Author: Shailendra Vikram Singh, Director, National Security Country Governance, SAP India & Former Deputy Secretary (Cyber & Information Security), Ministry of Home Affairs
In the age of digitization, cyberwarfare and cyberattacks pose unprecedented threats to national security and public safety, particularly when targeting critical information infrastructure (CII) and protected systems of a country. These attacks, often orchestrated by nation-states or non-state actors from across the border, aim to destabilize a nation’s economic stability, disrupt essential services, and erode public trust. These cyberattacks, when directed against critical systems, go beyond common cybercrime and move into the realm of national security.
While cybercrimes affecting individuals or smaller entities can be handled by local law enforcement agencies (LEAs) under existing laws, the growing complexity of cross-border cyberattacks on critical systems necessitates the creation of a dedicated federal cybercrime investigation agency. Such an agency would have the jurisdictional reach, technical expertise, and authority to investigate and prosecute cyberattacks that threaten the nation’s core systems, ensuring swift action against those who seek to undermine national sovereignty and public safety.
Cyberattacks on Critical Systems: A National Security Threat
Cyberattacks targeting critical systems, such as power grids, financial systems, defense installations, and communication networks, represent a direct threat to national security. When these attacks are launched by state-sponsored actors or organized non-state actors, they can disrupt a nation’s functioning and create instability that extends beyond the digital realm. These attacks are often part of a larger cyberwarfare strategy, aimed at destabilizing a nation by attacking its most vulnerable and vital systems.
In India, the Information Technology (IT) Act, 2000 provides legal provisions under Section 70, which deals with protected systems and critical information infrastructure. However, while the legal framework is robust, the ability to investigate and respond to these attacks remains fragmented, as local law enforcement agencies (LEAs), often lacking technical capabilities and nationwide jurisdiction, are tasked with handling cases that extend beyond their purview.
Why Local Law Enforcement is Insufficient for Cyberwarfare
Local law enforcement agencies are well-equipped to handle public cybercrimes that occur within their jurisdiction, such as identity theft, fraud, and smaller-scale hacking incidents. However, they face significant limitations when it comes to investigating and prosecuting cyberattacks on critical systems that involve cross-border actors or organized cyberwarfare campaigns.
Key challenges faced by local law enforcement include:
- Jurisdictional Constraints: Cyberattacks on critical systems often involve actors operating from outside the country or across multiple states. Local police have limited jurisdiction and may not be able to pursue investigations across state lines or collaborate effectively with international stakeholders.
- Lack of Specialized Expertise: Cyberwarfare requires a highly specialized skill set, including knowledge of cyber forensics, advanced threat intelligence, and network security. Local police often lack the technical expertise necessary to investigate sophisticated cyberattacks targeting critical infrastructure.
- Cross-Border and Organized Attacks: Nation-state actors and organized cybercriminal groups often operate across borders, utilizing encrypted communication, anonymization tools, and complex network structures to evade detection. Local law enforcement lacks the global reach and resources to track these attackers across international borders or engage in cyber diplomacy.
The Case for a Federal Cybercrime Investigation Agency
To address the growing threat of cyberattacks on critical infrastructure, India needs a dedicated federal agency with the authority, expertise, and resources to handle cyberwarfare and cross-border cyberattacks that affect national security. This federal cybercrime investigation agency would complement the existing role of local law enforcement by focusing on high-level cyber incidents that threaten the country’s protected systems.
Key Functions of the Federal Cybercrime Investigation Agency:
- Nationwide Jurisdiction: The federal agency would have jurisdiction across all states in India, allowing it to pursue cyberattacks targeting critical infrastructure wherever they occur. This would eliminate jurisdictional bottlenecks and ensure that attacks on protected systems are investigated comprehensively. It would also have the authority to engage in cross-border cybercrime investigations, working with global partners and international law enforcement agencies such as Interpol and Europol.
- Specialized Expertise in Cyberwarfare: The agency would be staffed with cybersecurity experts capable of investigating sophisticated cyberattacks and cyberwarfare operations. This would include expertise in digital forensics, cyber intelligence, and network analysis, allowing the agency to identify and track nation-state actors and organized non-state groups. It would also collaborate with national intelligence agencies and defense organizations to address cyber threats linked to national security.
- Coordination with Local Law Enforcement: While the federal agency would focus on cyberattacks on critical systems, it would work closely with local law enforcement agencies (LEAs) to ensure coordination in responding to public cybercrime. LEAs would continue to handle everyday cybercrime within their jurisdictions, while the federal agency would step in for high-level cyberwarfare cases. This division of labor would ensure that local law enforcement is not overwhelmed by complex cyberattacks beyond their capabilities while still maintaining the capacity to handle more common cyber offenses.
- Global Collaboration: Cyberwarfare and attacks on critical infrastructure are often international in scope. The federal cybercrime agency would serve as India’s primary point of contact for global cybersecurity collaboration, engaging with international law enforcement agencies and cybersecurity organizations to track cross-border attackers. The agency would also participate in international treaties, agreements, and cyber defense coalitions, sharing threat intelligence and working with global partners to neutralize cyber threats.
- Prosecution as a Deterrent: A core function of the federal agency would be to ensure that cybercriminals are prosecuted under the IT Act and other relevant laws. The agency’s ability to prosecute offenders for cyberattacks on critical systems would serve as a powerful deterrent against future attacks. Visible prosecution of organized cybercriminals and nation-state actors involved in cyberwarfare would reinforce India’s stance on national security and send a message that cyberspace is not a safe haven for hostile actors.
Global Best Practices in Cybercrime Investigation
Several countries have successfully established federal agencies dedicated to investigating and prosecuting cyberattacks on critical infrastructure and national security systems. These agencies provide valuable models for India to consider.
- United States: Federal Bureau of Investigation (FBI)
The FBI’s Cyber Division has nationwide jurisdiction to investigate cyberattacks on critical infrastructure, such as energy grids, defense systems, and communication networks. The FBI collaborates with the Cybersecurity and Infrastructure Security Agency (CISA) and other federal entities to protect the country from cyberwarfare and cross-border cybercrime.
The FBI’s structure allows it to handle high-level cyber incidents, including those involving nation-state actors, while leaving more localized cybercrime to state-level law enforcement agencies. - Australia: Australian Federal Police (AFP) and Australian Cyber Security Centre (ACSC)
The Australian Federal Police (AFP) investigates serious cybercrime, particularly attacks targeting critical infrastructure and national security systems. The AFP works in close partnership with the Australian Cyber Security Centre (ACSC), which provides threat intelligence and coordination.
Australia’s model emphasizes specialized expertise in cybercrime investigations and close collaboration between federal and local authorities, providing an effective framework for protecting critical systems from cyberattacks. - Germany: Federal Office for Information Security (BSI)
Germany’s Federal Office for Information Security (BSI) is responsible for protecting the nation’s critical infrastructure and working closely with federal law enforcement agencies to respond to cyberattacks on national systems. The BSI also coordinates with private sector organizations to ensure cyber resilience across key sectors like energy, defense, and communications.
Conclusion: Strengthening India’s Cybersecurity Framework
The increasing threat of cyberwarfare and cross-border cyberattacks on India’s protected systems demands the establishment of a dedicated federal cybercrime investigation agency. Such an agency would be vital to addressing high-level cyber incidents that threaten national security, public safety, and economic stability.
By leveraging nationwide jurisdiction, specialized expertise, and global collaboration, a federal cybercrime agency could investigate and prosecute nation-state actors and organized cybercriminals who target India’s most critical systems. This would not only enhance India’s cybersecurity posture but also serve as a powerful deterrent to future attacks, ensuring the country’s cyber resilience in an increasingly interconnected world.
The views expressed are solely those of the author and are not affiliated with the organization. The original post can be found here.
