The ongoing discourse surrounding India’s cyber security landscape indicates that the Narendra Modi government faces significant challenges in effectively managing the nation’s digital security in 2015. Despite assertions of dedication and focus, analysts argue that the outcomes in cyber security remain unimpressive, leading to perceptions of “policy bankruptcy.” Reviewing the status of cyber security initiatives under the Modi administration reveals a troubling reliance on previous government foundations. Key projects launched during the tenure of the Congress government, such as the National Cyber Coordination Centre (NCCC) and the National Critical Information Infrastructure Protection Centre (NCIPC), highlight a continuity rather than an evolution of policy. Despite the existence of these frameworks, there is a strong sentiment that the Modi government has not satisfactorily capitalized on or enhanced these initiatives to fortify India’s cyber defense. In stark contrast, the Modi government has made notably limited advancements in the cyber security domain. Recent appointments, such as Dr. Gulshan Rai as India’s first Chief Information Security Officer (CISO) and the request for Nasscom to create a task force on cyber security, are viewed as superficial tactics, often termed “low hanging fruits,” which have yet to yield substantial results in the face of rising cyber threats.

The Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) asserts that a robust cyber security framework is imperative for national preparedness against increasingly sophisticated online threats. A critical starting point would be the formulation of a Cyber Security Policy of India (2015). The existing National Cyber Security Policy of 2013, which many consider outdated and ineffective, fails to adequately address contemporary challenges. The need for a new policy is urgent, particularly as cyber threats evolve and proliferate. In tandem with a refreshed cyber security policy, there is also a call for a dedicated cyber security law that establishes a comprehensive techno-legal framework. This law should address contemporary risks compromising the integrity of digital infrastructure while fostering accountability among corporations regarding their cyber security practices. Specifically, it is essential to implement clear cyber security obligations for directors of Indian companies to enhance organizational accountability.

To establish a more resilient cyber security posture, CECSRDI proposes several actionable strategies: prioritizing a new 2015 policy to replace the obsolete 2013 framework, ensuring legal backing for regulatory frameworks that can adapt to evolving threats, instituting transparency in cyber security practices among businesses to encourage best practices, and launching initiatives aimed at educating stakeholders—from corporate leaders to the general public—about their roles and responsibilities in maintaining cyber hygiene. The CECSRDI extends its best wishes to the Modi government, encouraging immediate action in addressing the growing cyber security challenges facing India. A serious commitment to reforming the cyber security framework could enhance national security and foster a climate of trust and resilience as India navigates the complexities of an increasingly interconnected digital landscape. The urgency to evolve and enhance India’s cyber security policy cannot be overstated; the future of the nation’s digital defense hinges on it.