Current Affairs Topics Quiz Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Nasscom calls for strengthening operational, cyber resilience amid evolving West Asia situation

March 09, 2026 5 min read Science & Technology Internal Security GS Paper 3 (Internal Security Science & Technology Economy)
On This Page

What Happened

  • Nasscom — India's apex body for the IT and IT-enabled services (ITeS) industry — issued a formal advisory to member companies urging heightened vigilance and preparedness across business continuity and cybersecurity frameworks in view of the evolving geopolitical situation in West Asia (Middle East).
  • Several IT companies began activating or reviewing Business Continuity Plans (BCPs) for operations linked to affected countries to ensure uninterrupted service delivery.
  • Specific measures recommended include: evaluating alternate routing options for cloud infrastructure and data centres; enforcing multi-factor authentication (MFA) on all external access paths (VPN, RDP, SSH, cloud admin portals); and implementing conditional access controls to counter token-theft and adversary-in-the-middle (AiTM) attacks.
  • The advisory reflects a broader strategic shift in India's IT sector — from reactive to proactive, resilience-first security architecture — as digital ecosystems expand and geopolitical risk becomes a permanent operational variable.
  • At the Nasscom Global Confluence 2026, India's position at the "intersection" of technology priorities (AI, cloud, cybersecurity) was highlighted as a key competitive advantage for global business continuity planning.

Static Topic Bridges

India's cybersecurity governance is anchored in the Information Technology Act, 2000 (IT Act) and regulations issued under it. Key institutional mechanisms include:

  • CERT-In (Indian Computer Emergency Response Team): Established under Section 70B of the IT Act, 2000 as the national agency for cybersecurity incident response, coordination, and prevention. Issues cyber alerts, vulnerability notes, and security guidelines.
  • CERT-In Directions 2022: Mandated all organisations (including IT companies) to report cybersecurity incidents to CERT-In within 6 hours of detection — one of the strictest reporting timelines globally. Also mandated that service providers, data centres, and VPS/cloud providers maintain 5-year logs of ICT system usage.
  • National Cybersecurity Policy 2013: India's primary policy framework (currently being revised into a new NCSP); sets objectives for a secure cyber ecosystem, compliance framework, and indigenous cybersecurity R&D.
  • National Critical Information Infrastructure Protection Centre (NCIIPC): Established under Section 70A of the IT Act; designated as the national nodal agency for protection of Critical Information Infrastructure (CII) — sectors including power, banking, telecom, defence, and IT/ITeS.
  • Personal Data Protection / DPDP Act 2023: Imposes data localisation and security obligations on Data Fiduciaries, relevant to IT companies handling client data.

Connection to this news: Nasscom's advisory operationalises existing legal obligations (CERT-In incident reporting, BCP requirements) while going further to recommend proactive threat-mitigation steps in the face of escalated geopolitical risk.

Business Continuity and Operational Resilience in IT Services

India's IT/ITeS sector — with revenues of approximately USD 254 billion (FY 2024-25) and employing over 5.4 million professionals — is among the world's largest service exporters. A significant portion of revenue comes from clients in geopolitically sensitive regions (Middle East, Europe, USA). Operational resilience — the ability to deliver critical services even during disruptions — is therefore both a business imperative and a national economic security concern.

  • Business Continuity Plan (BCP): A documented plan detailing how an organisation will continue operating during and after a significant disruption. For IT companies, this typically includes data backup/replication, failover systems, alternate delivery centres, and communication protocols.
  • Disaster Recovery (DR): The subset of BCP focused specifically on IT systems — restoring data and applications after an outage. IT companies typically maintain primary and secondary data centres in geographically dispersed locations.
  • ISO 22301: The international standard for Business Continuity Management Systems (BCMS) — widely adopted by Indian IT majors providing services to global clients, who often require ISO 22301 certification as a vendor prerequisite.
  • India's IT companies maintain Global Delivery Centres (GDCs) in multiple countries; West Asia tensions directly affect GDCs and near-shore delivery centres in UAE, Saudi Arabia, and Israel.
  • Multi-Factor Authentication (MFA): An authentication mechanism requiring two or more verification factors; recommended by CERT-In, NIST (USA), and virtually every cybersecurity framework as baseline protection against credential theft attacks.

Connection to this news: Nasscom's advisory to evaluate alternate cloud routing and enforce MFA reflects established operational resilience best practices being elevated to urgent priority in response to geopolitical risk — a convergence of internal security and economic security concerns.

Nasscom and India's IT Industry Governance

Nasscom (National Association of Software and Services Companies) was established in 1988 as an industry advocacy and trade body. It represents approximately 3,000 member companies spanning IT, BPM, engineering R&D, software products, and startups.

  • Nasscom advocates India's IT interests in domestic policy (data protection, GST on digital services, telecom regulations) and international trade negotiations.
  • The "India Technology Sector" report (2025): India's IT exports at ~USD 200 billion; domestic tech market at ~USD 54 billion.
  • Nasscom's FutureSkills platform is a government-industry initiative to reskill IT professionals in emerging technologies (AI, cloud, cybersecurity, data science) under the National Programme on AI (NPAI).
  • India's IT sector contributes approximately 7.5% of GDP and accounts for ~55% of global IT outsourcing market share.
  • Geopolitical risk in IT: Indian IT firms have significant exposure to US, UK, European, and Middle Eastern markets; disruptions (sanctions, conflict, supply chain failures) can affect delivery capabilities and client obligations.

Connection to this news: As the sector's apex body, Nasscom's advisory carries quasi-regulatory weight — most large IT companies treat Nasscom advisories as compliance obligations, making this a significant signal of elevated threat perception across the industry.

Key Facts & Data

  • Nasscom established: 1988; ~3,000 member companies
  • India IT sector revenue: ~USD 254 billion (FY 2024-25)
  • IT sector employment: Over 5.4 million professionals
  • India's share of global IT outsourcing: ~55%
  • IT sector's GDP contribution: ~7.5% of India's GDP
  • CERT-In: Established under Section 70B, IT Act 2000; incident reporting timeline: 6 hours (2022 Directions)
  • NCIIPC: National nodal agency for Critical Information Infrastructure protection (Section 70A, IT Act 2000)
  • CERT-In 2022 Directions: 5-year log retention; mandatory reporting within 6 hours
  • ISO 22301: International standard for Business Continuity Management Systems
  • Key defensive measures recommended: MFA on all external access paths; alternate cloud routing; conditional access controls; BCP activation for West Asia-linked operations