Why cyber power matters for India’s future deterrence

India’s future conflicts are unlikely to begin with visible mobilisation or overt military strikes. Instead, they are more likely to unfold quietly through cyber intrusions that disrupt power grids, paralyse railway networks, compromise military communications and manipulate information flows. In contemporary warfare, cyber operations have become central to deterrence, shaping strategic outcomes well before kinetic force is employed. Yet India’s military cyber posture remains structurally misaligned with this reality.

Although Indian defence planning increasingly acknowledges the concept of multi-domain warfare, cyber power continues to be treated largely as an enabling or supporting function rather than as a decisive operational domain. This institutional imbalance weakens India’s deterrence credibility, particularly against technologically sophisticated adversaries that openly view cyber operations as a means of paralysing an opponent before conventional hostilities commence.

The Ministry of Defence’s declaration of 2025 as the “Year of Reforms” reflected a growing awareness of the need for transformation within the armed forces. However, recognition alone does not generate deterrence. Deterrence rests on the possession of credible, visible and sustainable capability-underpinned by appropriate organisational structures and, critically, by professionally developed military personnel who can operate confidently in the cyber domain. In this respect, India’s current arrangements fall short.

Cyber deterrence and organisational credibility-deterrence traditionally rests on three pillars: Capability, credibility and communication. In cyberspace, signalling intent is relatively straightforward; demonstrating capability is far more complex. Unlike conventional forces, cyber power cannot be credibly projected without deep institutional depth, persistent human expertise and close integration with operational military planning. Effective cyber deterrence depends fundamentally on people. It requires highly trained military cyber professionals with long-term domain immersion, continuous access to adversary networks, rapid development and deployment of offensive tools, and seamless coordination with commanders across land, air and maritime domains. These capabilities cannot be generated through short-term postings or ad hoc tasking. They demand sustained investment in military cyber personnel as a core warfighting community.

India currently manages its military cyber capability through the Defence Cyber Agency, established in 2019. The creation of the agency was an important acknowledgment of cyberspace as a domain of conflict. However, agencies do not generate enduring combat power; military services do. Without independent authority over recruitment, training, career progression and resource allocation, the Defence Cyber Agency remains structurally constrained in its ability to professionalise and retain cyber specialists.

Cyber appointments within the Indian armed forces are still largely rotational. Officers are posted for limited tenures and then returned to parent services just as they begin to acquire operational depth. Promotion incentives continue to privilege traditional command appointments over technical mastery. As a result, hard-earned expertise dissipates, weakening institutional memory and operational readiness.From a deterrence perspective, this model sends an ambiguous signal. Adversaries assess not only stated intent but also organisational seriousness. Where cyber expertise appears transient, fragmented and secondary, sustained offensive capability becomes difficult to maintain-and even harder to signal credibly.

Lessons from International Practice-International military experience underscores that cyber deterrence is inseparable from how armed forces develop and retain specialised personnel. States that treat cyber warfare seriously have moved beyond agency-level arrangements and invested in dedicated structures that cultivate long-term professional expertise.

The United States recognises cyberspace as a full operational domain. US Cyber Command operates with its own personnel pipelines, doctrine and budgetary authority. Military cyber specialists are developed through dedicated career tracks, ensuring continuity, institutional learning and operational maturity. Cyber effects are planned alongside conventional operations, not appended reactively. European powers have followed similar paths.

France’s Cyber Command and Germany’s Cyber and Information Domain Service reflect a recognition that cyber warfare requires uniformed specialists who remain embedded within the military profession, while working closely with civilian technical communities. NATO’s designation of cyberspace as an operational domain further institutionalises cyber expertise across allied forces.

China’s experience is particularly instructive. In 2015, the People’s Liberation Army consolidated cyber, space and electronic warfare into the Strategic Support Force. While this centralisation aimed to improve coordination, it diluted professional focus and slowed operational responsiveness.

In April 2024, China dismantled the SSF and established separate Cyberspace and Aerospace forces-each with distinct leadership, career structures and operational authority. Even a highly centralised system concluded that cyber warfare demands dedicated military professionals, not pooled generalists.

Towards a More Empowered Cyber Structure-In light of these developments, India should consider a calibrated evolution of the Defence Cyber Agency towards a more autonomous and institutionally empowered cyber force, aligned in stature and authority with the Army, Navy and Air Force.

Such a transition need not be viewed as bureaucratic expansion, but rather as a measured structural adjustment aimed at strengthening military professionalism, deterrence credibility and operational coherence in the cyber domain.An empowered cyber force would address persistent deficiencies by placing military personnel development at its core. First, it would assume responsibility for force

generation-recruitment, training, promotion and retention-allowing cyber specialists to pursue full careers within their domain. This would enable expertise to accumulate, mature and be transmitted across generations of officers and enlisted personnel.

Second, such a force would possess doctrinal authority. It could define operational concepts, enforce cyber discipline across military networks and ensure unity of command. In cyberspace, fragmented authority is not merely inefficient; it is a strategic vulnerability.Third, institutional parity would ensure that cyber warfare is consistently represented at the highest levels of defence planning. Without a strong professional constituency, cyber capability risks being subordinated to conventional priorities regardless of rhetorical commitment to multi-domain warfare.

Deterrence ultimately depends on the ability to impose costs. Without military cyber personnel trained, organised and rehearsed for offensive operations-and integrated into war plans-India risks being perceived as a cyber target rather than a cyber power.

Civil-Military Integration: Leveraging India’s Technology Ecosystem-India’s principal advantage in cyberspace lies in its civilian technology ecosystem. However, civilian expertise cannot substitute for professional military cyber forces; it must complement them. Effective deterrence requires a strong military cyber core that can work seamlessly with civilian specialists under clearly defined command relationships.India therefore needs hybrid models that strengthen military cyber personnel while enabling sustained civilian participation. A dedicated cyber recruitment stream with longer tenures, lateral entry for mid-career experts, and a Territorial Army-style National Cyber Guard would allow civilian specialists to augment military capability without undermining command unity.

A specialised Cyber Force pathway, with extended service options for high performers, could further professionalise the force while retaining flexibility. International experience-from NATO cyber reservists to Estonia’s civil-military cyber integration-demonstrates that resilient deterrence rests on close coordination between uniformed professionals and civilian technical experts.

In India’s context, cyber reservists could protect critical national infrastructure-power, banking, telecommunications and transport-during crises, enabling active military cyber units to focus on offensive and battlefield-support roles. This division of labour would reduce vulnerability to grey-zone coercion and enhance overall deterrence.

Integration with Theatre Commands-Institutional empowerment must be matched by operational integration. Cyber forces should be embedded within India’s emerging theatre command structure. Dedicated cyber components under each theatre commander would ensure that cyber effects-disrupting logistics, degrading sensors and blinding communications-are planned alongside kinetic operations.Such integration reinforces deterrence by demonstrating the ability to synchronise cyber and conventional power. It also strengthens military professionalism by ensuring that cyber officers are operational partners, not peripheral advisors.

The Strategic Cost of Delay-Arguments that India cannot afford reform misunderstand both cost and risk. Cyber expenditure already exists, but it is fragmented and often diluted. Consolidation would improve effectiveness without disproportionate increases in spending. The greater danger lies in organisational inertia. Weak career incentives, fragmented authority and overreliance on temporary arrangements signal hesitation. In deterrence, hesitation invites challenge.India stands at a strategic inflection point. Future conflicts will be contested as much in networks and data flows as on physical battlefields. Cyber power can no longer remain peripheral to military planning.

A more empowered cyber force-anchored in strong military personnel development and reinforced through disciplined civil-military coordination-is not an institutional luxury. It is a pragmatic response to modern conflict. Deterrence does not fail for lack of intent; it fails when capability lacks credibility. Closing India’s cyber deterrence gap is therefore urgent, unavoidable and long overdue.

Writer is an International Cyber and Aerospace Security Expert, this article examines India’s evolving cyber deterrence posture through a strategic and institutional lens. Drawing on global military reforms and emerging conflict patterns, it offers policy-relevant insights into building credible, future-ready cyber power; views are personal