Since India mounted a response to the 22 April Pahalgam terror attack in the early hours of 7 May by targeting terror sites located inside Pakistan and Pakistan-occupied Kashmir, the actions of the Indian armed forces across air, land and sea domains have understandably dominated media coverage. While India’s achievements in these domains during Operation Sindoor must be underlined, it is equally important to closely examine how India fared in another critical domain — cyberspace. We argue that India’s cyber defences largely held during Operation Sindoor, as the country’s critical infrastructure remained resilient in the face of cyberattacks. India should build on the momentum to prepare for the more formidable cyber challenge posed by China.
How India’s cyber defences held during Operation Sindoor
Little is known publicly about the offensive cyber aspect of Operation Sindoor barring the 13 May post on X by India’s Integrated Defence Staff: ‘highlighting Technological Superiority of #IndianArmedForces in niche non-kinetic domains of #Space, #Cyber & #ElectronicWarfare.’
However, on the defensive front, India has appeared to have done reasonably well, especially in protecting critical infrastructure from debilitating attacks. India is one of the most cyber-attacked countries in the world, and it was only expected that malicious activity would surge during heightened India-Pakistan tensions and military clashes. Hackers from Pakistan, Turkey, and Bangladesh, among others, reportedly targeted India’s critical infrastructure when Operation Sindoor was underway.
While heightened cybersecurity alertness from both the government and the private sector has certainly helped, it is the cyber strength built over the years that has primarily ensured the resilience of the Indian cyber landscape
Maharashtra’s Cyber Department, MahaCyber, released a report on India-Pakistan cyber frontlines on 10 May describing a surge in intrusion attempts based on telemetry data from threat monitoring systems. Following the Pahalgam terror incident, over 10 million intrusion attempts were recorded originating from Pakistan and its allies. A Press Trust of India report further stated that MahaCyber had ‘identified seven Advanced Persistent Threat (APT) groups responsible for launching over 15 lakh cyber attacks targeting critical infrastructure websites across India’ of which only 150 were successful. These figures may appear alarming but there are reasons to assess them with caution. This is because ‘intrusion attempt’ is a very broad category in cybersecurity and not many intrusion attempts actually succeed. Moreover, most of the reported cyberattacks appear to have been about phishing, defacing, and distributed denial of service instead of sophisticated attacks (such as ransomwares, or cyberattacks that exfiltrate sensitive data or cripple critical information infrastructure).
