India’s Joint Doctrine for Cyberspace Operations: Training Implications

A Watershed Moment

The release of India’s Joint Doctrine for Cyberspace Operations by the Headquarters Integrated Defence Staff (HQ IDS) marks a watershed moment for the Indian Armed Forces. For the first time, India has a unified doctrinal framework that governs how the Army, Navy, and Air Force plan, execute, and coordinate cyber operations.

Previously, each service developed cyber capabilities independently — the Army through the Army Cyber Group, the Navy through its NWIA (Naval Warfare Information and Analysis), and the Air Force through its information warfare units. The Joint Doctrine provides a unified operational framework under the Defence Cyber Agency (DCyA), established in 2018 and headquartered in New Delhi.

The doctrine explicitly positions cyberspace alongside land, sea, air, and space as a domain of warfare — meaning that cyber readiness must now be assessed and validated with the same rigour as conventional military readiness.

Key Pillars of the Doctrine

While the full classified doctrine is not publicly available, the announced framework rests on several pillars with direct training implications:

1. Unified Cyber Operations

The doctrine mandates that cyber operations be planned and executed as joint operations, not service-specific siloed activities. This means cyber teams from the Army, Navy, and Air Force must be able to work together in combined scenarios — sharing intelligence, coordinating defensive actions, and executing offensive operations on shared infrastructure. Training platforms must support multi-team, multi-domain exercises with distinct roles and permissions for each service component.

2. Threat-Informed Planning

The doctrine shifts from reactive cyber defence to proactive, threat-informed operations. Training must therefore incorporate realistic adversary simulation based on actual threat actor TTPs (Tactics, Techniques, and Procedures) relevant to India’s strategic environment. This means automated red team capabilities mapped to MITRE ATT&CK, threat intelligence integration, and scenarios that replicate the operational patterns of state-sponsored threat groups operating in the South Asian theatre.

3. Tri-Service Coordination

A critical operational requirement is the ability to coordinate cyber operations across the three services and the DCyA simultaneously. Joint exercises must simulate realistic command-and-control structures where naval cyber units, army signals units, and air force information warfare cells operate in a shared battlespace with deconfliction requirements. This level of complexity requires a platform that can orchestrate dozens of simultaneous team environments with inter-team communication channels and hierarchical command structures.

4. Integration with Conventional Operations

The doctrine explicitly frames cyber operations as enablers of conventional military operations, not standalone activities. Cyber effects must be synchronized with kinetic operations, electronic warfare, and information operations. Training scenarios must therefore incorporate multi-domain elements — disrupting adversary communications (cyber) while supporting friendly force manoeuvre (conventional), while simultaneously conducting electronic warfare against enemy radar systems.

What This Means for Training Infrastructure

The doctrine creates several concrete requirements for military cyber training infrastructure that did not exist in formal policy before:

• Scale: Training must support battalion-level exercises (100+ simultaneous participants across multiple teams) with realistic enterprise and military network environments, not just individual skill assessments
• Realism: Environments must replicate military-grade networks including tactical communications, satellite links, military-specific protocols, and integrated OT systems (radar, weapons systems, navigation)
• Assessment: Every exercise must produce structured after-action reports with quantitative metrics — detection times, response effectiveness, communication quality, decision accuracy — that feed into readiness assessments
• Classification: The platform must support multiple classification levels on the same infrastructure, with cryptographic isolation between classification domains
• Frequency: The doctrine implies continuous readiness validation, not annual exercises. Training infrastructure must support rapid scenario deployment and iterative skill building

Multi-Domain Training: Cyber + EW + OT

One of the most significant implications of the doctrine is the requirement for multi-domain training that integrates cyber operations with electronic warfare (EW) and operational technology (OT) systems. Modern military operations depend on systems that span all three domains:

• Air defence systems combine radar (EW), fire control computers (OT), and command networks (cyber)
• Naval combat systems integrate sonar, weapons control, and tactical data links across all three domains
• Army battlefield management systems connect tactical radios (EW), artillery fire control (OT), and command-and-control networks (cyber)

Attacking or defending any of these systems requires understanding all three domains simultaneously. A cyber range that supports only IT network scenarios is insufficient for doctrinal training requirements. The platform must be able to simulate the full spectrum — from packet-level network attacks to RF-domain electronic warfare effects to physical-process OT manipulation.

Sovereign Platform Requirements

The doctrine, aligned with India’s Atmanirbhar Bharat (self-reliant India) policy in defence procurement, creates implicit requirements for sovereign training platforms:

• On-premises deployment: Military cyber training platforms cannot rely on foreign cloud infrastructure. All data — exercise scenarios, participant performance, network topologies, and vulnerability information — must reside on sovereign infrastructure
• No foreign telemetry: The platform must operate in fully air-gapped environments with zero call-home behaviour, no licence-server dependencies on foreign infrastructure, and no update channels that could be compromised
• Indian IP ownership: Defence procurement increasingly requires that the intellectual property reside with an Indian entity, ensuring supply chain security and long-term platform availability independent of geopolitical shifts
• Source code access: For classified deployments, the customer must have full source code access and the ability to audit, modify, and extend the platform without vendor dependence

“A nation’s cyber training infrastructure is as strategically critical as its weapons systems. Dependence on foreign platforms for military cyber training is a vulnerability, not a capability.”

Atmanirbhar Bharat in Cybersecurity

The Joint Doctrine accelerates a trend that has been building since 2020: India’s strategic shift towards indigenous cybersecurity capabilities. The defence sector currently relies heavily on foreign platforms for cyber range training — primarily from Israel (CyberBit, Cybexer) and the United States (SimSpace). The doctrine’s emphasis on sovereign operations and the broader policy direction under Atmanirbhar Bharat create a clear mandate for Indian-built alternatives.

For an Indian cyber range platform to meet doctrinal requirements, it must match or exceed what these foreign platforms offer while adding capabilities specific to India’s operational needs:

• Support for joint exercises across Army, Navy, and Air Force simultaneously
• OT/ICS simulation for military-specific systems (not just SCADA)
• Automated adversary simulation calibrated to South Asian threat actors
• Hindi and regional language support for training materials
• Integration with Indian military communication standards
• Full air-gap deployment with no foreign dependencies

Critical Range is purpose-built for this mission — a sovereign, Indian-developed platform that supports multi-domain training (cyber, EW, OT), scales to battalion-level exercises, and deploys fully air-gapped on customer infrastructure. The doctrine does not just describe a requirement; it describes the platform we have been building.