Building India's Cyber Operations Capabilities
A group of leading academics, industry experts, and top government officials from across India convened to discuss the country’s current and future capabilities in the cyber operations domain. The deliberations highlighted emerging threats to critical infrastructure, national capabilities, and the urgent need to establish a dedicated institute to address these challenges.
At present, India does not have a comprehensive program or institute dedicated to the intersection of cybersecurity and critical infrastructure. Current efforts are fragmented and do not collectively address the broader spectrum of cyber operations. In particular, there is no dedicated institutional framework that integrates research, training, and practice in securing critical infrastructure and national security systems. The absence of such a program leaves a significant gap at a time when the threats to cyber-physical systems are becoming increasingly sophisticated and consequential.
The Need for a Dedicated Institute
There is an urgent need for an institute dedicated to cyber operations and critical infrastructure security. Several examples of threats illustrated the importance of such an initiative:
- Open-source information threats: Stuxnet leveraged open-source intelligence; Iran too used open-source data to reconfigure valves, pressuring the West during negotiations
- Critical infrastructure risks: Attacks on electricity distribution systems and windmill farms, or compromise of POS terminals
- UAV monitoring systems: Concerns about drone data exfiltration, where UAVs, though not internet-connected, can be compromised through ground station applications
These cases demonstrate how open-source tools and vulnerabilities in cyber-physical systems can be weaponised against national interests, underscoring the need for a dedicated program.
Courses and Curriculum
Defending effectively in the cyber domain requires first understanding how attacks are carried out. The proposed curriculum would therefore combine rigorous foundational courses with specialised technical training. Core subjects such as compiler construction and network security were identified as essential building blocks for all students.
In addition, advanced courses in reverse engineering (covering hardware, software, embedded devices, radio frequency signals, and integrated circuits) would be central to the program. These would be complemented by training in areas such as penetration testing, security auditing, computer and network operations, and forensics, among others.
Together, this blend of core and specialised courses is intended to equip students for the realities of cyber operations, while also creating opportunities for Ph.D. research tied directly to live problem statements faced by industry and law enforcement.
Program Building and Support Roadmap
The discussion outlined key elements necessary for building and sustaining such a complex, interdisciplinary program.
Funding: The program would need to begin with an initial seed funding, followed by the development of a self-sustaining operational model to ensure long-term viability—encouragingly, government representatives at the discussion expressed strong interest and indicated that securing the initial round of funding would not be a challenge
Capacity Building: The program will focus on building long-term capacity in the field which will involve incentivising high-quality research while also encouraging the translation of research into tangible products and solutions—the program untimately aims to strengthen India’s cybersecurity ecosystem and contribute to the development of deployable technologies for industry, government, and defence applications
Faculty and Leadership: The program requires highly committed faculty, prioritising interdisciplinary expertise, as well as strong development professionals to manage operations
Collaboration: Given that cyber operations are deeply intertwined with physical infrastructure, the program will place particular emphasis on cyber-physical systems—an interdisciplinary approach will ensure that students and researchers gain a holistic understanding of both digital and physical layers of security, enabling solutions that are technically robust and practically relevant
Placement and Career Pathways: Ensuring career pathways for graduates must be non-negotiable—industry or government must commit to guaranteeing placements or a defined period of employment for students completing the program
The Time is Now
No such public-private partnership (PPP) currently exists in India, and gaps persist between legal and technical domains: policymakers often lack technical understanding, while technologists lack familiarity with legal frameworks.
Establishing a Cyber Operations Programme at IIT Bombay would not only fill a critical national gap but also build capacity at the intersection of technology, infrastructure, and security. In the current geopolitical and digital landscape, such a program is both timely and essential.
