JDCO’s push, India still relies heavily on external cybersecurity tools; indigenous ecosystem remains nascent.
  Eg: CERT-In reports a significant share of defence-grade firewalls and intrusion detection systems come from Israel and the US.
• Absence of timelines and benchmarks: Without clear milestones, JDCO risks remaining an aspirational document instead of an operational blueprint.
  Eg: The 2019 Defence Cyber Agency roadmap lacked publicly stated targets, delaying measurable progress.
• Limited civil–military integration: Most critical infrastructure lies in the private domain; JDCO does not outline effective mechanisms for public–private coordination.
• Unclear deterrence strategy: The complexities of attribution and escalation in cyberspace necessitate a nuanced deterrence framework, currently lacking in the JDCO.
  Eg: India’s response to suspected state-backed cyber intrusions, like the 2020 Mumbai power outage incident, remained largely reactive.

Roadmap to Enhance India’s Cyber Resilience

• Break service silos: Empower the Defence Cyber Agency with increased operational authority and unified command structures.
• Strengthen civil–military partnerships: Institutionalise collaboration between CERT-In, NCIIPC, and critical sector CSIRTs (Finance, Power, etc.).
• Develop a robust talent pipeline: Offer military cyber scholarships, create entry pathways for private-sector cyber professionals, and facilitate reskilling programs.
• Accelerate indigenous R&D: Support initiatives like C-DAC’s cybersecurity tools development and expand involvement of academia and startups.
• Set clear timelines and milestones: Track JDCO implementation through exercises like Bharat NCX 2025, which sharpens responsiveness to AI-driven malware, deepfakes, and crisis scenarios.
• Refine deterrence strategies: Focus on resilience and rapid recovery; complement cyber norms with diplomatic dialogue, and ensure incident attribution mechanisms are robust and transparent.
• Address AI-driven threats: Train “cyber commandos” at DIAT to counter deepfake and AI-based cybercrime, and embed continuous threat readiness to confront AI malware surges.

Conclusion

The JDCO signifies a pivotal evolution in India’s cyber posture. Yet, its transformation from vision to capability demands structural reform, human capital development, public–private synergy, and a forward-looking strategy anchored in indigenous resilience and deterrent clarity. With India’s digital economy projected to reach $1 trillion by 2027-28 and the nation ranking second globally in email threats, the urgency for decisive, coordinated, and future-ready action is greater than ever.

DOWNLOAD PDF