Unseen threats: Modern cyberwarfare and the need for evolving laws in Nepal and India

future of cybersecurity
Phot: Pxfuel

The digital revolution has transformed the battlefield, shifting conflicts from physical territories into the vast virtual realm of cyberspace. As our technological capabilities exponentially advance, so too do the menacing threats posed by malicious actors hellbent on exploiting vulnerabilities for nefarious ends – whether driven by geopolitical ambitions, dreams of economic mayhem, or extremist ideological agendas.

What was once dismissed as science fiction fantasy has now crystallised into a frighteningly real prospect: cyberwarfare unleashing devastation with the click of a button, as nations and non-state groups alike wield this terrifying new weapon.

Our antiquated laws governing armed conflict are ill-equipped for this still-nascent domain, forever playing catch-up as the digital frontier rapidly outpaces us. It is time to demystify the intricate complexities underlying modern cyberwarfare while issuing an urgent call for legal evolution – a new framework to counter these unseen yet potentially cataclysmic threats.

The South Asian nations of Nepal and India, the focus cast upon them, provide a regional lens into this global issue of grave importance.

The evolving nature of cyberwarfare

cybercrime in nepal and cybercrime laws online violence digital violence against women

Cyberwarfare has rapidly evolved into a terrifying spectacle of virtual violence and disruption. The traditional concepts of combat lines, battlefields, and legitimised combatants have been rendered obsolete in this new era.

Today’s cyber battles rage across an immense digital expanse, with adversaries unleashing a kaleidoscope of offensive and defensive manoeuvres. The arsenal of cyber weaponry is as varied as it is formidable. Seemingly mundane distributed denial-of-service (DDoS) attacks can overwhelm and cripple a nation’s critical infrastructure, grinding crucial operations to a halt.

More insidious still are the stealthy and sophisticated malware strains designed to silently infiltrate and sabotage systems, detonating catastrophic disruptions from within. The fog of cyberwar has also blurred the once-clear lines delineating state and non-state actors.

No longer are cyber offensives the exclusive domain of national militaries and intelligence agencies. Rogue hacker collectives, terrorist organisations, and even deeply committed individuals now possess the tools to wage digital devastation. This ever-expanding theatre of cyber belligerents poses profound challenges in attributing attacks and enforcing accountability. 

Perhaps no single event has better crystallised the evolving dangers quite like the Stuxnet worm – a cyber weapon of unprecedented sophistication. This digital juggernaut, believed to be a joint creation of American and Israeli forces, was precision-engineered to infiltrate and systematically destroy critical components of Iran’s nuclear programme.

As Stuxnet silently severed centrifuge operations, setting Tehran’s atomic ambitions back years, the world witnessed firsthand how cyberwarfare could inflict tangible, kinetic destruction. The Stuxnet affair underscored that cyber strikes are no longer merely an abstract concept, but a potent reality with sweeping potential consequences.

From crippling a nation’s power grids to hijacking air traffic control systems, the doomsday scenarios are limited only by the malicious imagination. As such, the urgent need for a robust international legal framework to govern these uncharted digital battlegrounds has become abundantly clear. One of the most significant challenges in addressing cyberwarfare lies in the attribution of cyberattacks.

The inherent anonymity and interconnectedness of the internet make it difficult to pinpoint the source of an attack with certainty. Advanced techniques such as IP spoofing, the use of botnets, and the exploitation of zero-day vulnerabilities further complicate the attribution process. This uncertainty raises questions about proportional response and the application of existing laws governing armed conflicts.

Legal frameworks and challenges

judicial independence - judiciary - plea bargaining
Photo by Mohamed Hassan for Pixabay

Our existing laws and principles governing armed conflict were conceived in an era where warfare was waged strictly through conventional means – with clear battlelines, uniformed combatants, and kinetic weapons. The Geneva Conventions and United Nations Charter established crucial humanitarian protections and defined thresholds for self-defence and proportional response.

However, these foundational frameworks are ill-prepared for the entirely new realities ushered in by cyberwarfare. When the rules were written, the concept of ones and zeroes inflicting mass chaos and destruction was still the stuff of science fiction. Today, it is a harsh fact of life as hostile cyber actors compromise systems and infrastructure with disappearing digital traces. Yet there is a nebulous legal grey area surrounding what actually constitutes an “act of cyber war” – a definitional void that obfuscates whether self-defensive digital countermeasures are justified. And if they are, what levels of cyber force can be deemed proportional?

This lawless ether of legal ambiguity allows malicious cyber operations to fester unchecked. Adversaries can potentially cripple power grids, financial systems, and military networks with plausible deniability. Holding them accountable is a jurisdictional Bermuda triangle, as these borderless attacks transcend the terrestrial limitations and nationalistic boundaries on which our current legal system is constructed.

It is a tribulation that underscores the indispensable need for an updated, harmonized international framework tailored specifically to the cyber domain. Unilateral policies and discordant regulations will only further enable destructive actors to exploit the cracks. Confronting the sharp realities of this new battleground will require a unified global coalition reinforced by the strongest cybersecurity strategies and legal deterrents. 

As cyberwarfare continues to evolve, the urgency for adapting and updating legal frameworks becomes increasingly apparent in the South Asian region, particularly in Nepal and India. Both nations have experienced various cyberattacks in recent years, highlighting the need for robust legal frameworks to address these threats effectively. In Nepal, the absence of comprehensive cybersecurity laws and regulations has left the nation vulnerable to cyberattacks.

The existing legal provisions, such as the Electronic Transaction Act and the National Information Technology Center Act, are outdated and insufficient to address the complexities of modern cyber warfare.

Nepal must prioritise the development of a comprehensive legal framework to safeguard its critical infrastructure and protect its citizens from the potential consequences of cyberattacks.  India, on the other hand, has taken steps to address the issue of cyberwarfare through the introduction of the Information Technology Act and the establishment of specialized agencies such as the National Critical Information Infrastructure Protection Centre (NCIIPC) and the Computer Emergency Response Team (CERT-In).

However, these efforts are still in their infancy, and further legislative and regulatory measures are required to keep pace with the rapidly evolving cyber threats. To effectively address the threats posed by cyber warfare in Nepal and India, a comprehensive legal framework should encompass the following key elements, i.e.  to effectively tackle the threats of cyberwarfare in Nepal and India, the comprehensive legal framework must establish clear definitions of what constitutes an act of cyberwar, criteria for invoking self-defence, and thresholds for a proportional response. It should develop mechanisms to improve attribution capabilities, and hold perpetrators accountable through regional cooperation, information sharing, and standardized cyber forensics within South Asia.

Measures regulating the development, proliferation, and export of offensive cyber capabilities alongside confidence-building provisions among regional nations are vital for cyber arms control. Civilian protection through guidelines distinguishing military from civilian targets and rules of engagement is paramount.

Given cyberspace’s transnational nature, regional cooperation through multilateral agreements facilitating information exchange, joint investigations, and coordinated incident response among Nepal, India, and partners is essential. Both countries must invest in cybersecurity capacity by training personnel, developing forensic tools, and robust incident response, safeguarding critical infrastructure from crippling attacks.


The perils of modern cyberwarfare are kaleidoscopic in their complexity, evolving at a perpetual, relentless pace that recognises no borders. As Nepal and India’s critical infrastructure and civilian life become increasingly enmeshed with digital systems, the potential fallout of debilitating cyberattacks grows more calamitous by the day.

The cold reality is that both nations’ existing legal frameworks are woefully outmatched and ill-prepared to confront the unique challenges posed by these unseen, insidious digital battlegrounds. Facing this existential threat is not merely an issue of legal technicalities, but one that strikes at the core national and regional security imperatives of Nepal and India.

Only by establishing definitive standards, improving capabilities to swiftly attribute and isolate attacks, regulating the cyber arms race, implementing civilian safeguards, fostering collaborative regional partnerships, and massively building up cyber defence capacities can these countries hope to create a more secure, stable digital environment resilient to breach. 

Yet this monumental undertaking will require an unprecedented level of multilateral cooperation and coordination among South Asian nations, legal scholars, tech innovators, and policymakers at the highest levels. Failing to muster a unified front against this metastasising threat risks condemning the digital domain to a perpetual state of lawless chaos where hostile actors can wreak havoc uncontested – an untenable scenario that endangers the very foundations modern Nepalese, Indian, and regional society is built upon. 

As Nepal and India chart a course through this cyberwarfare labyrinth, they must strike a careful balance – preserving the openness and freedom that catalyzed the internet’s transformative impacts, while simultaneously safeguarding their people from the myriad dangers lurking in its shadows. Ultimately, fortifying their laws and policies to accurately reflect this new digital reality is the only path to effectively counter and defang the unseen threats insidiously advancing across the global cyber-theatre. Succeeding in this Herculean endeavour is critical to upholding not just regional, but international security and stability in the 21st-century world order.

React to this post

Tharu is a law student at Chakrabarti HaBi Education Academy College of Law, Kathmandu.

More From the Author


New Old Popular