As per IT Act, 2000, “cyber security” means protecting information, equipment, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.
Elements of cyber security
Core Principles (The CIA Triad)
Confidentiality– Keeping sensitive data private from unauthorized access. Eg- encryption
Integrity– Ensuring data is accurate, trustworthy, and hasn’t been altered. Eg- digital signatures.
Availability– Ensuring systems are accessible to authorized users when needed. Eg- backups.
Key Security Domains & Functions
Network Security– Protecting network infrastructure (firewalls).
Endpoint Security– Securing devices like laptops, phones (antivirus).
Application Security– Securing software and apps.
Data Security- Implementing encryption and Data Loss Prevention (DLP) tools.
Identity & Access Management (IAM)– Eg- Multi-Factor Authentication (MFA)
Incident Response– Planning for and managing security breaches.
Disaster Recovery & Business Continuity– Planning for system restoration.
Security Operations Center- A centralized unit that monitors, detects, and responds in real-time
Steps Taken to Strengthen Cybersecurity
DPDP Act, 2023 – imposing penalties up to on Data Fiduciaries for security lapses.
Centralized Command – designated the National Security Council Secretariat (NSCS) as the nodal agency.
Cyber Fraud Mitigation Centre – provide a real-time platform for banks, and police to freeze fraudulent funds.
Dedicated CERT-In have been established for critical sectors like Power and Finance.
CERT-In guidelines mandating annual cybersecurity audits for all critical sector entities by empanelled auditors.
Zero-Trust Integration- mandatory “Never Trust, Always Verify” architecture for all G2G and G2C digital services.
Sovereign Technology- deployment of Maya OS across defense and critical ministries.
The National Quantum Mission (2025) – piloting Post-Quantum Cryptography (PQC) for high-security government communications.
Cyber Jagrit Bharat- A nationwide awareness campaign, including a “Cyber Pledge” and webinars for citizens.
Quad Senior Cyber Group to counter state-sponsored APTs in the Indo-Pacific.
Signing of UN Convention on Cybercrime (Hanoi convention) to streamline cross-border digital evidence sharing and extradition.
Challenges That Remain
Workforce Shortage- 30% talent gap in high-end cybersecurity roles (forensics, malware analysis).
Legacy Infrastructure- Nearly 57% of Indian organizations still lack basic cyber hygiene (India Cyber Threat Report 2025)
AI-driven “double extortion” ransomware and Deepfake-as-a-Service are evolving faster than defensive protocols.
Federal Coordination issues- many State-level cyber cells lack the funding and technical expertise to handle transnational crimes.
Cross-Border Anonymity- use of proxy servers in non-extradition jurisdictions makes prosecution nearly impossible.
Import dependency – India imports over 70% of its telecom and IT hardware from China.
Low Digital literacy – Eg- limited awareness about using MFA, identifying phishing links.
Compliance Burden – The stringent requirements of the DPDP Act impose a heavy financial burden on small businesses.
Data Colonization – India generates 20% of global data, yet most of it is processed in offshore data centers
Addressing these challenges requires viewing cybersecurity not as a technical IT issue but as a National Security Priority that demands a “Whole-of-Society” response.