Podcast Summary

Risky Bulletin: "Between Three Nerds: India, the Sleeping Cyber Superpower"

Podcast: Risky Bulletin
Host: risky.biz
Episode: Between Three Nerds: India, the Sleeping Cyber Superpower
Date: October 20, 2025
Guests:

Joe Devanny (Senior Lecturer, King's College London, Department of War Studies)

Episode Overview

This episode dives into India's role, capabilities, and strategic posture in the cyber domain, exploring why India, despite vast technological resources and talent, hasn't emerged as a global cyber power in the way China has. Host Tommy Wren, cohost Gruk, and guest expert Joe Devanny discuss India's "latent cyber power," its unique position among so-called "middle ground" countries, its strategic motivations (particularly regarding Pakistan and China), its insular security culture, and the global spyware market emerging from the subcontinent.

Key Discussion Points & Insights

1. Defining the "Middle Ground" in Cyber Statecraft

[01:22-03:41]
- Devanny explains the idea of "middle ground" countries in global cyberpower: they are neither in the liberal "like-minded bloc" (US, UK, EU, Australia) nor the authoritarian (e.g., Russia, China) group. India, Brazil, and South Africa represent leading middle-ground states with unique strategic compulsions.
- "Are you defining a country on the basis of how you perceive it or how that country perceives what it is doing... in and through cyberspace?" — Joe Devanny [03:46]

2. India's Latent Cyber Power & Strategic Focus

[04:30-10:54]
- India has a huge IT services sector, abundant talent, and tech companies—ingredients for cyber power.
- Historically, India's cyber strategy was focused on countering Pakistan. Now, the rising cyber threat from China shapes a new urgency in capability building:
  - "India has a lot of latent potential cyberpower... but it certainly does want to improve on its existing position." — Joe Devanny [05:42]
  - India lacks an expansive vision for projecting cyberpower globally, focusing instead on regional needs and internal capacity.
  - The comparison to China's rapid and comprehensive cyber militarization is stark: where China pursued "hard power," India has taken a slower, more incremental path, reflecting its democratic system and more complex threat environment.

3. India's Military Cyber Capabilities and Secrecy

[10:54-17:00]
- India reportedly has "cyber overmatch" versus Pakistan, stoking a narrative of "cyberpanic" in Pakistani literature.
  - "There is this sense of India as an outsized cyber actor that has more capability, that is more sophisticated, and against which Pakistan struggles to defend itself." — Joe Devanny [11:30]
- Core Indian cyber institutions:
  - NTRO (National Technical Research Organisation): Central civilian cyber agency, born out of weaknesses exposed by Pakistan conflicts 25 years ago.
  - RAW (Research and Analysis Wing): Main intelligence agency, has separate cyber capability.
  - Interservice military efforts have improved, but opacity reigns: "It's just a really difficult question to answer because... it's a known unknown." — Joe Devanny [14:13]
- Indian government is much more secretive about national security/cyber than the US or even the UK, partly due to regional threats.
  - "Indian reporters who cover this beat have a harder job than their counterparts in the US, I think would be fair to say." — Joe Devanny [18:20]

4. Comparing India and China in Cyberpower

[21:42-25:12]
- China conducts global-reaching, risk-tolerant cyber operations; India's activity is less visible, may be more limited, or simply hard to detect from a Western perspective.
  - "China is clearly doing more in more places... it does seem to have more of a risk appetite." — Joe Devanny [22:14]
- Western threat intelligence may have natural blind spots for Indian activity aimed at China, as those targets are not typically monitored by Western companies.

5. Motivations and Trajectories: Why Not an Indian Cyber Rise?

[25:12-29:52]
- China’s strong cyber offensive was driven by the need to close a perceived "cyber gap" with the US; India has lacked that singular, strategy-driven motivation.
  - "I wonder if maybe India just hasn't had that same will because they just didn't have the same set of motivators." — Host [26:48]
- Consensus: India is now likely feeling similar urgency, as the China-India cyber gap grows increasingly consequential to national security.
- However, the region and the practitioners may not see the same visibility: "Maybe there is this capability to hold Chinese infrastructure at threat... But if there is, we don't see it." — Joe Devanny [28:44]

6. The Practice Problem: Skills Require Real Operations

[29:52-32:28]
- To be a true cyber power, you need to "practice." Real operational experience is necessary—skills cannot grow purely in simulations or security research environments.
  - "Cyber capability is not a thing that you develop and then warehouse for the day that you need it. It's a set of skills that people have and they maintain those skills by practice." — Host [29:52]
- India's defensive and intelligence missions drive more real-world activity than offensive military cyber, given the day-to-day nature of those jobs.

7. India as a Hub for Spyware and Cyber Espionage Services

[32:28-35:11]
- India is a global center for cyber espionage/spyware companies (with Israel, Italy, and the US).
- This may be less about statecraft, more the logical outcome of a deep talent pool and vibrant tech ecosystem.
  - "This is private sector sort of innovation, but given that that tells you that there is this latent cyberpower... it clearly would be possible to use that to your advantage as a state." — Joe Devanny [35:00]
- The relationship between the government and private sector cyber capabilities remains opaque.

Notable Quotes & Moments

On "middle ground" countries:
"There's a group of countries that are neither in the like-minded bloc… and at the other end… the authoritarian bloc. Once you defined [those], you're left with most of the countries in the world." — Joe Devanny [02:30]
On India's focus shift from Pakistan to China:
"They can't stop thinking about Pakistan, but… they've been focusing on China. That's very understandable considering… there have been engagements between Indian armed forces and Chinese armed forces. So there is a very direct and obvious reason to take that seriously, including in cyberspace." — Joe Devanny [09:45]
On the lack of Indian cyber visibility:
"It's a known unknown... On the one hand, you could say we lack knowledge about it because there's just not a lot there... But the alternative interpretation is we don't see it because you wouldn't expect to see that sort of activity." — Joe Devanny [14:13]
On practice and operational experience:
"To be a cyberpower, you have to practice. Cyber capability is not a thing that you develop and then warehouse for the day that you need it. It's a set of skills that people have and they maintain those skills by practice." — Host [29:52]
On India's spyware industry and potential:
"This is private sector sort of innovation, but… it clearly would be possible to use that to your advantage as a state. And just the questions there are just about how that would be done, how open it would be, and the answer, I guess, is not very." — Joe Devanny [35:00]

Important Timestamps

[01:22] — Devanny introduces the "middle ground" research concept
[04:30-10:54] — Comparison of India's and China's cyberpower development, India's security focus
[11:24-17:00] — Breakdown of India's cyber institutions, secrecy, and discussion on strategic context
[21:42-25:12] — Contrasting China and India's cyber activity, visibility in global intelligence
[29:52] — Core debate: you can't be a cyberpower if you never "practice"
[33:28-35:11] — India's emergence as a spyware/cyber ESP (espionage as a service) industry leader

Tone & Style

The tone is analytical, direct, and occasionally wry, blending academic insight with the practical skepticism of security professionals. Joe Devanny provides nuanced, research-backed context; the hosts press for operational realities and practical implications. The conversation remains respectful but incisive throughout.

Conclusion

India retains vast, mostly untapped potential as a cyberpower due to its talent pool and technological infrastructure. Strategic caution, institutional secrecy, and different historical motivations have kept it from becoming a global cyber force like China. However, ongoing shifts—primarily driven by the rise of China as a cyber adversary—suggest this may change. India's vibrant private cyber industry may yet be leveraged for state objectives, but for now, ambiguity, secrecy, and regional focus define India's cyber posture.

Podcast Summary

Risky Bulletin: "Between Three Nerds: India, the Sleeping Cyber Superpower"

Podcast: Risky Bulletin
Host: risky.biz
Episode: Between Three Nerds: India, the Sleeping Cyber Superpower
Date: October 20, 2025
Guests:

Joe Devanny (Senior Lecturer, King's College London, Department of War Studies)

Episode Overview

Key Discussion Points & Insights

1. Defining the "Middle Ground" in Cyber Statecraft

[01:22-03:41]
- Devanny explains the idea of "middle ground" countries in global cyberpower: they are neither in the liberal "like-minded bloc" (US, UK, EU, Australia) nor the authoritarian (e.g., Russia, China) group. India, Brazil, and South Africa represent leading middle-ground states with unique strategic compulsions.
- "Are you defining a country on the basis of how you perceive it or how that country perceives what it is doing... in and through cyberspace?" — Joe Devanny [03:46]

2. India's Latent Cyber Power & Strategic Focus

[04:30-10:54]
- India has a huge IT services sector, abundant talent, and tech companies—ingredients for cyber power.
- Historically, India's cyber strategy was focused on countering Pakistan. Now, the rising cyber threat from China shapes a new urgency in capability building:
  - "India has a lot of latent potential cyberpower... but it certainly does want to improve on its existing position." — Joe Devanny [05:42]
  - India lacks an expansive vision for projecting cyberpower globally, focusing instead on regional needs and internal capacity.
  - The comparison to China's rapid and comprehensive cyber militarization is stark: where China pursued "hard power," India has taken a slower, more incremental path, reflecting its democratic system and more complex threat environment.

3. India's Military Cyber Capabilities and Secrecy

[10:54-17:00]
- India reportedly has "cyber overmatch" versus Pakistan, stoking a narrative of "cyberpanic" in Pakistani literature.
  - "There is this sense of India as an outsized cyber actor that has more capability, that is more sophisticated, and against which Pakistan struggles to defend itself." — Joe Devanny [11:30]
- Core Indian cyber institutions:
  - NTRO (National Technical Research Organisation): Central civilian cyber agency, born out of weaknesses exposed by Pakistan conflicts 25 years ago.
  - RAW (Research and Analysis Wing): Main intelligence agency, has separate cyber capability.
  - Interservice military efforts have improved, but opacity reigns: "It's just a really difficult question to answer because... it's a known unknown." — Joe Devanny [14:13]
- Indian government is much more secretive about national security/cyber than the US or even the UK, partly due to regional threats.
  - "Indian reporters who cover this beat have a harder job than their counterparts in the US, I think would be fair to say." — Joe Devanny [18:20]

4. Comparing India and China in Cyberpower

[21:42-25:12]
- China conducts global-reaching, risk-tolerant cyber operations; India's activity is less visible, may be more limited, or simply hard to detect from a Western perspective.
  - "China is clearly doing more in more places... it does seem to have more of a risk appetite." — Joe Devanny [22:14]
- Western threat intelligence may have natural blind spots for Indian activity aimed at China, as those targets are not typically monitored by Western companies.

5. Motivations and Trajectories: Why Not an Indian Cyber Rise?

[25:12-29:52]
- China’s strong cyber offensive was driven by the need to close a perceived "cyber gap" with the US; India has lacked that singular, strategy-driven motivation.
  - "I wonder if maybe India just hasn't had that same will because they just didn't have the same set of motivators." — Host [26:48]
- Consensus: India is now likely feeling similar urgency, as the China-India cyber gap grows increasingly consequential to national security.
- However, the region and the practitioners may not see the same visibility: "Maybe there is this capability to hold Chinese infrastructure at threat... But if there is, we don't see it." — Joe Devanny [28:44]

6. The Practice Problem: Skills Require Real Operations

[29:52-32:28]
- To be a true cyber power, you need to "practice." Real operational experience is necessary—skills cannot grow purely in simulations or security research environments.
  - "Cyber capability is not a thing that you develop and then warehouse for the day that you need it. It's a set of skills that people have and they maintain those skills by practice." — Host [29:52]
- India's defensive and intelligence missions drive more real-world activity than offensive military cyber, given the day-to-day nature of those jobs.

7. India as a Hub for Spyware and Cyber Espionage Services

[32:28-35:11]
- India is a global center for cyber espionage/spyware companies (with Israel, Italy, and the US).
- This may be less about statecraft, more the logical outcome of a deep talent pool and vibrant tech ecosystem.
  - "This is private sector sort of innovation, but given that that tells you that there is this latent cyberpower... it clearly would be possible to use that to your advantage as a state." — Joe Devanny [35:00]
- The relationship between the government and private sector cyber capabilities remains opaque.

Notable Quotes & Moments

On "middle ground" countries:
"There's a group of countries that are neither in the like-minded bloc… and at the other end… the authoritarian bloc. Once you defined [those], you're left with most of the countries in the world." — Joe Devanny [02:30]
On India's focus shift from Pakistan to China:
"They can't stop thinking about Pakistan, but… they've been focusing on China. That's very understandable considering… there have been engagements between Indian armed forces and Chinese armed forces. So there is a very direct and obvious reason to take that seriously, including in cyberspace." — Joe Devanny [09:45]
On the lack of Indian cyber visibility:
"It's a known unknown... On the one hand, you could say we lack knowledge about it because there's just not a lot there... But the alternative interpretation is we don't see it because you wouldn't expect to see that sort of activity." — Joe Devanny [14:13]
On practice and operational experience:
"To be a cyberpower, you have to practice. Cyber capability is not a thing that you develop and then warehouse for the day that you need it. It's a set of skills that people have and they maintain those skills by practice." — Host [29:52]
On India's spyware industry and potential:
"This is private sector sort of innovation, but… it clearly would be possible to use that to your advantage as a state. And just the questions there are just about how that would be done, how open it would be, and the answer, I guess, is not very." — Joe Devanny [35:00]

Important Timestamps

[01:22] — Devanny introduces the "middle ground" research concept
[04:30-10:54] — Comparison of India's and China's cyberpower development, India's security focus
[11:24-17:00] — Breakdown of India's cyber institutions, secrecy, and discussion on strategic context
[21:42-25:12] — Contrasting China and India's cyber activity, visibility in global intelligence
[29:52] — Core debate: you can't be a cyberpower if you never "practice"
[33:28-35:11] — India's emergence as a spyware/cyber ESP (espionage as a service) industry leader

wavePod

Between Three Nerds: India, the sleeping cyber superpower

Summary

Podcast Summary

Risky Bulletin: "Between Three Nerds: India, the Sleeping Cyber Superpower"

Episode Overview

Key Discussion Points & Insights

1. Defining the "Middle Ground" in Cyber Statecraft

2. India's Latent Cyber Power & Strategic Focus

3. India's Military Cyber Capabilities and Secrecy

4. Comparing India and China in Cyberpower

5. Motivations and Trajectories: Why Not an Indian Cyber Rise?

6. The Practice Problem: Skills Require Real Operations

7. India as a Hub for Spyware and Cyber Espionage Services

Notable Quotes & Moments

Important Timestamps

Tone & Style

Conclusion

Summary

Podcast Summary

Risky Bulletin: "Between Three Nerds: India, the Sleeping Cyber Superpower"

Episode Overview

Key Discussion Points & Insights

1. Defining the "Middle Ground" in Cyber Statecraft

2. India's Latent Cyber Power & Strategic Focus

3. India's Military Cyber Capabilities and Secrecy

4. Comparing India and China in Cyberpower

5. Motivations and Trajectories: Why Not an Indian Cyber Rise?

6. The Practice Problem: Skills Require Real Operations

7. India as a Hub for Spyware and Cyber Espionage Services

Notable Quotes & Moments

Important Timestamps

Tone & Style

Conclusion