This article has been authored by Richa Jain, a second year student at Dr. Ram Manohar Lohiya National Law University, Lucknow.


A sudden boom in hyperactivity, malicious breaks, and cyber-espionage in Indian cyberspace calls for a profound screening of the critical infrastructure of India.

The recent attacks of Pegasus spyware in India licensed by an Israeli company NSO by hacking smartphones of government officials, journalists, and human rights activists has been outlandish cyber sabotage. In May 2021, a major ransomware attack shut down the operations of the US Colonial Pipeline Company. The key pipeline transports about 45% of diesel and petrol consumed on the east coast of the US. During the pandemic, cybersecurity became a USD one trillion problem issuing global concerns on the twenty-fold increase of such attacks worldwide since 2017.

A nation’s dependence on cyberspace for most of its critical functions is also its vulnerability. Such attacks are the new-age threats with the intrusiveness of attacking the vulnerability of those with weaker cyber defence mechanisms. This article indulges into a structural policy framework involving the need for critical infrastructure, the associated challenges examining the current legal framework and the way forward.

The IBM analysis in ‘X Force Threat Intelligence Index 2021’ exposed India’s debilitated state of critical infrastructure. In 2020 India was the second most targeted country in the Asia-Pacific region with concern to cybercrimes, contributing a 7% share globally in such incidents. According to a Bengaluru based cybersecurity firm Subex, India is one of the top five most cyber-attacked nations in the world.

The onset of coronavirus resulted in the digitalisation of many sectors. Banking sectors gained popularity with both front-end and back-end operations going digital which increased cashless transactions letting hackers perform frequent data breaches and increased the act of stealing. In the cyber realm, the pandemic provided leverage to cyber-attacks majorly in military interventions, manufacturing, financial, and insurance sectors, and organizations involved in the covid-19 vaccine supply chain. Given the increasing number of cyber-attacks, countries like India have to build a robust system for cyber security of businesses and governmental organizations.

Need For Critical Infrastructure

Critical Infrastructure is the body of systems, networks, and assets including a vast network of highways, connecting bridges, railways, buildings, and utilities to maintain normalcy in daily life, security of the nation, its economy, and the public’s health/safety. India has 3rd largest Internet users worldwide yet the defensive measures for the cyber system are still at a nascent stage. In 2020, cyber-attacks increased by almost 300% linking it to an enormous increase in digital activities.

Continued targeted attacks by Chinese state-sponsored actors have been reported by the statutory organization Computer Emergency Response Team (CERT-In).

Most recently, in 2020, the RedEcho group linked to China targeted India’s power sector and railway grids that hit Mumbai and nearby areas. States launch cybercrimes to have geopolitical gains. Nations such as Russia, Iran, China, North Korea are reportedly using such techniques for propaganda attacks, espionage, to target critical infrastructure systems, and to support political and military objectives. These include the massive 2017 WannaCry and NotPetya ransom ware attacks which resulted in the shut-down of 80 NHS organisations in England alone.

India’s policies regarding cybersecurity are haphazardly scattered with ignorant ramifications. The first component involves testing the software and hardware in which MeitY’s