One doesn’t have to be a cybersecurity expert to experience the positive impact of digital public infrastructure in India.
From hard-to-reach villages to marginalised communities in our cities using UPI, and from millions of students accessing tutorials online to large-scale Aadhaar integrations, digital services have shifted from being a convenience to a necessity. But what often gets left out of the headlines is that the infrastructure holding all of it together is far more fragile than we think.
A lot of conversations and discussions today focus on India’s digital backend, whether it’s domain management, internet routing, or secure browsing protocols. There is a growing consensus that while we’ve built impressive reach, we’re still playing catch-up when it comes to resilience.
When people hear the word “cybersecurity,” their minds often jump to personal passwords or antivirus software. But the reality runs much deeper. We’re talking about domain spoofing that mimics government or trusted websites to steal user information, DNS hijacks that silently reroute traffic to malicious destinations, and DDoS attacks—where a flood of traffic overwhelms a site or network, bringing it down within minutes.
Worse part is, many of these threats operate silently for long stretches in the background until they cause real damage. Our daily lives are now so deeply connected to digital systems, even a short disruption can have a massive ripple effect.
Our challenge is unlike that of any other country. We have scale, diversity, and ambition. These are three things that make standard solutions fall short. It’s not enough to plug in a foreign cybersecurity product and hope for the best. Our internet architecture, including how traffic flows locally or internationally, has to be looked at from the ground up.
That means building secure domain registration systems with verified identities. It means rethinking our dependence on foreign HTTPS certificates, which currently hold the keys to our online encryption. And yes, it means hosting more of our DNS and routing infrastructure within the country so that our data doesn’t bounce halfway around the world before reaching a local destination.
One of the smarter moves in recent years has been encouraging local Internet Exchange Points (IXPs). This helps route Indian internet traffic within India, cutting down on both delays and exposure. Add to those systems like RPKI (Resource Public Key Infrastructure) — a technical framework to secure internet routing. We have already started to see a stronger backbone formation nowadays but there is still more to be done.
Talking about building a national web browser. Honestly, it’s overdue. Relying on browsers that route through foreign servers or follow foreign policies has its risks, especially in times of global tension. A browser built here, for Indian use cases, offers more control over what data leaves the country, and what stays protected.
Digital safety is not just technical. It is also about policy, governance and national strategy rolled into one. Mandates like the RBI pushing banks to shift to exclusive .bank.in zones may seem bureaucratic at first glance, but actually it caters to real-world problems such as reducing phishing risk and fraud. Similarly, the Data Protection law might seem slow in rollout, but it’s the legal armour and we all will need it when global data misuse hits home.
The real progress will come when private players, ISPs, ministries, and tech platforms stop working in silos and start building toward a common goal and create an internet which is holistically safe, not patched together after each new breach.
At the heart of all this, though, are people. Users who don’t always understand the risks. Policymakers who might not grasp the tech and small businesses that just want to operate without being scammed online. Therefore, cyber safety has to be built with all of them in mind, not just the engineers.
Training law enforcement to handle cybercrime, offering capacity-building for regional ISPs, running awareness programs in local languages. These might not sound like headline-grabbing moves, but they will have the biggest long-term impact.
Making a “Cyber Safe Bharat” is not about one platform, policy, or a protocol. It’s about weaving our safety into the DNA of how we connect, communicate, and grow online. We’ve come a long way in building digital access and now it’s time to build digital trust.
(The author is CEO of NIXI (National Internet Exchange of India); Views expressed are personal)
