BharatNotes Overview
India faces a complex web of non-traditional security challenges that blur the lines between war and peace, state and non-state actors, and physical and cyber domains. Proxy warfare --- particularly Pakistan-sponsored terrorism --- has been a persistent threat since the late 1980s. Hybrid threats have evolved to combine conventional military postures with cyber attacks, information warfare, drone technology, and economic coercion. Online radicalisation has emerged as a new vector for terrorism, with social media enabling recruitment, propaganda, and lone wolf attacks.
The Russia-Ukraine conflict (since 2022) has provided a live case study of modern hybrid warfare, while the proliferation of deepfakes, AI-generated propaganda, and encrypted communications has added new dimensions to these challenges.
For UPSC, proxy war and hybrid threats are frequently asked in GS-III Mains, often linked to cyber security, terrorism financing, and border management.
Proxy War
Concept
| Aspect | Detail |
|---|---|
| Definition | A proxy war is a conflict where a state uses third parties (non-state actors, militant groups, or another state's forces) to fight on its behalf, avoiding direct military confrontation |
| State vs non-state actors | The sponsoring state provides funding, arms, training, intelligence, and safe havens; non-state actors carry out operations |
| Plausible deniability | The key advantage for the sponsoring state is the ability to deny direct involvement |
Pakistan's Proxy War Against India
| Phase | Period | Key Features |
|---|---|---|
| Phase 1: Punjab insurgency | 1980s-1993 | ISI-backed Khalistani militants; arms and training provided through Pakistan; Operation Black Thunder (1988) and police-led counter-insurgency ended the movement by mid-1990s |
| Phase 2: Kashmir insurgency | 1989-present | ISI redirected resources to J&K after Punjab stabilised; infiltration of militants through the LoC; groups like Lashkar-e-Taiba (LeT), Jaish-e-Mohammed (JeM), and Hizbul Mujahideen |
| Phase 3: Internationalised terrorism | 2001-present | 2001 Parliament attack (JeM), 26/11 Mumbai attacks (LeT, 2008); cross-border terrorism combined with international jihadi networks |
| Phase 4: Hybrid proxy war | 2016-present | Combination of physical terrorism with narco-terrorism (drone-dropped drugs and arms along Punjab border), social media radicalisation, and terror financing through cryptocurrency and hawala |
Key Incidents of Pakistan-Sponsored Terrorism
| Incident | Date | Detail |
|---|---|---|
| Parliament attack | 13 December 2001 | JeM and LeT operatives attacked the Indian Parliament; all five attackers killed; triggered Operation Parakram (India-Pakistan military standoff) |
| 26/11 Mumbai attacks | 26 November 2008 | 10 LeT operatives infiltrated from Karachi via sea; 166 people killed; attacked Taj Mahal Hotel, Oberoi, CST station, Nariman House |
| Pathankot airbase attack | 2 January 2016 | JeM operatives attacked the Indian Air Force base |
| Uri attack | 18 September 2016 | JeM fidayeen attacked an Army brigade HQ in Uri; 19 soldiers killed; India responded with "surgical strikes" across the LoC |
| Pulwama attack | 14 February 2019 | JeM suicide bomber killed 40 CRPF personnel on Jammu-Srinagar highway; India responded with the Balakot airstrikes (26 February 2019) |
| Pahalgam attack | 22 April 2025 | Terrorist attack on tourists at Baisaran meadow near Pahalgam, J&K; India launched Operation Sindoor (May 2025) targeting terror infrastructure in Pakistan and PoJK |
For Mains: Pakistan's proxy war strategy has evolved from conventional infiltration to a multi-domain hybrid approach combining physical terrorism, drone-delivered narcotics and arms, social media radicalisation, and terror financing. India's response has progressively escalated from diplomatic protests (pre-2016) to surgical strikes (2016), airstrikes (Balakot 2019), and direct military operations (Operation Sindoor 2025).
Hybrid Warfare
Concept and Characteristics
| Feature | Detail |
|---|---|
| Definition | Hybrid warfare is the blending of conventional military operations with irregular warfare, cyber attacks, information operations, economic coercion, and political subversion --- often below the threshold of traditional war |
| Grey zone tactics | Actions that fall between peace and war; designed to achieve strategic objectives without triggering a conventional military response |
| Attribution challenge | Hybrid operations are designed to be difficult to attribute to a specific state actor |
Components of Hybrid Warfare
| Domain | Examples |
|---|---|
| Military | Use of proxy forces, irregular fighters, private military companies; conventional forces used for coercion or posturing |
| Cyber | State-sponsored cyber attacks on critical infrastructure (power grids, financial systems, government networks); espionage and data theft |
| Information | Propaganda, fake news, social media manipulation, deepfakes; aimed at undermining public trust, social cohesion, and democratic institutions |
| Economic | Sanctions, trade warfare, debt-trap diplomacy, supply chain disruption |
| Political | Election interference, funding of political parties or extremist groups, diplomatic coercion |
| Technological | Weaponised drones, AI-enabled surveillance, GPS spoofing |
Russia-Ukraine Conflict: Lessons for India
| Lesson | Detail |
|---|---|
| Drone warfare | Extensive use of commercial and military drones for surveillance, targeting, and kamikaze attacks; India faces similar drone threats on its western border (narco-drones from Pakistan) |
| Cyber operations | Russia launched massive cyber attacks on Ukrainian infrastructure before and during the invasion; highlights vulnerability of India's critical infrastructure |
| Information warfare | Both sides used social media, deepfakes, and propaganda to shape global narratives; India faces similar challenges with fake news and hostile information operations |
| Supply chain disruption | Sanctions and supply chain disruptions affected global food and energy markets; underscores India's need for self-reliance in defence and critical technologies |
Online Radicalisation
Process and Pathways
| Stage | Description |
|---|---|
| Pre-radicalisation | Individual has personal grievances (perceived injustice, identity crisis, socioeconomic marginalisation) |
| Self-identification | Begins exploring extremist content online; engages with propaganda on social media, messaging apps, and dark web forums |
| Indoctrination | Deep immersion in extremist ideology; online mentors and peer networks reinforce beliefs; echo chambers and algorithm-driven content amplify radical views |
| Action | Individual commits or plans to commit a violent act; may act alone (lone wolf) or join an organised group |
Key Threats in India
| Threat | Detail |
|---|---|
| ISIS recruitment | India has seen cases of individuals being radicalised online by ISIS; over 100 Indians reportedly travelled to Iraq/Syria between 2014 and 2017; NIA has arrested multiple ISIS-inspired cells |
| Social media propaganda | Platforms like Telegram, encrypted messaging apps, and dark web channels used for disseminating extremist content and coordinating operations |
| Al-Qaeda in the Indian Subcontinent (AQIS) | Established in 2014; seeks to recruit from India, Bangladesh, and Myanmar |
| Right-wing and left-wing radicalisation | Online platforms also enable radicalisation across the ideological spectrum --- not limited to jihadi extremism |
Deepfakes and AI-Generated Threats
| Threat | Detail |
|---|---|
| Deepfake videos | AI-generated realistic videos of public figures used to spread disinformation; can incite communal violence or undermine democratic processes |
| AI-generated propaganda | Large language models and image generators can produce convincing propaganda at scale; lowering the technical barrier for extremist content creation |
| Automated recruitment | Chatbots and AI tools can engage potential recruits in personalised radicalisation dialogues |
| Challenge | Detection lags behind generation; current AI detection tools are imperfect and constantly evolving |
Lone Wolf Attacks
Concept
| Aspect | Detail |
|---|---|
| Definition | Violent attacks carried out by individuals acting alone, inspired by extremist ideology but without direct operational guidance from an organised group |
| Motivation | Ideological radicalisation (often online), personal grievances, or psychological factors |
| Examples globally | Christchurch mosque shootings (New Zealand, 2019), Orlando nightclub shooting (US, 2016), Nice truck attack (France, 2016) |
| Detection challenge | Lone wolves are extremely difficult to detect through conventional intelligence methods because they operate outside organisational structures and communication networks |
India's Vulnerability
| Factor | Detail |
|---|---|
| Large digital population | Over 800 million internet users; extensive social media penetration creates a large potential audience for radicalisation |
| Communal tensions | Periodic communal incidents can provide the emotional trigger for lone wolf actions |
| Precedents | Multiple NIA cases have involved individuals self-radicalised through online content, planning attacks without direct organisational links |
| Soft targets | Public spaces, religious sites, tourist destinations, and transport infrastructure are vulnerable to lone wolf attacks |
Information Warfare and Fake News as Security Threats
Dimensions
| Dimension | Detail |
|---|---|
| State-sponsored disinformation | Foreign states use social media bots, troll farms, and deepfakes to spread divisive narratives in India; aim to polarise society and undermine institutions |
| Communal disinformation | Fake news and manipulated images circulated on WhatsApp and social media have triggered mob violence and lynchings |
| Election interference | Fake news campaigns targeting electoral processes; concerns about AI-generated deepfakes during election seasons |
| Cognitive warfare | Systematic efforts to manipulate public perception and decision-making through targeted information operations |
India's Response to Fake News
| Measure | Detail |
|---|---|
| IT Act provisions | Section 69A of the IT Act, 2000 allows blocking of online content; intermediary guidelines (2021) require social media platforms to identify the first originator of messages |
| PIB Fact Check Unit | Government established a fact-check unit under the Press Information Bureau |
| Social media regulation | IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 mandate due diligence by social media platforms |
| Digital Personal Data Protection Act, 2023 | Provides a framework for data protection that indirectly helps address data-driven disinformation |
India's Counter-Radicalisation Framework
Legal Framework
| Law | Role |
|---|---|
| UAPA (Unlawful Activities Prevention Act), 1967 | Primary anti-terror law; amended multiple times (most recently 2019); allows designation of individuals as terrorists; empowers NIA to seize properties of banned organisations |
| UAPA 2019 amendments | Key changes: allows Central Government to designate individuals (not just organisations) as terrorists; NIA empowered to attach properties without prior permission of DGP |
| National Security Act (NSA), 1980 | Allows preventive detention for up to 12 months |
| IT Act, 2000 (Section 66A repealed; Section 69A active) | Government can block online content in the interest of national security |
Institutional Framework
| Body | Role |
|---|---|
| NIA (National Investigation Agency) | India's primary counter-terrorism investigation agency; established after 26/11 (2008); has pan-India jurisdiction |
| CTCR Division | Counter Terrorism and Counter Radicalization Division under MHA; policy formulation, coordination, and implementation |
| Multi-Agency Centre (MAC) | Intelligence-sharing platform operated by the Intelligence Bureau (IB); 24/7 operations for real-time intelligence sharing among central and state agencies |
| NATGRID | National Intelligence Grid; integrates databases of multiple security agencies for pattern analysis and counter-terrorism |
| NCTC (proposed) | National Counter Terrorism Centre; proposed after 26/11 but never established due to state opposition (concerns over federal balance) |
PRAHAAR Policy Framework (2026)
| Feature | Detail |
|---|---|
| Full form | Seven pillars: Prevention, Response, Aggregation of capacities, Human rights and rule of law, Attenuation of radicalisation, Aligning international alignment, Recovery |
| Nature | India's first published comprehensive counter-terrorism policy document (released February 2026) |
| Key features | Integrates intelligence-led prevention, inter-agency coordination, cyber-threat management, counter-radicalisation, and post-attack recovery into a single policy architecture |
| Community engagement | Emphasises engagement with community and religious leaders, moderate voices, and NGOs to counter radicalisation at the grassroots level |
De-Radicalisation Programmes
| Programme | Detail |
|---|---|
| Community engagement | Religious leaders, moderate preachers, and NGOs engaged to spread awareness about consequences of radicalisation |
| Youth engagement | Constructive engagement of youth through education, sports, skill development, and employment programmes |
| Rehabilitation | State-level de-radicalisation programmes (Maharashtra's anti-radicalisation cell; Kerala's counter-radicalisation programme) |
| Surrender and rehabilitation policies | Multiple states have surrender policies for insurgents/militants offering stipends, training, and reintegration support |
For Mains: India's counter-radicalisation approach combines legal measures (UAPA, NIA), institutional mechanisms (MAC, NATGRID), and community engagement. The PRAHAAR policy (2026) represents a shift from a reactive, incident-based approach to a comprehensive, preventive framework. For answer writing, emphasise the need for a "whole-of-society" approach that addresses root causes (socioeconomic marginalisation, identity grievances) alongside security measures.
Operation Sindoor (2025) --- Case Study in India's Evolving Response
| Aspect | Detail |
|---|---|
| Trigger | Pahalgam terror attack (22 April 2025) targeting tourists at Baisaran meadow in J&K |
| Response | India launched Operation Sindoor in May 2025, targeting terror infrastructure in Pakistan and PoJK |
| Significance | Represents a further escalation in India's response ladder --- from diplomatic protests (pre-2016) to surgical strikes (2016), airstrikes (Balakot 2019), to comprehensive military operations |
| Diplomatic context | India framed the operation as a counter-terrorism action against non-state actors; international community's response was mixed |
| Implications | Demonstrates India's willingness to use kinetic force against proxy war infrastructure; raises the escalation calculus for Pakistan-sponsored terrorism |
Narco-Terrorism and Drone Threats
Drug-Terror Nexus
| Aspect | Detail |
|---|---|
| Concept | Narco-terrorism involves the use of drug trafficking to finance terrorist operations; creates a symbiotic relationship between drug cartels and terror groups |
| Pakistan border | Drones from Pakistan drop drugs (heroin, synthetic drugs) and arms along the Punjab and J&K borders; over 300 drone incursions detected in 2023-24 |
| Golden Crescent | Afghanistan-Pakistan-Iran triangle; world's largest opium producer; heroin from this region reaches India via maritime and land routes |
| India's response | Anti-drone systems deployed along the western border; BSF authorised to shoot down drones; laser-based anti-drone systems under procurement |
Weaponised Drones
| Threat | Detail |
|---|---|
| Payload delivery | Commercial drones modified to drop weapons, drugs, and explosives across borders |
| Jammu airbase attack (2021) | Two drones dropped explosives on the IAF station in Jammu --- first drone attack on a military installation in India |
| Counter-measures | Anti-drone dome systems, RF jammers, directed energy weapons, and integrated air defence systems being deployed at critical installations |
Cyber-Enabled Terrorism
| Dimension | Detail |
|---|---|
| Dark web | Encrypted platforms used for arms trade, terror financing, and coordination; difficult to monitor |
| Cryptocurrency | Bitcoin and other cryptocurrencies used for anonymous terror financing; India has been strengthening PMLA provisions to cover virtual digital assets |
| Encrypted communications | End-to-end encryption on platforms like Signal and Telegram complicates intelligence interception; debate over "lawful access" vs privacy |
| Critical infrastructure attacks | Hospitals, power grids, banking systems vulnerable to cyber attacks linked to state-sponsored terror groups; India's CERT-In monitors and responds |
International Cooperation on Counter-Terrorism
| Framework | Detail |
|---|---|
| FATF (Financial Action Task Force) | Global body setting standards against money laundering and terrorist financing; Pakistan was on the FATF Grey List (2018-2022); India uses FATF standards to strengthen its AML/CFT framework |
| UN Counter-Terrorism Committee | India chairs/participates in UN CTC proceedings; advocates for a Comprehensive Convention on International Terrorism (CCIT), proposed by India in 1996 |
| No Money for Terror (NMFT) | India hosted the 3rd NMFT Ministerial Conference in November 2022; focuses on cutting terror financing |
| Bilateral cooperation | India has counter-terrorism cooperation agreements with US, France, UK, Israel, and several other countries; joint exercises, intelligence sharing, and technology transfer |
Mains Previous Year Question Themes
Common UPSC Mains themes on proxy war and hybrid threats:
- "What is hybrid warfare? Discuss the challenges it poses to India's internal security."
- "Discuss the evolving nature of Pakistan-sponsored proxy war against India."
- "Examine the threat of online radicalisation in India. What steps has the government taken?"
- "Discuss the role of social media in radicalisation and suggest counter-measures."
- "What are lone wolf attacks? Why are they difficult to prevent?"
- "Critically examine India's legal framework for counter-terrorism."
- "Discuss the implications of drone technology for India's border security."
Recent Developments (2024–2026)
Pahalgam Attack — Pakistan's Proxy War Doctrine (April 2025)
The Pahalgam terrorist attack (22 April 2025, 26 killed at Baisaran Valley, Anantnag) was carried out by The Resistance Front (TRF) — a shadow outfit of Lashkar-e-Taiba (LeT). India attributed the attack to Pakistan's ISI-directed proxy war strategy, characterising it as a deliberate attempt to: target Hindu pilgrims for communal polarisation; destabilise the post-Article 370 normalisation of J&K; and demonstrate that Pakistan-sponsored terrorism remains operational despite international pressure.
The attack was the deadliest on Indian civilians since the 2008 Mumbai attacks and represented a qualitative escalation in Pakistan's proxy war strategy — targeting tourists in a public meadow rather than security forces, and deliberately communicating the sectarian identity of the victims.
UPSC angle: Pahalgam attack (22 April 2025) as the paradigmatic case of Pakistan's proxy war through TRF/Lashkar-e-Taiba — most important recent development for GS-III proxy war and hybrid threats topic.
Operation Sindoor — India's Response to Proxy War (May 2025)
India's Operation Sindoor (6–7 May 2025) marked a doctrinal shift in responding to proxy war: rather than strategic restraint (post-Mumbai 2008), surgical strikes (post-Uri 2016), or limited airstrikes (post-Pulwama 2019), India struck nine terrorist infrastructure sites deep inside Pakistan's Punjab province (Muridke, Bahawalpur — LeT and JeM headquarters) and PoJK. The operation lasted approximately 23 minutes, using precision guided munitions.
This represents the evolution of India's hybrid response to Pakistan's hybrid war: using conventional military precision strikes against the infrastructure of the non-state proxies, while explicitly avoiding Pakistani military targets to control escalation.
UPSC angle: The doctrinal evolution — non-response (pre-2016) → surgical strikes (2016) → Balakot airstrikes (2019) → Operation Sindoor (2025) — is a critical analytical framework for GS-III proxy war and India's security strategy.
Drone Warfare — Pakistan's Use Against India (May 2025)
During the May 2025 India-Pakistan confrontation, Pakistan deployed multiple waves of drones against Indian border towns and military installations — the first large-scale drone offensive by Pakistan against India. This demonstrated the hybrid warfare dimension of the conflict: drones are cheap, deniable, and asymmetric — a proxy war tool adapted from state-level conflict. India used a combination of air defence systems (electronic jamming, interceptor missiles) and laser-based counter-drone systems to neutralise the Pakistani drones.
UPSC angle: Pakistan's drone offensive (May 2025) as a hybrid warfare tactic — cheap, deniable, asymmetric escalation below the nuclear threshold. India's counter-drone systems (electronic warfare, laser-based systems) are important for GS-III emerging security threats.
China-Pakistan Nexus — Hybrid Threat to India
The 2025 conflict revealed deeper China-Pakistan military coordination: Pakistani Air Force used Chinese-supplied J-10C fighters and Chinese-origin PL-15 air-to-air missiles; Chinese SATCOM was reportedly utilised for coordination; and Chinese diplomatic channels were used to pressure India for a ceasefire. This China-Pakistan hybrid threat — combining Pakistan's proxy war capabilities with Chinese military technology and diplomatic support — represents a qualitatively new security challenge for India on two fronts simultaneously.
UPSC angle: China-Pakistan defence nexus (J-10C fighters, PL-15 missiles, SATCOM support during Sindoor) as a hybrid threat dimension — demonstrates why India's two-front war contingency planning is an enduring strategic requirement.
Key Terms for Quick Revision
| Term | Meaning |
|---|---|
| Proxy war | Conflict where a state uses non-state actors to fight on its behalf; Pakistan-sponsored terrorism in India is the primary example |
| Hybrid warfare | Blending of military, cyber, information, and economic operations below the threshold of conventional war |
| Grey zone | The space between peace and war; hybrid operations are designed to remain in this zone |
| Lone wolf | Individual acting alone, inspired by extremist ideology, without direct organisational guidance |
| Radicalisation | Process by which an individual adopts extreme views and is willing to use violence to achieve ideological goals |
| UAPA | Unlawful Activities (Prevention) Act, 1967; India's primary anti-terror legislation |
| NIA | National Investigation Agency; established 2008 post-26/11; pan-India counter-terrorism jurisdiction |
| MAC | Multi-Agency Centre; IB-operated intelligence-sharing platform |
| NATGRID | National Intelligence Grid; integrates databases of security agencies |
| PRAHAAR | India's comprehensive counter-terrorism policy framework (2026); seven-pillar approach |
| Deepfake | AI-generated synthetic media (video, audio) designed to appear authentic; used for disinformation and propaganda |
| Dark web | Encrypted portion of the internet accessible through special browsers (Tor); used for illegal activities including terror financing and arms trade |
Exam Strategy
For Mains Answer Writing: Questions on proxy war and hybrid threats require a structured approach. Start with the evolving nature of threats (from conventional proxy war to multi-domain hybrid operations), discuss specific examples (Pakistan-sponsored terrorism, Russia-Ukraine lessons), explain India's legal and institutional framework (UAPA, NIA, NATGRID), and conclude with the way forward (PRAHAAR framework, community engagement, AI-based detection). Always distinguish between radicalisation, de-radicalisation, and counter-radicalisation in your answers.
For Prelims: Focus on UAPA (1967, amended 2019), NIA (established 2008), NATGRID (intelligence grid), PRAHAAR (counter-terrorism policy 2026), and the distinction between proxy war and hybrid warfare. Key attack dates: Parliament attack (2001), 26/11 (2008), Uri (September 2016), Pulwama (February 2019), and Pahalgam (April 2025).
For current affairs on security threats, counter-terrorism operations, and policy developments, visit Ujiyari.com.
