India stands at a critical juncture in the international debate on responsible state behaviour in cyberspace. It is uniquely positioned to shape the emerging global cybergovernance mechanisms by leveraging domestic drivers, the ability to robustly engage with multilateral institutions, and the capacity to anchor cooperation between the Global North and South. Hence, India has emphasised collaboration between stakeholders to further cybergovernance and information technology security. But it must go further in actively shaping norms and rules of governance, given the inability of multilateral mechanisms to create overarching frameworks amidst persistent cyber-intrusions and in the face of persistent opposition by superpowers.
Nature of the Threat
India has both a rightful say in and a domestic impetus to build a multilateral framework of cyber governance. As per the 2022 India Risk Survey report, ‘Information and Cyber Insecurity’ ranked number two on the list of challenges facing businesses and organisations in India. The media reports indicate that the number of cybersecurity incidents related to governmental agencies and institutions rose from 48,285 in 2021 to a whopping 1,92,439 in 2022.
Data breaches also constitute a major chunk of the threat Indian IT infrastructure (especially government servers) faces. Perhaps the most infamous of such breaches is associated with the illegal access to biometric data of over a billion Indian citizens collected by the Unique Identification Authority of India (UIDAI).
Because of the transnational nature of cyberspace, India is also at risk of cyberattacks against critical national security infrastructure by foreign state and non-state actors. An example is the ShadowPad malware attack faced by Indian power grid institutions in April 2022. The hackers responsible, believed to be sponsored by China, preyed on already infected IoT devices to navigate through compromised networks and conduct espionage activities in the Ladakh region of India. This (Galwan Valley) also happens to be the location of the disputed border between India and China, where troops of the two sides engaged in eyeball-to-eyeball fighting in June 2020, and 20 Indian soldiers lost their lives. The Chinese Ministry of State Security and the People’s Liberation Army have been associated with multiple ShadowPad malware attacks in the past, reportedly using a group of hackers that have come to be known as RedEcho. The severity of the challenge is clear and has multifaceted implications for data security, internet governance, and a safe IT infrastructure in India.
The perpetration of such attacks by actors tied to Pakistan and China reveals not only the porous boundaries between intelligence activities and criminal cross-border intrusions, but also underscores India’s urgent domestic prerogative to fortify its cyber defences and institutional responses. Multilateral mechanisms act as shields, in this regard, through which India can hold malicious actors accountable and suggest methods of diplomatic de-escalation and/or technological resolution.
India’s Participation in Multilateral Cyber Mechanisms
As part of major United Nations-led cybersecurity mechanisms, India has used diplomacy to advocate responsible state behaviour in cyberspace. India has also supported a multilateral consensus on how the existing body of international law can apply to cyberspace and ICTs. This was reiterated by Ministry of External Affairs Joint Secretary Atul Gotsurve at the first substantive session of the 2021-25 OEWG, where he argued that the purpose of an elaborate discussion on how specific aspects of the existing international law apply to the ICTs should be to “arrive at a universal approach to this matter under the UN auspices.”
India’s emphasis on cybersecurity at the global stage also reflects its domestic priorities. For example, it is evident from former Indian Foreign Secretary Harsh Vardhan Shringla’s speech at the UN Security Council Open Debate on “Maintenance of International Peace and Security: Cyber Security” (June 2021) that a key pillar of the Indian diplomatic approach to cybersecurity is countering cyber-terrorism. As a victim of cross-border terrorism emanating from its northwestern neighbour, Pakistan, India accords critical value to the issue of terrorism in cyberspace, and even its contributions to the first draft Annual Progress Report of the OEWG adopted in July 2022, India supported the inclusion of a provision to “Strengthen law enforcement cooperation to prevent the use of cyberspace for terrorist purposes.” India’s statement at the fifth substantive session of the OEWG in July 2025 also delved into detail regarding the threat to national security posed by ‘Quasi-State Actors’ (QSAs), and included state-sponsored cybercriminals in this ambit. Having been at the receiving end of state-sponsored cybercrime, especially emanating from China, India has called on its international partners to develop joint accountability mechanisms on the irresponsible cyber behaviour of QSAs.
India has also been a vocal advocate for establishing a global ‘Point of Contact’ Directory wherein States must assign a diplomatic and technical liaison during deliberations on specific areas of cyber/ICT security. In a bid to create a network of open lines of communication where PoCs can interact to de-escalate situations of cyber-related conflict and undertake Confidence-Building Measures (CBMs), India has regularly called for the creation of such a Directory in a manner similar to the National PoC Directory maintained for the implementation of UNSC Resolution 1540 on non-proliferation of Weapons of Mass Destruction. Even in this proposal, India’s domestic imperatives are at play, because with the institution of a PoC directory, India also aims to further capacity-building across its key national ICT security stakeholders—namely, CERT-In (Indian Computer Emergency Response Teams) and the Telecom-Cyber Security Incident Response Team (T-CSIRT). This is evident from India’s submission to the draft Annual Progress Report of July 2023, wherein it proposed that “The PoC Directory will take into account and complement the work of the regional, sub-regional fora on incident response and security CERTs and CSIRTs networks.” Expanding on the need for a joint capacity-building mechanism, India has also submitted a Working Paper on developing a ‘Global Cyber Security Cooperation Portal.’ However, the proposal for this Portal, which is meant to be a largely Member State-led initiative, lacks one major element—proactive participation from multiple stakeholders.
Engaging Stakeholders Across Cyberspace
Given the highly privatised nature of critical information infrastructure (CII) and ICT, governments cannot act alone in building governance and resilience for responsible cyber behaviour. A multistakeholder mechanism is essential to support India’s diplomatic priorities. So far, because of India’s top-down, government-led approach to responsible cyber governance, its stance on engaging the private sector and civil society has been lackadaisical.
To begin with, like many other major cyber powers, including Russia, China, and the US, the Indian government has not signed on to the Paris Call of 12 November 2018 for Trust and Security in Cyberspace, which is considered one of the largest multi-stakeholder repositories of responsible cyber behaviour working groups. This is even though some of the Paris Call’s private sector signatories include Indian industry-body leaders such as the Federation of Indian Chambers of Commerce & Industry (FICCI), Confederation of Indian Industry, and Internet and Mobile Association of India.
Since 2021, India has made some progress in this regard by organising an annual multistakeholder consultative conference called the ‘Internet Governance Forum’ (IGF). Moreover, in his June 2021 speech, Gotsurve also indicated a significant shift in India’s stance by offering to break the deadlock between states on multistakeholder participation. He proposed to do so by calling on States to voluntarily declare reasons for their denial of the involvement of NGOs/multi-stakeholder entities in cybersecurity-related multilateral deliberations.
Moving forward, as India builds a resilient cyber and ICT security policy, engaging private sector firms, NGOs, think tanks and civil society will become pertinent. The existence of such a multistakeholder dynamic domestically will automatically reflect in India’s diplomatic approach.
India’s Challenges and Way Forward
For India to truly anchor global cyber governance, it must pursue significant reforms on multiple fronts:
Incident Attribution: India must develop technical and diplomatic frameworks to enable credible public attribution of APTs, supported by robust incident tracing and legal evidence-sharing standards.
Multilateralism: India must move past rhetoric and formally join initiatives like the Paris Call, actively include non-governmental actors in key deliberations, and foster transparency in decision-making processes around stakeholder participation.
PoC Directory: It must accelerate the push toward the establishment of the global PoC directory and ensure it is resourced, accessible, and dynamically integrated with existing regional and sectoral response mechanisms. This is vital to creating a governance mechanism for the de-escalation of crisis cyber-scenarios that may have kinetic economic, diplomatic, or military repercussions.
Capacity-Building: India must intensify efforts to harmonise CERTs, CSIRTs, and national cyber coordination cells with international best practices, prioritising continuous training, information exchange, and joint operational readiness.
Stakeholder Engagement: India must institutionalise multi-stakeholder engagement, not just in policy consultation but within operations, incident response, and governance. This is likely to help create sustainable channels where governments, industry, and civil society collaborate throughout the policy-making and crisis response continuum.
India’s Path to Cyber-Statesmanship
India’s pursuit of global leadership in responsible cyber behaviour is both a domestic and diplomatic priority, shaped by ongoing threats, institutional challenges, and the changing landscape of digital power. By strengthening legal frameworks, actively engaging in multilateral forums, and advancing initiatives such as the PoC directory, India can help establish an international order where cyber norms are credible, adaptable, and grounded in practical cooperation among states and stakeholders.
India must address ongoing gaps in attribution, stakeholder engagement, and capacity-building. Success in these areas will close governance gaps and provide a model for other nations to navigate cyber conflict, cooperation, and global security.