India’s Cyber Diplomacy
India’s global engagement is shaped by its extensive domestic cyber and digital initiatives. This has taken the form of policy measures (like the National Cyber Security Strategy of 2021), the creation of new institutions (like the Indian Cyber Crime Coordination Centre and Defence Cyber Agency) and key appointments (like the National Cyber Security Coordinator). The International Telecom Union has recognised these initiatives in its 2020 Global Cyber Security Index, ranking India in the 10th position globally and 4th in the Asia-Pacific region. As the newest global commons, the cyberspace is anarchic, with no formal, comprehensive governance framework. The interconnectedness of cyberspace, the low cost of launching a cyber attack and the invisibility of cyber, make it difficult to pinpoint the perpetrator with certainty. Moreover, states using proxies to launch cyber attacks has blurred the distinction between state and non-state actors. This poses a significant challenge to the traditional notions of stability and deterrence. Multilateral attempts to create a global governance framework have not made significant progress due to fundamental disagreements among the countries. In this global backdrop of flux, India is making a play to define a cyberspace governance framework. It has three elements: creating global cyber norms, managing Internet governance and bilateral cyber diplomacy, including capacity-building programmes.
Shaping global cyber norms
India’s engagement with cyber issues began in the early 1990s during its participation at the initial iterations of the World Summit on the Information Society (WSIS), a United Nations-endorsed initiative to manage cyberspace. In that decade, it also participated in deliberations on digital technologies and information security at the UN General Assembly (UNGA) and the ITU, the specialised agency of the UN for Information and Communications Technology (ICT). In 2004, India was given the opportunity to shape norms for responsible state behaviour in cyberspace when it was selected as one of the 15 members of the UN’s Group of Governmental Experts on Advancing responsible State behaviour in cyberspace in the context of international security (GGE). Since then, India has participated in four GGE processes, including the 2019-21 GGE. At these forums, India has taken a strong position on critical issues. For instance, it has repeatedly highlighted the need to develop a common understanding of responsible state behaviour, including on matters of attribution and cyberterrorism. India has also held that while international law applies to cyberspace, these laws are often inadequate to realistically tackle pressing issues of attribution, violation of sovereignty and the threshold for invoking the right to self-defence against state-sponsored cyber attacks. While differences among states have stalled progress on management of cyberspace (as seen by the collapse of the GGE process in 2017), India has also adopted a pragmatic approach, seeking progress through any feasible avenue. This is why, in December 2018, it supported two parallel UNGA resolutions – Resolution 73/27 and Resolution 73/266. These resolutions established the Open Ended Working Group and the GGE 2019-21 processes respectively to deliberate on issues of applicability of international law in cyberspace.
Managing Internet governance
India has sought an equitable distribution of power for all countries, including developing states, in the Internet governance ecosystem. Early on, India’s position was in line with its emphasis on national sovereignty. This was evident at the 68th UNGA in 2011, when it proposed a UN Committee on Internet-related Policies to regulate functioning of the Internet. However, India’s position has evolved. In 2015, India explicitly endorsed a multi-stakeholder model for managing the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the global Internet infrastructure. Between 2015-2018, successive BRICS declarations had emphasised the need to involve relevant stakeholders in the evolution and functioning of the Internet and its governance.
Cyber dialogues with like-minded countries
The Cyber Diplomacy division of the Ministry of External Affairs (MEA) has given significant impetus to India’s bilateral engagements and participation in multilateral forums on cyber issues. Thus, in the last few years, India has held cyber dialogues with more than 15 countries and two organisations (European Union and Association of Southeast Asian Nations). These include exchanges on cyber security practices, capacity-building, and tackling threats posed by cybercrimes and cyberterrorism. India, like other digital powers, is harnessing its ICT expertise to share its knowledge of tackling cyber threats with developing countries in the Indo-Pacific and Africa. It has also promoted cyber security by setting up Centres of Excellence and Institutes of Technology in various countries. This capacity-building also includes rigorous training, as part of the Indian Technical and Economic Cooperation (ITEC) programme, implemented by the MEA. Institutions like Sardar Vallabhbhai Patel National Police Academy, Gujarat Forensic Sciences University and Indian Institute of Technology (Kanpur) have trained the ITEC participants in various aspects of cyber security.
Multilateral forums such as the Global Forum on Cyber Expertise (GFCE, of which India is a founding member) also facilitate India’s engagement with other developing countries for capacity-building, sharing best practices and regular exchanges on cyber security issues. For example, under the GFCE, India has shared its learning from the ‘Cyber Surakshit Bharat’ initiative, that seeks to spread awareness about cyber security among the Chief Information Security Officers and frontline IT staff. India’s unique position as the world’s largest democracy, with the second-largest base of Internet users (nearly 700 million), and as a the country with an advanced technology sector and preference for national sovereignty, has ensured it a distinctive voice to shape the global debates on cyber security and digital issues. In a world where increasing polarisation in international politics has thwarted progress, India can serve as a bridge between the Global North and South in creating a rules-based order in cyberspace.