Parliamentary Standing Committee on Home Affairs

The Parliamentary Standing Committee on Home Affairs has raised serious concerns about the escalating cyber threats in India. The committee emphasizes the urgent need for greater public awareness, enhanced cyber safety, and stronger digital security as internet penetration and online transactions expand rapidly in the country.

Key Cyberthreats India is Facing:

1. Cyber-enabled Financial Frauds:

   • India has witnessed a surge in various forms of cyber fraud, including phishing, ransomware, identity theft, and UPI/online banking frauds.

   • In 2024, 1.91 million cybercrime complaints were recorded, highlighting the scale of digital financial vulnerability in India.

2. Ransomware & Malware Attacks:

   • Hospitals, government databases, and critical private enterprises have become frequent targets of ransomware and malware attacks.

   • A notable attack was the AIIMS Delhi cyberattack (2022), which exposed vulnerabilities in healthcare and public service systems.

3. Critical Infrastructure Vulnerability:

   • Strategic national assets like power grids, telecom networks, nuclear facilities, and ports face ongoing threats from cyber sabotage.

   • The Kudankulam Nuclear Power Plant attack (2019) highlighted the risks to national security and critical infrastructure.

4. Data Breaches & Privacy Risks:

   • Frequent cyber intrusions have led to data breaches, compromising the personal data of millions.

   • The Air India breach (2021), which exposed information of 4.5 million passengers, is a notable example of privacy risks.

5. Deepfakes & Misinformation:

   • The rise of AI-driven deepfake content and fake news campaigns poses a significant threat to social cohesion, democratic institutions, and electoral integrity.

   • In 2024, deepfake videos of political leaders were widely circulated during the election campaigns, undermining public trust and electoral processes.

6. Dark Web & Cyber Terrorism:

   • The dark web has become a platform for radicalization, illegal trade of arms, narcotics, and terror financing through cryptocurrencies.

   • This fuels organized crime and cyber terrorism, heightening the national security threat.

Factors Undermining India’s Cybersecurity Framework:

1. Inadequate Legal and Regulatory Framework:

   • Existing laws like the IT Act, 2000 and the Digital Personal Data Protection Act, 2023 fail to address emerging threats such as AI-enabled attacks, deepfakes, and ransomware attacks.

2. Shortage of Skilled Cybersecurity Professionals:

   • India faces a massive shortage of trained cybersecurity experts, with a need for at least one million professionals. Currently, India has less than half that number.

   • According to NASSCOM, India needs a significant increase in cybersecurity talent to address the growing threats.

3. Rapid Digitalization & Low Cyber Awareness:

   • As India’s digital ecosystem expands rapidly, so do the sophistication and scale of cyber threats.

   • Weak cyber hygiene among citizens, especially in rural areas, increases vulnerability to phishing attacks, fraudulent websites, and scam calls. Limited digital literacy exacerbates the problem.

4. Weak Protection of Critical Infrastructure:

   • Power grids, telecom networks, and nuclear facilities are particularly vulnerable due to outdated security protocols.

   • Small and medium enterprises (SMEs) also lack strong cyber defenses, and India’s reliance on imported IT equipment further increases risks of embedded vulnerabilities.

5. Fragmented Coordination Among Agencies:

   • Various agencies like CERT-In, the National Critical Information Infrastructure Protection Centre, and private stakeholders have limited coordination, delaying threat detection and response.

Key Initiatives Related to Enhancing Cybersecurity:

1. Legislative Measures:

   • Information Technology Act, 2000 (IT Act): A primary legal framework for cybercrime and cybersecurity.

   • Digital Personal Data Protection Act, 2023: Focuses on protecting personal data, though still in need of strong enforcement and additional provisions for emerging threats.

2. Institutional Framework:

   • Indian Computer Emergency Response Team (CERT-In): Responsible for responding to cybersecurity incidents and threats.

   • National Critical Information Infrastructure Protection Centre (NCIIPC): Protects critical national infrastructure from cyber attacks.

   • Indian Cyber Crime Coordination Centre (I4C): Coordinates efforts to tackle cybercrime across India.

   • Cyber Swachhta Kendra: Focuses on cleaning malware and promoting secure cyberspace.

   • Citizen Financial Cyber Fraud Reporting and Management System: Helps report and manage financial frauds.

3. Strategic Initiatives:

   • Bharat National Cybersecurity Exercise 2024: A national-level exercise aimed at enhancing India’s cybersecurity readiness.

   • National Cyber Security Policy, 2013: The overarching framework guiding the country’s efforts to secure cyberspace.

   • Chakshu & Digital Intelligence Platform: Platforms focusing on cyber threat intelligence and digital safety.

   • Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024: Guidelines for securing telecommunication infrastructure.

Measures to Strengthen India’s Cybersecurity Framework:

1. Strengthen Legal & Regulatory Framework:

   • The IT Act, 2000 needs urgent updates to address modern threats such as AI-based cyberattacks, deepfakes, and ransomware.

   • Enforce the Digital Personal Data Protection Act, with clear accountability for data breaches.

2. Institutional & Audit Reforms:

   • Mandate cybersecurity audits and stress tests for critical sectors like banking, healthcare, and utilities.

   • Establish district-level cybersecurity units to handle localized threats and enhance coordination with CERT-In.

3. Strengthen Critical Infrastructure Protection:

   • Implement two-factor authentication (2FA), data encryption, and real-time monitoring systems in critical sectors like banks and power grids.

   • Promote the adoption of Zero-Trust Architecture (continuous verification of users and devices) in critical infrastructure.

4. Promote Indigenous Cybersecurity Solutions:

   • Make in India: India should focus on developing indigenous cybersecurity tools to reduce reliance on foreign solutions.

   • Support startups working on AI-based threat detection by providing funding and incubation.

5. Improve Cyber Hygiene & Awareness:

   • Launch nationwide cyber literacy campaigns in regional languages to target rural communities, youth, and senior citizens.

   • Integrate cybersecurity education in schools and universities to build a foundation for digital resilience.

   • Support secure infrastructure and staff training in educational institutions to strengthen cybersecurity knowledge.

Conclusion

Cyber threats in India have evolved significantly, moving from financial frauds to complex risks that affect national security, privacy, and democratic integrity. The rapid digitization of governance, commerce, and infrastructure has amplified India’s vulnerability to ransomware, data breaches, deepfakes, and threats to critical infrastructure.