The scale and impact of cyber and information warfare in India are steadily intensifying. In 2018, Cosmos Bank reportedly lost over $13 million in a cyber heist. During 2020-21, malware was allegedly implanted across more than 10 power plants and ports, creating latent capacity for blackouts and port disruption. A 2022 ransomware attack crippled AIIMS Delhi for days, while in 2025, the reported theft of 1.4 terabyte of data from a major industrial house highlighted rising economic espionage. Official figures from CERT-In show incidents rising from about 53,000 in 2017 to millions annually.
Simultaneously, information warfare has shifted from episodic misinformation to sustained, technology-enabled influence campaigns. During the 2019-20 CAA/NRC agitation, coordinated operations linked to inimical nations amplified false anti-Muslim narratives, inflaming communal tensions and harming India’s global image. The 2024 elections witnessed thousands of deepfakes and industrial-scale synthetic media campaigns aimed at shaping voter perceptions. More recently, bot networks, deepfakes and fabricated narratives on Kashmir have proliferated across social media platforms. These are not random falsehoods but calibrated campaigns that map and exploit societal vulnerabilities. Fact-checking and takedown mechanisms try to remove one falsehood, but several replace it.
The unique features of these domains must be taken into account when crafting any effective response framework. Much of the contested terrain, including data centres, Cloud infrastructure, and telecom networks, is privately owned, making technology companies de facto strategic actors rather than peripheral stakeholders.
Unlike episodic terror attacks, operations in these domains are persistent and continuous. Their low cost and minimal entry barriers allow hostile states to readily outsource operations to non-state actors, enabling deniable, scalable attacks. Automation further enables repeated cyber intrusions and bot-driven amplification and mass-produced deepfakes. The digital environment also aids anonymity, weak attribution, and plausible deniability. These challenges are compounded by the absence of clear international norms and rapid technological innovation.
Several countries are incorporating a structured military role in civilian response in cyberspace. Under the 2023 National Cybersecurity Strategy, US Cyber Command is integrated into the national cyber-defence posture even in peacetime, supporting civilian authorities through coordinated threat-disruption, shared platforms, and real-time information-sharing with agencies and the private sector. In Israel, the Israel Defense Forces plays a continuous role in detecting and pre-empting hostile cyber activity, closely linked with the civilian-led Israel National Cyber Directorate. France explicitly recognises cyber operations below the threshold of armed conflict and mandates a standing military role.
In the past two years, India has reshaped its cybersecurity architecture for cyber and information warfare. The September 2024 amendment to the Allocation of Business Rules clarified roles across government: MeitY leads overall cybersecurity policy and CERT-In and the Ministry of Home Affairs coordinate cybercrime, the Department of Telecom oversees telecom security, and the National Security Council Secretariat (NSCS) is the nodal body for national-level coordination and strategic oversight. New frameworks covering supply chains, AI-enabled threats, and space systems have been formulated. However, these initiatives remain confined to civilian entities and do not provide a defined role for the military. Effective civil-military coordination for cyber and information warfare in peacetime must start by recognising grey-zone conflict as a permanent condition. Civilian ministries must be treated as part of the national security frontline, with enhanced strategic literacy, decision authority and rapid-response capacity. Civil-military coordination should be institutionalised, with the armed forces and intelligence agencies providing attribution, threat assessments and calibrated response options, while remaining discreet.
The NSCS may coordinate intelligence fusion, combining civilian technical data, military intelligence and diplomatic assessments into a shared national picture of adversary intent and escalation risks. The framework may include pre-agreed protocols with thresholds for military support, red lines, and rules on public communication, which should be issued only by civilian authorities. Diplomatic and military signalling must be coordinated even when military operations remain decoupled and secret. Crucially, the private sector must be treated as a strategic actor, not a passive contractor, through regulatory provisions that specify clear crisis obligations, enable trusted real-time information sharing, and provide protections for good-faith cooperation. The core principle is a structured, continuous and discreet military role under civilian control, with the private sector as a national security partner.
Once war is declared, peacetime coordination still functions, but with slight changes to the reporting matrix. The NSCS provides strategic coordination, with the military leading operations and receiving requisite support from civilian authorities. Immediate civilian priorities remain maintaining essential services — power, telecom, banking, healthcare—through prioritising critical functions, backups, network isolation, and pre-authorised decision-making in accordance with standard operating procedures.
Contest in the cyber domains will only intensify with AI. Only by aligning civilian authority, military capability and private-sector responsibility can democratic states remain secure in an era of continuous conflict that unfolds outside battlefields.
The author is the chairman of UPSC and former defence secretary of India. The views are personal
 "hacking, China hackers, cybersecurity")
