As the world evolves, so does the way in which nations choose to arm themselves — for deterrence and aggression. The possession of nuclear weapons has for long been viewed as the apex of military deterrence; India’s identity as a nuclear-armed State was considered a landmark in its military history. Increasingly, however, it is becoming clear that the future of global conflict will be dominated by the use of digital technology. Exponential progress in the digital domain, mainly in the commercial and service sectors — finance, banking, communications, travel and power — has led to the flourishing of myriad technological services. Yet, such progress has also been paralleled by a worrying tendency to weaponize such technology to target the sectors that rely on it. This was evident from a recent report by a cybersecurity firm in the United States of America that indicated that a malware originating in China had infiltrated systems managing India’s electricity supply, causing the power outage that incapacitated Mumbai last October. Indeed, cyberware attacks have been a global phenomenon; in 2017, a Russian ransomware spread like wildfire across the world, eating into electronic equipment, extracting data and temporarily paralyzing large corporations. Some reports estimate that the global financial burden of cybercrime is expected to rise to six trillion dollars by this year.

Significantly, India is the second most targeted country for ransomware after the US. The government is reportedly working closely with multinational cybersecurity firms to issue timely alerts on ransomware and zero-day attack campaigns, and provide updates on trojans and malware targeting Indian users and organizations. Yet, the Indian State remains ever willing to use cyber technology in a manner that violates citizens’ privacy rights. Digital rights advocates have decried the installation of facial recognition systems in several government schools in Delhi; digital identification was also used by the Delhi police to mark out 1,100 people allegedly involved in the Delhi riots. There are, at present, around 16 facial recognition tracking systems being actively used by the Centre and state governments. But legal checks and balances are yet to catch up, thereby rendering the technology vulnerable to misuse. India still does not have a comprehensive personal data protection law. The protection of privacy must be factored into the draft of this legislation at the earliest. This, along with inducements for the private sector to help prevent the weaponization of cyber technologies, can enhance rights and safety for the nation and its citizens in this digital era.