Cyber-security, the space economy & dual-use technology

The threat landscape and India's institutional response

Cyber-security is a GS-3 staple because it sits at the intersection of internal security, economy and technology. India is among the most-targeted nations globally; CERT-In (the Indian Computer Emergency Response Team), established under Section 70B of the Information Technology Act, 2000, is the national nodal agency for incident response. In April 2022 CERT-In issued directions requiring entities to report specified cyber incidents within six hours of detection and to retain logs for 180 days, a high-yield fact for Prelims.

The statutory backbone is the IT Act, 2000 (amended 2008, which inserted Section 66F on cyber-terrorism and Section 43A on data protection). Critical Information Infrastructure (CII)—systems whose incapacitation would debilitate national security—is protected under Section 70, with the National Critical Information Infrastructure Protection Centre (NCIIPC) designated as nodal agency under the National Technical Research Organisation (NTRO).

The coordinating layer

The National Cyber Security Coordinator (NCSC) sits in the National Security Council Secretariat and coordinates across agencies. The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs runs the National Cyber Crime Reporting Portal and the citizen helpline 1930. The Defence Cyber Agency, operational since 2019, handles military cyber operations as a tri-service body.

For data governance, the Digital Personal Data Protection Act, 2023 replaced the Section 43A regime, creating obligations on Data Fiduciaries and a Data Protection Board; its enforcement rules were under finalisation through 2024–25. Candidates must distinguish the DPDP Act (privacy) from CERT-In directions (incident response) and from the NCIIPC mandate (infrastructure).

Dated instances to retain

Name concrete cases in answers. The 2017 WannaCry ransomware affected systems globally including in India. In October 2019, malware (later attributed to North Korea-linked actors) was detected on the administrative network of the Kudankulam Nuclear Power Plant, illustrating CII vulnerability. In October 2020, a grid disturbance in Mumbai prompted scrutiny of possible cyber intrusion into power infrastructure. The AIIMS Delhi ransomware attack of November 2022 crippled hospital services for days, demonstrating healthcare-sector exposure. India's evolving posture is captured in the National Cyber Security Policy, 2013, with a successor National Cyber Security Strategy long anticipated.

The exam rewards the ability to connect supply-chain risk (telecom equipment, the 2021 'trusted source' regime for telecom under the National Security Directive on the Telecommunication Sector) to strategic autonomy. Note also the Telecommunications Act, 2023, which modernised the colonial-era framework and addresses interception and security of networks. A precise answer names the statute, the section and the year—never a vague reference to 'cyber laws'.

From a state monopoly to a commercial ecosystem

The Indian space sector was historically a Department of Space monopoly. The Indian Space Policy, 2023 formalised a structural shift: ISRO concentrates on research and advanced technology; NewSpace India Limited (NSIL), incorporated in 2019, is the commercial arm that owns and operates operational launch vehicles and satellites; and IN-SPACe (Indian National Space Promotion and Authorisation Centre), set up in 2020, is the single-window regulator and authoriser for private players. This three-body division (ISRO–NSIL–IN-SPACe) is frequently tested.

In 2023 the government permitted up to 100% Foreign Direct Investment in segments of the space sector via the automatic route for satellite manufacturing components and through approval routes for launch vehicles. Milestones to cite: Chandrayaan-3 soft-landed near the lunar south pole on 23 August 2023, making India the fourth nation to soft-land and the first near the south pole; Aditya-L1 reached the Sun-Earth L1 point in January 2024; the Gaganyaan human spaceflight programme is targeting a crewed mission, with crew named in 2024. Private firms Skyroot (Vikram-S, 2022) and Agnikul (Agnibaan SOrTeD, 2024) achieved India's first private launches.

Dual-use technology and export controls

Dual-use items have both civilian and military applications—semiconductors, drones, encryption, GNSS, and biotechnology among them. India regulates these through the SCOMET list (Special Chemicals, Organisms, Materials, Equipment and Technologies) administered by the Directorate General of Foreign Trade under the Foreign Trade (Development and Regulation) Act, 1992 and the WMD Act, 2005 (Weapons of Mass Destruction and their Delivery Systems Prohibition of Unlawful Activities Act).

India is a member of three of the four export-control regimes: the Missile Technology Control Regime (MTCR, joined 2016), the Wassenaar Arrangement (2017) and the Australia Group (2018). Membership of the Nuclear Suppliers Group (NSG) remains pending, blocked notably by objections over the Non-Proliferation Treaty. This four-regime tally is a classic Prelims fact.

The strategic-autonomy frame

Dual-use technology connects to the Atmanirbhar Bharat push: the India Semiconductor Mission (2021) and the approval of fabrication units (including the Tata–PSMC fab in Dholera, Gujarat, sanctioned 2024) address chip dependence. Drone policy—the Drone Rules, 2021 and the PLI scheme—treats UAVs as dual-use. For Mains GS-3, frame answers around the triad of commercialisation (economic), security (defence) and regulation (export controls), and avoid treating space and cyber as purely technical subjects. They are instruments of national power, and examiners reward that framing.