Sections

Introduction

Cyber Operations: A Potent Component of MDO

Cyber Armageddon: Hype or Reality?

Offensive Cyber Operations Vis-à-vis International Law

Offensive Cyber Operations: Nuances across the Spectrum of Conflict

Global Powers: Overview of Cyber Capabilities

India’s Standing as a Cyber Power

Offensive Cyber Operations: Role of Armed Forces

Enhancing Offensive Cyber Capability

References

Introduction

The character of warfare is undergoing a transformational change in the 21st Century. This change is often characterized by depicting the modern battlespace as a five-dimensional construct, comprising the land, sea, air, space and cyberspace domains [1], and operations across these five domains are referred to as multi-domain operations (MDO). Here, it is the newer domains of space and cyberspace which reflect the changing character of warfare. Most militaries today consider the cyber domain as a warfighting domain in its own right.

The notion of warfighting in cyberspace, however, is not as comprehensible as in the traditional kinetic domains of land, sea and air. Unlike these physical domains, the cyber domain is virtual and ill-defined, and cyber weapons as well as their effects are largely nebulous and intangible. Importantly, because of the non-attributability and non-contact attributes of cyberattacks, in addition to states cyber criminals and other non-state actors can act across national boundaries with near impunity and pose a threat to national security.

The armed forces of any state are the traditional defenders of the state against external threats which violate national sovereignty through the use of force. Militaries, however, are attuned to fighting wars in the physical domains against combatants of an adversary state. Indeed, international law governing warfare between states is grounded in the notion of jus ad bellum, or justified wars, and framed in the context of international and non-international armed conflicts, wherein combatants target combatants. Over the last two decades, experts at the UN and other international forums have been struggling to arrive at a consensus on how the laws of war apply in cyberspace, given its unique characteristics, with limited success so far.

Against the above backdrop, this work attempts to analyse the nuances of warfighting in cyberspace, with focus on offensive cyber operations. It relates this role to the traditional charter of the armed forces, which is to defend the sovereignty of a state against external threats and identifies cyber operations as an important component of MDO. It assesses the effectiveness of cyber operations in creating strategic effects towards achieving politico-military objectives. The work discusses the current understanding at the global level on how international law applies in cyberspace, for operations conducted across the spectrum of conflict. It provides the rationale on why the Indian Armed Forces are best suited to be allocated the mandate for offensive cyber operations vis-à-vis other agencies and suggests measures for enhancing their current capability to effectively fulfil this mandate.

Cyber Operations: A Potent Component of MDO

Nations at War: The DIME Paradigm

All warfare waged by a state is a whole-of-nation endeavour, carried out by leveraging comprehensive national power in all its forms in order to achieve its political objectives. The DIME paradigm, which stands for diplomatic, information, military and economic elements, captures the main elements of comprehensive national power [2]. Conflicts in cyberspace are covered under the information component. Of the four elements, military represents the kinetic element, with the other three being non-kinetic in nature. In current conflict scenarios, the potency and effectiveness of non-kinetic warfare (NKW) has increased considerably, leading military strategists to coin new terms to reflect this evolutionary trend in warfare, such as Hybrid Warfare (US) [3], Unrestricted Warfare (China) [4] and New Generation Warfare (Russia) [5], all of which represent a combination of all kinetic and not-kinetic means of warfare.

Grey Zone Warfare

While hybrid warfare spans the entire spectrum of conflict, grey zone warfare (GZW) may be said to encompass all the means adopted by states in the operational space between peace and all-out conflict to achieve politico-military objectives. In general, non-kinetic operations have greater relevance in the grey zone, while kinetic operations are more effective during all-out conflicts. This is especially true for cyber operations.

Multi-Domain Operations

While the DIME paradigm, NKW and GZW are concepts applicable at the level of a nation state, MDO is purely a military construct. In the five-dimensional battlespace construct referred to above, if the fifth dimension is restricted to cyberspace alone then there appears to be no field of play for two other components of military NKW, namely, electronic warfare and psychological/ cognitive operations. Cyberspace as a term here, therefore, should be understood as encompassing the Electro-Magnetic (EM) and Cognitive domains as well.

It is important to differentiate amongst the three primary components of military NKW: the weapon in the case of EW is EM energy which targets electronics in machines, in cyber operations it is a piece of malicious code targeted against data and software, and in cognitive operations the weapon is the message designed to create effects in human minds [6].

 Cyber Armageddon: Hype or Reality?

National Cyberspace and Critical Information Infrastructure

National cyberspace (or national information infrastructure) may be grouped into two components: critical information infrastructure (CII) and non-critical information infrastructure (NCII). CII have broadly been identified by the Government of India as intranets which fall into six categories, as follows: government (including defence), transport, telecommunications, power & energy, banking & finance, and strategic & public enterprises [7]. Each intranet which makes up these distinct cyberspaces is separately plugged into the logical expanse of global cyberspace (essentially the Internet). Importantly, each such blob needs to be individually protected from attacks launched from anywhere in global cyberspace.

Strategic Cyberattacks

Broadly speaking, cyberattacks may be classified under five heads, namely, cyber-crime, cyber-hactivism, cyber-espionage (strategic or industrial), cyber-terrorism, and cyber-war. Cyberwar here refers to destructive or disruptive cyber-effects carried out by a state in adversary territory either through state owned cyber capabilities such as a cyber command or sponsored through non-state actors to achieve strategic effects. Unlike cyber espionage, these are not passive and hence may be termed as offensive cyber operations. A state’s CII are the natural target of all offensive cyber operations.

Effectiveness of Offensive Operations

In 2010, the Stuxnet attack, carried out purportedly by the US in conjunction with Israel, destroyed 20 percent of Iran’s nuclear centrifuges, causing substantial damage to its nuclear program [8] – the first case of a cyber-attack with strategic effects. In 2015, the Russian attack on Ukraine’s electrical grid disrupted electrical supply to a quarter million citizens for several hours [9] – the first known instance of an attack on critical infrastructure. The 2017 NotPetya malware attack, attributed to Russia, which was directed initially against Ukraine but spilled over across the entire globe, is estimated to have caused damages amounting to 10 billion dollars [10] – considered to be the most devastating cyber-attack till date. The 2021 ransomware attack on the US Colonial Pipeline, which carries 45% of all fuel to the US East Coast, resulted in its shutdown for almost a week, and the President declared a state of emergency in 17 US states [11]. The Russian attack on Viasat’s satellite network in conjunction with the launch of the Ukraine operations impacted tens of thousands of customers located in Ukraine and Europe [12] – a good example of a cyberattack as part of MDO. These examples show that it is feasible to create strategic effects purely through actions in cyberspace.

Cyberattacks on India’s Critical Infrastructure

Notable cyberattacks on India’s critical infrastructure include the attack on Mumbai’s electric grid in Oct 2020 [13]; the targeting of Ladakh’s electrical grid in early 2022 [14], and the ransomware attack on Oil India Limited, also in 2022 [15]. The first two are believed to have originated in China.

Cyber Operations in the Ukraine Conflict

In the Russia-Ukraine conflict, during the build-up phase Russia targeted industries, government and IT organisations by deploying malicious code such as WhisperGate and HermeticWiper [16]. After breakout of hostilities, the attack on Ukraine’s Viasat network disrupted 30,000 modem connections in Ukraine, severely disrupting Ukraine’s military communications. SpaceX’s Starlink network was also briefly disrupted in Mar 2022 [17] and has since been constantly targeted by Russia. In response Ukraine, in an unconventional move, raised an ad-hoc IT Army comprising of several lakh volunteers [18]. The US Cyber Command, UK’s GCHQ, friendly NATO countries such as Estonia, Poland and the Netherlands, as well as western private sector entities such as Microsoft provided substantial support in defending of Ukraine’s cyber assets [19]. However, once operations commenced cyberattacks paled in comparison to the much more destructive kinetic operations [20].

Offensive Cyber Operations Vis-à-vis International Law

Can a responsible state justifiably conduct offensive cyber operations against another state under international law? The answer to this question lies in the notion of jus-ad-bellum, or justified war. Article 2(4) of the UN Charter prohibits the threat or use of force against the territorial integrity of any state. Article 51 recognizes a state’s inherent right to self-defense if an armed attack, sometimes referred to as an act of war, occurs. Cyber operations meeting the threshold of an armed attack would permit victim states to respond with proportionate measures including the use of force. As per the prevailing view, cyber operations may cross the threshold of an armed conflict if they are comparable in effects resulting from traditional kinetic attacks [21].

Two other thresholds, both below the threshold of armed conflict, are relevant when discussing the legal implications of cyberattacks: violation of the principle of non-intervention and violating the sovereignty of a state. The principle of non-intervention prohibits coercive actions by a state in the core functions of another state, such as elections, public administration, or economic stability. Internationally acceptable retaliatory actions for violating this threshold are limited to retorsion measures, which are unfriendly but lawful actions such as restricting diplomatic relations, economic sanctions, or suspending cooperation agreements. The lowest threshold refers to cyber operations which may breach the sovereignty of a state without violating the principle of non-intervention, for instance, by carrying out unauthorized intrusions into another state’s cyber infrastructure. Retorsion measures might be justified on crossing this threshold as well, though opinion amongst states here is divided.

To summarize, cyberattacks which cross the threshold of armed conflict would justify a response both in the kinetic and cyber domains. Conversely, if kinetic actions trigger a response under Article 51, offensive cyber actions would again be justified. Cyberattacks which create effects below this threshold would attract retorsion measures, including responses in cyberspace. Non-attributability of cyberattacks as a complicating factor is also to be dealt with, on lines similar to state-sponsored terrorist attacks.

Offensive cyberattacks (disruptive and destructive physical effects) and cyber espionage are respectively the attack and exploit functions within cyber operations. Notably, while espionage violates the sovereignty of the targeted state, it is widely treated as an acceptable activity.

Offensive Cyber Operations: Nuances across the Spectrum of Conflict

It has been brought out above that beyond the threshold of armed conflict offensive cyber operations by a state would be justified under Article 51 of the UN Charter, independently or in conjunction with kinetic operations, in furtherance of an MDO strategy. Cyberattacks carried out just short of the outbreak of all-out hostilities may also be clubbed under this category.

In the grey zone below this threshold, however, there are other motivations for a state to resort to offensive cyber operations. It could attempt to pre-emptively destroy or degrade the cyberattack infrastructure of adversaries. The persistent engagement/ defend forward strategy of the United States Department of Defence (US DoD) is perhaps driven by this objective [22]. Deterrence-by-retaliation is another cyber strategy, which implies deterring adversary cyber-attacks by way of declaring an offensive-defence strategy and/ or resorting to limited effect cyberattacks for the purpose of signalling. The attacks on the electric grids of Mumbai and Ladakh, purportedly by China, were perhaps an operationalisation of this strategy. Finally, a state might resort to cyberattacks for achieving strategic effects even in the grey zone under certain circumstances, a classic example of this being the Stuxnet attack. The manner in which such disruptive cyber operations in the grey zone should be treated under international law is still largely an open question. Some characterize this state of affairs in cyberspace as akin to the wild west.

Global Powers: Overview of Cyber Capabilities

An overview of the cyberspace capabilities of major world militaries is given out in succeeding paragraphs [23].

United States

The cyber governance architecture adopted by the US achieves synergy amongst the US Cyber Command, the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) under its Department of Homeland Security (DHS). The Cyber Command is tasked with tackling external strategic threats, while the CISA focuses on cyber threats from the perspective of internal security. 13 Cyber Mission Teams of the Cyber Command are meant specifically for the protection of CII. Further, the authority for the conduct of offensive operations in cyberspace appears to be vested solely with the DoD.

United Kingdom

The UK established the National Cyber Security Centre (NCSC) in 2016 under the Government Communication Headquarters (GCHQ), an intelligence agency in support of the Government and Armed Forces, which focuses on cyber-crime. It also raised a National Cyber Force (NCF) in 2020 with a strength of 1000, to be boosted to 3000 by 2030. It is a partnership between the Armed Forces and the GCHQ, with its primary charter being offensive cyber warfare directed against external threats in cyberspace.

China

The raising of the PLA Strategic Support Force by China in 2016 signified the operationalizing of its Integrated Network Electronic Warfare (INEW) and Three Warfares strategies. This transformative reorganisation resulted in integration of not only cyberattack and exploit functions but also of cyber, electronic, and cognitive operations capabilities. In 2024, the PLA SSF was again restructured into three forces, namely, the Cyberspace Force, the Aerospace Force and the Information Support Force, the rationale for which is still being analysed by experts.

Russia

Russia’s GRU, the Main Intelligence Directorate of the Russian military, together with SVR and FSB, has arguably demonstrated the most devastating effects in cyberspace. It has also been fairly well established that the GRU was behind the cyberattack on Ukraine’s electricity grid in 2015, the devastating 2017 NotPetya cyberattack, and the interference in US Presidential elections in 2016, amongst others.

On close analysis of the above cyber governance architectures, it emerges that, over time, there has been an inexorable shift of the offensive cyber mandate from the intelligence agencies to the Armed Forces.

India’s Standing as a Cyber Power

Cyber Governance

In India, the following establishments are tasked with defence of our national cyberspace.

• The National Critical Information Infrastructure Protection Centre (NCIIPC) under the PMO is the national nodal agency for CII Protection. Its charter includes identification of CII, protection strategies and issuance of cyber advisories. However, the responsibility for protecting any component of our CII lies with the agency running it [24].
• The Indian Computer Emergency Response Team (CERT-In) under MeitY issues advisories and responds to cyber incidents. CERT-In and NCIIPC may be viewed as focusing on the NCII and CII respectively.
• The Defence Cyber Agency (DCyA) was established in 2019 for providing cyber operations support to the Indian Armed Forces.
• The Cyber and Information Security Division of the MHA deals with matters relating to cyber security and cyber-crime from an internal security perspective.

The National Cyber Security Coordinator, functioning under the National Security Council Secretariat, coordinates with different agencies at the national level on cyber security matters.

Belfer Cyber Power Index

As per the reputed Belfer Cyber Power Index 2022, China ranks at No 2 in comprehensive cyber power amongst 30 aspiring cyber powers in the world, while India’s ranking is 26. In offensive cyber capability, China is at No 3 and India at No 22. This indicates a wide differential in offensive cyber capabilities between China and India, to our disadvantage [25].

Offensive Cyber Operations: Role of Armed Forces

Broadly speaking, cyber capabilities in various states were initially developed by civilian intelligence organisations (NSA in USA, SVR/ FSB in Russia, GCHQ in the UK, NTRO in India). This is because the extent of the capabilities was limited to covert gathering of cyber intelligence. As cyber operations mature to the point of creating cyber-physical effects of significant magnitude, the mandate for offensive cyber operations seems to be shifting inexorably from civilian intelligence to military organisations. Though a rational transformation, in India there is very little movement in this direction.

In India, offensive cyber operations are still viewed as largely a covert activity, to be carried out under a mantle of plausible deniability, and thus more suited for intelligence rather that military agencies. It is under this assumption that India’s offensive cyber capabilities in the military context are rarely discussed openly. Perhaps another reason is that we lack the confidence in our ability to disrupt/ degrade military targets through cyberattacks.

However, a previous section argues that carrying out cyberattacks against targets of military value as part of a justified war would be acceptable under international law. This is quite logical, given that employment of much more destructive kinetic weapons is justified under such circumstances. Indeed, overt declaration of cyber capabilities and the intent to use them strengthens cyber deterrence.

In the traditional domains of land, sea and air, our Armed Forces are mandated to protect our national sovereignty. However, this mandate does not extend to the cyberspace domain. The Armed Forces charter in cyberspace is restricted to protecting defence cyberspace (not national cyberspace), together with a limited mandate for conducting offensive cyber operations.

In the author’s view, the responsibility for handling the full spectrum of strategic cyber conflicts must be given to the Armed Forces, in line with their role in the physical domains of conflict. More importantly, conducting offensive cyber capabilities against adversary states must be the exclusive domain of the Armed Forces.

That said, at the national level we need to ponder over the ethics of carrying out disruptive cyber-physical attacks against our adversaries in the grey zone, even covertly, as these might be in violation of international law. Even if such operations are undertaken as a national imperative, they are best left to covert agencies. However, this does not preclude the Armed Forces from conducting either cyber intelligence or other covert intrusive actions in cyberspace in the grey zone in preparation for cyber operations which may be undertaken subsequently as part of justified military operations.

Enhancing Offensive Cyber Capability

The following major conclusions may be drawn from the above analysis: offensive actions in cyberspace can facilitate the achieving of politico-military objectives, either independently or as part of MDO; conduct of offensive cyber activities is permissible under international law in a justified war; there is a significant differential in offensive cyber capabilities between India and China in favour of the latter; and the Armed Forces are arguably the most suited agency for conducting offensive operations in cyberspace, in synergy with its operations in the kinetic domains. Therefore, our Armed Forces must strive to enhance their offensive cyber capabilities as an urgent imperative [26].

Desired Capability

During the build-up and conflict stages, our Armed Forces should have integral capability to target adversary critical infrastructure to degrade his combat potential. In addition, we should be able to gather military cyber intelligence throughout the spectrum of conflict. Finally, at the national level, our Armed Forces must deter/ prevent our adversaries from achieving strategic outcomes in and through our national cyberspace. Each of these capabilities requires a highly specialized cyber force of adequate strength.

Current Status

The DCyA is presently the primary Armed Forces establishment for conduct of full spectrum cyber operations, together with establishments integral to respective services. Each Service imparts some form of training for conducting cyber operations. For instance, in the IA the Military College of Telecommunication Engineering (MCTE) trains officers from the Corps of Signals and other arms officers on cyber security and network defence. Civilian expertise is also being tapped by some of our cyber establishments. In the author’s view, these capabilities need to be considerably enhanced. Towards this end, some recommendations are given out below:

• Upgrade DCyA to Cyber Command. The DCyA should be upgraded to a full-fledged Cyber Command on priority, manned by upwards of 5000 cyber experts. Since accretions may not be feasible, this should be achieved through re-structuring.
• Create Offensive Cyber Cadre/ Profiles. The cyber specialists who are posted to the Cyber Command must be captive for the most part. This entails a transformative change in our training and HR policies for achieving the desired levels of specialization. These policies must be framed around cyber profiles for officers and a special cadre/ trade for other ranks.
• Training. The existing centres of excellence for cyber training need to be upgraded and resourced adequately to impart the desired levels of specialized training.

Concluding Remarks                                                                                           

Warfighting in the non-kinetic domains has increased in potency and intensity over the previous two decades. The fact that cyber operations can achieve strategic effects in the information as well as physical domains has been amply demonstrated in recent years. The prevalent view that offensive cyber operations are internationally unacceptable and therefore need to be carried out covertly under the shield of non-attributability is somewhat misplaced. The conduct of such operations against targets of military value as part of MDO in a justified war is perfectly acceptable under international law, and the armed forces are logically the most appropriate agency for conducting these operations.

India’s adversaries, in particular China, have invested significant resources into developing offensive cyber capabilities. As per current assessments, Chinese cyber capabilities are far superior to those of India. It is imperative, therefore, for our Armed Forces to significantly enhance our capabilities. Upgrading the DCyA to a full-fledged Cyber Command, bringing about transformative changes in our training and HR policies and upgrading/ establishing training infrastructure are some of the steps which need to be implemented on high priority.

References

[1]           US DOD Joint Publication 3-12 (R), Cyberspace Operations, 08 Jun 2018, Accessed 14 Jan 2025, pp. 1-2, https://irp.fas.org/doddir/dod/jp3_12.pdf.

[2]           US Joint Chiefs of Staff, Strategy, US Joint Doctrine Note 1-18, 25 Apr 2018, Accessed 14 Jan 2025, https://www.jcs.mil/Portals/36/Documents/Doctrine/jdn_jg/jdn1_18.pdf.

[3]          Hoffman, Frank., Conflict in the 21st Century: The Rise of Hybrid Wars, Arlington, Virginia: Potomac Institute for Policy Studies, Arlington, Virginia, US, 2007, Accessed 05 Jan 2024, https://www.potomacinstitute.org/images/stories/publications/potomac_hybridwar_0108.pdf.

[4]          Liang, Qiao & Xiangsui, Wang, Unrestricted Warfare, Beijing: PLA Literature and Arts Publishing House, Feb 1999, Accessed 14 Jan 2025, https://www.c4i.org/unrestricted.pdf.

[5]           Derleth, James, Russian New Generation Warfare: Deterring and Winning the Tactical Fight, US Army Military Review, Sep-Oct 2020, Accessed 14 Jan 2025, https://www.armyupress.army.mil/Portals/7/military-review/Archives/English/SO-20/Derleth-New-Generation-War-1.pdf.

[6]          Panwar, R. S., Impact of Technology Enabled Cognitive Operations in Hybrid Warfare, Occasional Paper, United Services Institution of India, No. 3, 2024, Accessed 14 Jan 2025, p. 3, https://www.usiofindia.org/pdf/20240912144421.pdf.

[7]          National Critical Information Infrastructure Protection Centre, Wikipedia, Accessed 14 Jan 2025, https://en.wikipedia.org/wiki/National_Critical_Information_Infrastructure_Protection_Centre.

[8]         Kushner, David., The Real Story of Stuxnet, IEEE Spectrum, 26 Feb 2013 (updated 24 May 2024), Accessed 14 Jan 2025, https://spectrum.ieee.org/the-real-story-of-stuxnet.

[9]          Compromise of a power grid in eastern Ukraine, Council on Foreign Relations, Dec 2015, Accessed 14 Jan 2025, https://www.cfr.org/cyber-operations/compromise-power-grid-eastern-ukraine.

[10]           Sean Steinberg et al, NotPetya: A Columbia University Case Study, School of International and Public Affairs, Case Consortium @Columbia, Columbia University, 2021, p. 6, Accessed 14 Jan 2025, https://www.sipa.columbia.edu/sites/default/files/2022-11/NotPetya%20Final.pdf.

[11]          Gonzalez, G; Lefebvre, B; Geller, E., ‘Jugular’ of the U.S. fuel pipeline system shuts down after cyberattack, Politico, 09 May 2021, Accessed 18 Jan 2025, https://www.politico.com/news/2021/05/08/colonial-pipeline-cyber-attack-485984.

[12]          Case Study – Viasat, Cyberpeace Institute, Jun 2022, Accessed 18 Jan 2025, https://cyberconflicts.cyberpeaceinstitute.org/law-and-policy/cases/viasat.

[13]         Vidya, Maharashtra cyber cell submits report on Mumbai power outage, confirms malware attack hit power grid, India Today, 01 Mar 2021, https://www.indiatoday.in/india/story/maharashtra-cyber-cell-mumbai-power-outrage-1774522-2021-03-01.

[14]         Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored  Activity Group, Insikt Group, 06 Apr 2022, Accessed 18 Jan 2025, https://www.recordedfuture.com/research/continued-targeting-of-indian-power-grid-assets.

[15]          Press Trust of India, Oil India suffers cyber-attack, receives Rs 57 crore ransom demand, Business Standard, 14 Apr 2022, Accessed 18 Jan 2025, https://www.business-standard.com/article/companies/oil-india-suffers-cyber-attack-receives-rs-57-crore-ransom-demand-122041301002_1.html.

[16]         Update: Destructive Malware Targeting Organizations in Ukraine, US CISA, 28 Apr 2022, Accessed 18 Jan 2025, https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-057a.

[17]        Howell, Elizabeth., Elon Musk says Russia is ramping up cyberattacks on SpaceX’s Starlink systems in Ukraine, Space.com, 14 Oct 2022, Accessed 18 Jan 2025, https://www.space.com/starlink-russian-cyberattacks-ramp-up-efforts-elon-musk.

[18]        Soesanto, S., The IT Army of Ukraine: Structure, Tasking and Ecosystem, ETHzurich, Jun 2022, Accessed 19 Jan 2025, https://www.research-collection.ethz.ch/handle/20.500.11850/552293.

[19]         Beecroft, Nick, Evaluating the International Support to Ukrainian Cyber Defense, Carnegie Endowment for International Peace, 03 Nov 2022, Accessed 18 Jan 2025, https://carnegieendowment.org/research/2022/11/evaluating-the-international-support-to-ukrainian-cyber-defense?lang=en.

[20]          Mueller, G. B. et al, Cyber Operations during the Russo-Ukrainian War, CSIS, 13 Jul 2023, Accessed 18 Jan 2025, https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war#h2-russian-cyber-operations.

[21]         Schmitt, M. N., Grey Zones in the International Law of Cyberspace, The Yale Journal of International Law Online, Vol 42:2, 18 Oct 2017, p. 7, 13, 15, 21, Accessed 18 Jan 2025, https://ssrn.com/abstract=3180687.

[22]        CYBER 101 – Defend Forward and Persistent Engagement, US Cyber Command, 25 Oct 2022, Accessed 18 Jan 2025, https://www.cybercom.mil/Media/News/Article/3198878/cyber-101-defend-forward-and-persistent-engagement/.

[23]        Panwar, R. S., Cyberspace Governance in India: Transform or Perish Part II: India’s Existing Architecture and Global Practices, 26 May 2020, Accessed 18 Jan 2025, https://futurewars.rspanwar.net/cyberspace-governance-in-india-transform-or-perish-part-ii/.

[24]       National Critical Information Infrastructure Protection Centre, Website, https://nciipc.gov.in/.

[25]        Voo, J., Hemani, I. and Cassidy D., National Cyber Power Index 2022, September 2022, Accessed 18 Jan 2025, https://www.belfercenter.org/sites/default/files/pantheon_files/files/publication/ CyberProject_National%20Cyber%20Power%20Index%202022_v3_220922.pdf.

[26]        Panwar, R. S., Towards an Effective and Viable Information Warfare Structure for the Indian Armed Forces, Journal of the United Service Institution of India, Vol. CXLVIII, No. 612, April-June 2018, Accessed 18 Jan 2025, https://www.usiofindia.org/publication-journal/towards-an-effective-and-viable-information-warfare-structure-for-the-indian-armed-forces.html.