IT, Cybersecurity & Defence Technology in India

India's Information Technology Sector

1.1 Overview

1.2 Key IT Milestones

Artificial Intelligence (AI) in India

2.1 India AI Mission

2.2 Global Partnership on Artificial Intelligence (GPAI)

Cybersecurity Framework

3.1 Key Institutions

3.2 Key Legislation & Policies

3.3 Digital Personal Data Protection Act (DPDP), 2023

Key distinction: The DPDP Act 2023 introduces the concepts of "Data Fiduciary" (entity that determines purpose and means of processing) and "Data Principal" (individual whose data is processed). Unlike the EU's GDPR, the DPDP Act does NOT include a right to data portability, and it grants broad government exemptions on grounds of national security. For Mains, compare DPDP with GDPR to show analytical depth -- DPDP is simpler and less rights-heavy than GDPR.

Blockchain Technology

5G Rollout in India

India Semiconductor Mission (ISM)

Defence Technology

7.1 Defence Research and Development Organisation (DRDO)

7.2 Key Missile Systems

Remember: India's IGMDP (1983) under Dr. A.P.J. Abdul Kalam originally developed five missiles -- Prithvi (surface-to-surface), Agni (IRBM), Trishul (SAM), Akash (SAM), and NAG (anti-tank). The programme was declared complete in 2008. BrahMos is NOT part of IGMDP -- it is a separate India-Russia joint venture. Agni-V's MIRV capability (tested as Mission Divyastra, 2024) means a single missile can carry multiple warheads targeting different locations -- a key deterrence upgrade.

7.3 Key Defence Platforms

India's Nuclear Programme

8.1 Timeline of Key Events

8.2 Three-Stage Nuclear Programme (Homi Bhabha)

Common Mistake: India's three-stage nuclear programme progresses sequentially -- Stage II (Fast Breeder Reactors) must produce sufficient Uranium-233 from Thorium-232 before Stage III can become operational. India is still in the transition between Stage I and Stage II. The Prototype Fast Breeder Reactor (PFBR) at Kalpakkam is under commissioning. Do not write in exams that India has already operationalised thorium-based reactors -- that is Stage III and remains in R&D.

8.3 India's Nuclear Doctrine

Important for UPSC

Key Themes for Prelims

• IT Act 2000 provisions and 2008 amendment
• DPDP Act 2023 — Data Fiduciary, Data Principal, Data Protection Board
• CERT-In, NCIIPC roles
• Missile ranges and types (Agni series, BrahMos, NAG, Prithvi)
• INS Vikrant specifications
• Pokhran-I (1974) vs Pokhran-II (1998)
• Three-stage nuclear programme
• India Semiconductor Mission
• GPAI founding membership

Key Themes for Mains (GS-III)

• Cybersecurity challenges and India's institutional response
• Role of AI in governance and ethical concerns
• Defence indigenisation (Tejas, Arjun, INS Vikrant) and Atmanirbhar Bharat
• India's nuclear doctrine and civil nuclear cooperation
• 5G and digital infrastructure for economic development
• Semiconductor self-reliance and geopolitical implications

Recent Developments (2024–2026)

India Cybersecurity — Tier 1 ITU Ranking and CERT-In Expansion 2024

India secured Tier 1 status in the International Telecommunication Union (ITU) Global Cybersecurity Index 2024, recognising India's comprehensive cybersecurity architecture spanning legal framework, technical measures, organisational capacity, capacity building, and cooperation. CERT-In conducted 9,700+ security audits of critical infrastructure sectors in FY 2024–25, and trained 12,014 cybersecurity officials across 23 programmes in 2024. CERT-In has empanelled 200 cybersecurity organisations for security and vulnerability audits of critical infrastructure.

Cybercrime cases doubled from 10.29 lakh (2022) to 22.68 lakh (2024), and India witnessed 369 million malware detections across 8.44 million endpoints in 2024, averaging 702 cyber threats per minute. The September 2024 amendment to Allocation of Business Rules clarified India's cybersecurity administration: CERT-In/MeitY handles cybersecurity, MHA handles cybercrime, DoT handles telecom network security, and NSCS provides overall strategic coordination — ending earlier ambiguity.

UPSC angle: India's Tier 1 ITU Cybersecurity Index ranking (2024), CERT-In 9,700+ audits, cybercrime doubling to 22.68 lakh cases, and cybersecurity administrative restructuring (September 2024) are Prelims and Mains GS-3 content.

India IT Sector — $283 Billion Industry, $224 Billion Exports FY25

India's IT industry revenue reached an estimated $283 billion in FY 2024–25, with exports contributing $224 billion (12.48% growth from $199.5 billion in FY24). The sector employs 54 lakh professionals as of FY 2023–24, with non-metro cities (Udaipur, Vizag, Coimbatore, Nagpur) recording 50%+ IT hiring growth in H1 2025. India retained its position as the world's largest IT services exporter, accounting for ~55% of the global IT outsourcing market. AI-augmented services — cloud, cybersecurity, data analytics, generative AI — drove the incremental growth, with NASSCOM estimating AI-led IT revenue at $6–8 billion in FY25.

The Digital India Programme connected 700,000+ villages with broadband connectivity. Internet subscribers reached 969 million and broadband users 944 million by March 2025. India's internet user base of 850 million makes it the world's second-largest, creating massive data generation for AI training while raising digital equity concerns — rural-urban and gender divides in internet access persist.

UPSC angle: IT exports $224 billion FY25, 54 lakh employees, India's >55% global IT outsourcing share, 969 million internet subscribers, and digital divide (rural, gender) are Prelims and Mains GS-3 content.

National Cyber Security Reference Framework (NCRF) — Superseding NCSP 2013

The National Cyber Security Reference Framework (NCRF) was published in 2023, superseding the National Cyber Security Policy (NCSP) of 2013, updating India's cybersecurity approach for the cloud-AI era. The NCRF aligns with NIST Cybersecurity Framework principles: Identify, Protect, Detect, Respond, Recover — providing sector-specific guidance for critical infrastructure (power, banking, telecom, health). The framework applies to 13 Critical Information Infrastructure (CII) sectors identified under the IT Act 2000.

India's proposed Digital India Act (to replace the IT Act 2000, which was enacted when India had only 5.5 million internet users vs 850 million today) remained under consultation as of 2026. The Act would update definitions of cybercrime, create new offence categories (cyberbullying, doxxing, identity theft, impersonation), and regulate AI platforms, social media, and online intermediaries under a unified legal framework. The AIIMS Delhi ransomware attack (November 2022, 5 TB data, 15 days downtime) accelerated government focus on critical infrastructure cybersecurity mandates.

UPSC angle: NCRF (superseding NCSP 2013), Digital India Act (proposed IT Act replacement), AIIMS ransomware attack as critical infrastructure vulnerability case study, and CII sectors are Prelims and Mains GS-3 content.

Vocabulary

Algorithm

• Pronunciation: /ˈæl.ɡə.rɪð.əm/
• Definition: A finite, well-defined sequence of computational steps or instructions designed to solve a specific problem or perform a calculation.
• Origin: From Medieval Latin algorismus, from Arabic al-Khwārizmī, the name of the 9th-century Persian mathematician Muhammad ibn Musa al-Khwarizmi; the spelling shift from -ism to -ithm was influenced by Greek arithmos ("number").

Encryption

• Pronunciation: /ɪnˈkrɪp.ʃən/
• Definition: The process of converting readable data (plaintext) into an unreadable format (ciphertext) using a key or algorithm, so that only authorised parties with the correct decryption key can access the original information.
• Origin: From the verb encrypt, coined in the 1950s in the United States from en- ("in") + Greek kruptos ("hidden"); the noun form encryption first appeared in the 1960s.

Firewall

• Pronunciation: /ˈfaɪ.ər.wɔːl/
• Definition: A network security system that monitors and controls incoming and outgoing network traffic based on configurable security rules, acting as a barrier between a trusted internal network and untrusted external networks.
• Origin: Compound of English fire + wall, originally referring to a fireproof barrier used to prevent the spread of fire in buildings (earliest use in the late 16th century); the computing sense emerged around 1990 as a metaphor for network security.

Key Terms

Artificial Intelligence

• Pronunciation: /ˌɑː.tɪˈfɪʃ.əl ɪnˈtel.ɪ.dʒəns/
• Definition: The science and engineering of creating machines and software systems capable of performing tasks that typically require human intelligence, including learning from data (machine learning), reasoning, problem-solving, perception, and natural language understanding. AI is categorised as Narrow AI (task-specific, e.g., Siri, facial recognition), General AI (human-level across all tasks, not yet achieved), and Super AI (exceeds human intelligence, theoretical). Generative AI (models creating new content -- text, images, code, video) emerged as a transformative force from 2022-2023.
• Context: The term was coined by American computer scientist John McCarthy in 1955 in a proposal for the Dartmouth Summer Research Project, co-authored with Marvin Minsky, Nathaniel Rochester, and Claude Shannon; the 1956 Dartmouth workshop is considered the birth of AI as an academic discipline. India approved the IndiaAI Mission on 7 March 2024 with a budget of Rs 10,371.92 crore over five years, focusing on seven pillars: compute capacity (10,000+ GPUs), innovation centre (indigenous Large Multimodal Models), datasets platform, application development, future skills, startup financing, and safe/trusted AI. India is a founding member of GPAI (Global Partnership on AI, 2020) and served as Lead Chair in 2024, hosting the GPAI Summit in December 2024.
• UPSC Relevance: GS3 (Science & Technology). High-priority current affairs topic. Prelims 2025 included an AI-related question (AI Action Summit in Paris, February 2025). Mains asks about AI in governance (healthcare screening, crop monitoring, fraud detection), ethical concerns (algorithmic bias, accountability gaps, deepfakes, job displacement), India AI Governance Guidelines 2025 (light-touch vs EU AI Act's risk-based approach), and GPAI founding membership. Know the IndiaAI Mission (Rs 10,371.92 crore, 7 pillars) and applications in Indian governance: AI for Pradhan Mantri Fasal Bima Yojana (crop damage assessment), diabetic retinopathy screening in rural PHCs, and AI-based language translation.

Cybersecurity Framework

• Pronunciation: /ˈsaɪ.bə.sɪˌkjʊə.rɪ.ti ˈfreɪm.wɜːk/
• Definition: A structured set of guidelines, standards, and best practices designed to help organisations assess, manage, and reduce cybersecurity risks to their information systems and critical infrastructure. India's cybersecurity framework comprises multiple institutions: CERT-In (nodal agency for incident response, under MeitY), NCIIPC (critical infrastructure protection, under NTRO/PMO), NCSC (National Cyber Security Coordinator, under PMO), and I4C (Indian Cyber Crime Coordination Centre, under MHA) -- supported by legislative instruments including the IT Act 2000 (amended 2008), DPDP Act 2023, and CERT-In Directions 2022.
• Context: The concept was formalised globally when the U.S. NIST published the first Cybersecurity Framework (CSF) in 2014; the current version (CSF 2.0) was released in 2024. India's National Cyber Security Policy was released in 2013 aiming to create 500,000 cybersecurity professionals. Key legislative milestones: IT Act 2000 (primary cyber law, legal recognition for e-commerce and digital signatures), IT Act Amendment 2008 (Section 66A -- struck down by SC in Shreya Singhal v. Union of India, 2015 -- and data protection provisions), CERT-In Directions 2022 (mandated 6-hour incident reporting and VPN provider log retention for 5 years), and the Digital Personal Data Protection (DPDP) Act 2023 (enacted 11 August 2023, introducing Data Fiduciary, Data Principal concepts, and penalties of Rs 50-250 crore).
• UPSC Relevance: GS3 (Internal Security / Science & Technology). Prelims tests India's cyber institutions -- CERT-In (nodal for cyber incidents, under MeitY), NCIIPC (critical infrastructure, under NTRO), DPDP Act 2023 key concepts (Data Fiduciary, Data Principal, Data Protection Board), and the Shreya Singhal case (2015, struck down Section 66A). Mains asks about cybersecurity challenges (ransomware attacks on AIIMS 2022, banking fraud), India's institutional response gaps, critical infrastructure vulnerabilities (power grids, banking, telecom), and the balance between data protection and national security. Compare DPDP Act with EU's GDPR -- DPDP is simpler, lacks data portability rights, and grants broader government exemptions.

Current Affairs Connect

Sources: pib.gov.in (Press Information Bureau), meity.gov.in (Ministry of Electronics & IT), nasscom.in (NASSCOM), drdo.gov.in (DRDO Official), indiannavy.nic.in (Indian Navy), dae.gov.in (Department of Atomic Energy), cert-in.org.in (CERT-In), indiaai.gov.in (India AI), nha.gov.in (National Health Authority), legislative.gov.in (India Code)