Contents01
Guardians of India’s Maritime Frontiers: Three Indigenous Naval Classes for Combat, Survey and Coastal Defence
Ministry of Defence · Indian Navy · Warship Design Bureau
GS 3GS 2
02
Digital Threat Report 2025–26: AI Asymmetry and Cyber Resilience in India’s BFSI Sector
MeitY · CERT-In · CSIRT-Fin · SISA
GS 3GS 2
Article 01
Article 01
Guardians of India’s Maritime Frontiers: Three Indigenous Naval Classes for Combat, Survey and Coastal Defence
Ministry of Defence · Indian Navy · Warship Design Bureau · July 2026
Relevance: GS 3 (internal security, defence, science & technology, infrastructure) · GS 2 (India’s bilateral relations and maritime diplomacy, SAGAR/MAHASAGAR vision).
GS 3GS 2

Image: INS Mahendragiri (F38), sixth Project 17A Nilgiri-class stealth frigate, commissioned 11 July 2026 at Visakhapatnam. [Replace src with image URL]
Key Data at a Glance
11,098 kmIndia’s coastline guarded by the Indian Navy
2.4 mn km²India’s Exclusive Economic Zone (EEZ)
~90%of India’s trade by volume carried over sea lanes
7 shipsProject 17A Nilgiri-class frigates total (6 commissioned, 1 under construction)
16 craftplanned ASW SWC strength (Arnala 8 + Mahe 8)
89,000 km²area surveyed by Indian hydrographers (2019–24); 96 charts produced
Issue in Brief
- The Indian Navy has inducted four indigenous naval platforms across three new classes within a single month — the fastest commissioning pace in recent naval history.
- The three classes — Nilgiri-class stealth frigates (Project 17A), Sandhayak-class Survey Vessels (Large) and Arnala-class Anti-Submarine Warfare Shallow Water Craft (ASW SWC) — together constitute a layered maritime defence architecture covering surface combat, hydrography and littoral ASW.
- INS Mahendragiri (sixth Project 17A frigate) was commissioned on 11 July 2026 at Visakhapatnam; INS Sanshodhak was the fourth and final Sandhayak-class vessel; INS Agray the fourth Arnala-class craft.
- All platforms embody Aatmanirbhar Bharat in defence, with over 75% indigenous content in the Nilgiri-class and broad MSME network participation across all three programmes.
Static Background — India’s Maritime Strategic Context
- The Indian Ocean Region (IOR) is India’s primary strategic theatre. The SAGAR doctrine (Security and Growth for All in the Region, 2015) and the newer MAHASAGAR vision frame India’s role as a net security provider across the IOR.
- The Warship Design Bureau (WDB) — under the Indian Navy — is India’s apex body for indigenous warship design. The Nilgiri-class represents the WDB’s 100th ship designed and delivered.
- Key shipbuilding agencies: Mazagon Dock Shipbuilders Limited (MDL), Mumbai (public sector; built four Nilgiri-class ships including INS Mahendragiri) and Garden Reach Shipbuilders and Engineers (GRSE), Kolkata (built three Nilgiri-class ships, all four Sandhayak-class vessels, and the Arnala-class in partnership with L&T Shipbuilding). Cochin Shipyard Limited (CSL) is building the parallel Mahe-class.
- Project 17A (Nilgiri-class) succeeds Project 17 (Shivalik-class frigates), incorporating major stealth and survivability upgrades. Estimated programme cost: ₹45,000 crore. All seven ships are named after Indian mountain ranges.
- The National Hydrographic Office (NHO), Dehradun manages India’s nautical charting; the International Hydrographic Organisation (IHO) sets global standards.
- The Arnala-class replaces ageing Abhay-class corvettes; the combined Arnala+Mahe programme targets a total ASW SWC fleet of 16 ships.
Key Dimensions — Nilgiri-Class Stealth Frigates (Project 17A)
- Ships (7): INS Nilgiri (Jan 2025), INS Himgiri, INS Taragiri, INS Udaygiri, INS Dunagiri, INS Mahendragiri (11 Jul 2026) — sixth commissioned; INS Vindhyagiri under construction. INS Mahendragiri is the first Indian naval vessel to carry this name (drawn from the Mahendragiri range, Eastern Ghats).
- Size & displacement: ~149 m length; ~6,670 tonnes. Propulsion: CODOG (Combined Diesel or Gas) — diesel engines for cruising range, gas turbines for high-speed sprints. Maximum speed: 28 knots.
- Stealth features: Reduced radar cross-section (RCS), thermal (infrared) and acoustic signatures — improving survivability in contested environments while enabling offensive operations.
- Armament: BrahMos supersonic surface-to-surface missiles; medium-range surface-to-air missiles (MRSAM); Close-in Weapon Systems (CIWS) for terminal air defence.
- Sensors: Advanced radar suite; hull-mounted sonar (uses sound pulses to detect submarines); naval helicopters for extended ASW and surface surveillance.
- Indigenous content: Over 75%; contributions span a wide network of Indian MSMEs for sub-systems, electronics and structural components.
Key Dimensions — Sandhayak-Class Survey Vessels (Large)
- Ships (4): INS Sandhayak, INS Nirdeshak, INS Ikshak, INS Sanshodhak (fourth and final; recently commissioned). All built by GRSE, Kolkata.
- Size & crew: ~110 m length; ~3,400 tonnes displacement; crew of ~178 personnel.
- Speed & range: Top speed 18+ knots; operational range of 6,500 nautical miles — enabling long-distance missions across the IOR and beyond.
- Survey suite: Multi-beam echo sounders, side-scan sonar and Autonomous Underwater Vehicles (AUVs) for detailed seabed mapping. Accurate nautical charts ensure safe navigation for warships and merchant vessels.
- Secondary roles: Helicopter operations; emergency conversion to a hospital ship; Humanitarian Assistance and Disaster Relief (HADR); search and rescue.
- India’s hydrographers have surveyed 89,000 sq km and produced 96 charts in five years (2019–24), aiding friendly IOR nations and reinforcing India’s standing as a trusted hydrographic partner.
- These vessels directly support India’s Blue Economy — the sustainable use of ocean resources including fisheries, seabed minerals and offshore energy.
Key Dimensions — Arnala-Class ASW Shallow Water Craft
- Ships (8): Arnala, Androth, Anjadip, Amini, Abhay, INS Agray (fourth; recently commissioned), Akshay, Ajay — named after Indian islands. Built by GRSE in partnership with L&T Shipbuilding.
- Size: ~77.6 m length; ~900 tonnes displacement. Compact design essential for littoral operations in waters where larger frigates cannot manoeuvre effectively.
- Propulsion: Waterjet — drives the craft using a high-pressure jet of water rather than a conventional propeller, delivering superior agility and shallow-draft capability in coastal waters.
- Speed: ~25 knots. Weapons: Lightweight torpedoes; anti-submarine rockets to engage submarines below the surface.
- Sensors: Shallow-water sonar; combat management system (CMS) linking all sensors and weapons for integrated response.
- A parallel Mahe-class (8 ships) is under construction at Cochin Shipyard, raising the planned ASW SWC fleet to 16 ships — freeing larger warships for open-ocean blue-water operations.
Critical Analysis — Strengths
- Layered maritime architecture: The three classes collectively cover blue-water surface combat (Nilgiri), maritime domain awareness via hydrography (Sandhayak) and littoral ASW (Arnala) — creating an interlocking, self-reinforcing defensive system that no single class could provide alone.
- Serial production maturity: Simultaneous multi-hull construction across MDL and GRSE demonstrates programme maturity and industrial scaling that India previously struggled to achieve — six Nilgiri-class ships commissioned in ~18 months is a historic pace.
- Aatmanirbhar depth: Over 75% indigenous content in the Nilgiri-class, with broad MSME participation, meaningfully reduces import dependence for high-end platforms — a qualitative shift from the earlier era of extensive foreign refits (e.g., INS Vikramaditya).
- Dual-use soft power: HADR, survey and hospital-ship roles embedded across all three classes extend India’s reach as a security provider and align with SAGAR/MAHASAGAR objectives.
- Strategic signalling: Rapid Nilgiri-class commissioning signals India’s intent to maintain a credible, modern surface fleet amid expanding Chinese naval presence in the IOR.
Critical Analysis — Structural Questions
- Submarine gap: Despite ASW investments at the surface and littoral levels, India’s conventional submarine fleet (~16 ageing platforms) remains numerically insufficient. Project 75I (next-generation submarines) continues to face procurement delays, creating a strategic asymmetry between surface and sub-surface capability.
- Delay legacy: Project 17A frigates originally due from 2022 experienced significant schedule slippage; the recent acceleration is welcome but must be institutionalised into programme management processes rather than treated as an exception.
- Maintenance ecosystem: Indigenous design is necessary but not sufficient. India needs co-developed maintenance ecosystems, spare-parts supply chains and technically trained manpower at scale to sustain complex platforms across their 25–30-year service lives.
- Shipyard capacity bottleneck: MDL and GRSE remain public sector entities with structural constraints in dry-dock availability and workforce. Deeper integration of private yards (L&T Shipbuilding) needs sustained policy support beyond individual partnerships.
- EEZ monitoring gaps: Despite the Sandhayak-class enhancing hydrographic capability, India’s Maritime Domain Awareness (MDA) in the outer EEZ and deep ocean remains dependent on a limited P-8I maritime patrol aircraft fleet and coastal radar chains.
Way Forward
- Prioritise Project 75I: Expedite the procurement of six advanced conventional submarines to close the critical sub-surface gap that surface and littoral platforms cannot compensate for.
- Expand private shipyard capacity: Formally develop L&T Shipbuilding and new entrants under a dedicated Maritime Shipbuilding Policy, moving beyond the MDL–GRSE duopoly for complex warship programmes.
- Deepen Maritime Domain Awareness: Expand the National Maritime Domain Awareness (NMDA) framework, integrate Sandhayak hydrographic data with real-time MDA feeds, and plan additional P-8I acquisitions.
- Defence export diplomacy: Leverage the Nilgiri and Arnala design pedigree for naval exports to friendly IOR nations (Maldives, Sri Lanka, Mauritius) as a concrete expression of MAHASAGAR.
- Performance-Based Logistics (PBL): Mandate PBL contracts alongside each commissioning so maintenance partnerships are built in from Day 1, ensuring long-term operational readiness.
Prelims Pointers
Project 17A (Nilgiri-class): 7 ships; MDL (4) + GRSE (3); ~₹45,000 cr; over 75% indigenous content; CODOG propulsion; named after Indian mountain ranges.
INS Mahendragiri: 6th P17A ship; commissioned 11 July 2026, Visakhapatnam; built by MDL; first Indian vessel with this name (Mahendragiri range, Eastern Ghats); Eastern Fleet.
Warship Design Bureau (WDB): Nodal body for indigenous warship design under the Indian Navy. Nilgiri-class is its 100th ship designed and delivered.
Sandhayak-class: 4 ships; all GRSE; final ship INS Sanshodhak; survey/hydrographic; range 6,500 nautical miles; operates AUVs.
Arnala-class: 8 ASW SWC; GRSE + L&T Shipbuilding; waterjet propulsion; replace Abhay-class corvettes; INS Agray is 4th ship. Mahe-class (8 more) at Cochin Shipyard = total 16.
SAGAR / MAHASAGAR: SAGAR = Security and Growth for All in the Region (2015); India’s IOR maritime doctrine positioning India as net security provider.
CODOG: Combined Diesel or Gas propulsion — diesel for range/economy, gas turbine for high speed. Distinct from COGAG (all gas) and CODAD (all diesel).
Blue Economy: Sustainable use of ocean resources. Sandhayak-class hydrographic surveys are foundational to EEZ management, fisheries and offshore energy planning.
Practice Mains Question
India’s recent indigenisation of complex warship programmes demonstrates both the potential and the limits of Aatmanirbhar Bharat in defence. Critically analyse the achievements and persistent structural gaps in India’s naval indigenisation programme, with reference to the Nilgiri, Sandhayak and Arnala classes.
GS Paper 3 · 250 words · 15 marks
Practice MCQs
Q1. Consider the following statements regarding Project 17A Nilgiri-class frigates:
(1) All seven ships are being built at Mazagon Dock Shipbuilders Limited, Mumbai.
(2) The ships use a CODOG propulsion system combining diesel engines and gas turbines.
(3) INS Mahendragiri is the sixth ship of the class, commissioned in July 2026.
Which of the above is/are correct?
A) 1 and 2 onlyB) 2 and 3 onlyC) 1 and 3 onlyD) 1, 2 and 3
Q2. (Assertion–Reasoning) Assertion (A): Arnala-class anti-submarine warfare craft use waterjet propulsion rather than conventional propellers. Reason (R): Waterjet drives deliver superior agility and shallow-draft manoeuvrability in littoral waters where propeller-driven vessels lose effectiveness.
A) Both A and R are true, and R is the correct explanation of AB) Both A and R are true, but R is NOT the correct explanation of AC) A is true, R is falseD) A is false, R is true
Q3. Match List I (Naval class) with List II (Primary role):
A. Nilgiri-class B. Sandhayak-class C. Arnala-class
1. Hydrographic survey and seabed mapping 2. Shallow-water anti-submarine warfare 3. Stealth surface combat and power projection
Choose the correct match:
A) A-3, B-1, C-2B) A-1, B-2, C-3C) A-2, B-3, C-1D) A-3, B-2, C-1
Article 02
Article 02
Digital Threat Report 2025–26: AI Asymmetry and Cyber Resilience in India’s BFSI Sector
MeitY · CERT-In · CSIRT-Fin · SISA · July 2026
Relevance: GS 3 (internal security, cybersecurity, science & technology) · GS 2 (governance, public-private partnerships, regulatory frameworks, digital India).
GS 3GS 2
Key Data at a Glance
2nd editionDigital Threat Report 2025–26 for BFSI & payments ecosystem
6 of 7prior predictions from 2024–25 edition already fully realised
Years → Weekscompression of threat-to-exploitation timeline
1.6×India BFSI cyberattack rate vs global average (BCG–DSCI study, 2026)
40+ countriesSISA’s global operational footprint in payment ecosystem security
18 monthsaction roadmap: foundational controls → continuous capability → resilient architecture
Issue in Brief
- MeitY, along with CERT-In, CSIRT-Fin and cybersecurity firm SISA, released the second edition of the Digital Threat Report 2025–26 for India’s BFSI (Banking, Financial Services and Insurance) and digital payments ecosystem.
- The report’s central finding: six of seven forward-looking predictions from the 2024–25 edition have already reached full-scale realisation, demonstrating a dramatic compression of the threat-to-exploitation timeline — from years to months or even weeks.
- The defining risk identified is “AI Asymmetry” — offensive AI capabilities are scaling faster than defensive and regulatory mechanisms, enabling low-resource threat actors to execute attacks that previously required specialist teams and significant resources.
- A key analytical contribution is the “Anatomy of Cyber Failure — 4-Layer Gap Archetype Framework”, which reconstructs end-to-end how a modern breach actually unfolds as a chain of compounding systemic weaknesses rather than a single lapse.
Static Background — India’s Cyber Governance Architecture
- CERT-In (Indian Computer Emergency Response Team): Established as the national nodal agency for cybersecurity incident response under the Information Technology (Amendment) Act, 2008. Functions include collection/analysis of cyber incidents, forecasting, emergency response, and issuing guidelines and advisories. DG: Dr. Sanjay Bahl.
- CSIRT-Fin (Computer Security Incident Response Team — Finance): The nodal sectoral CSIRT for India’s financial sector. Manages incidents and coordinates responses across banking, securities markets, insurance and pension funds. Distinct from CERT-In in its sector-specific mandate.
- MeitY (Ministry of Electronics and Information Technology): Apex ministry overseeing India’s digital infrastructure, cybersecurity policy and the IT Act, 2000/2008. Secretary: S. Krishnan.
- SISA: Private cybersecurity firm; global leader in payment ecosystem security; operates in 40+ countries securing 1,000+ organisations through Digital Forensics and Incident Response (DFIR) expertise.
- Key legislation: IT Act, 2000 and IT Amendment Act, 2008 (backbone of cyber law); DPDP Act, 2023 (Digital Personal Data Protection Act, breach disclosure obligations); RBI’s Cybersecurity Framework for Banks (2016); SEBI’s Cyber Security and Cyber Resilience Framework (CSCRF).
- Why BFSI is most critical: India’s financial ecosystem has undergone rapid digitalisation (UPI, digital lending, neo-banking, insurance-tech), making it the single largest surface for cyber exploitation. Cyberattacks on Indian BFSI have roughly doubled since 2021, occurring at 1.6× the global average (BCG–DSCI, 2026).
Key Dimensions — Threat Acceleration
- Predictive accuracy: Six of seven predictions from the 2024–25 edition have fully materialised — validating the DFIR-based forecasting methodology and underlining the urgency of proactive threat intelligence over reactive response.
- The threat-to-exploitation gap has compressed from years → months → weeks, rendering traditional annual review-update-patch cycles structurally inadequate.
- Threats once classified as “emerging” — social engineering, credential theft, supply-chain compromise, cloud exploitation — are now established, mainstream attack vectors across India’s BFSI ecosystem.
- The most damaging attacks no longer “look like” intrusions — they surface as legitimate sessions, approved payments, manipulated workflows or ordinary user behaviour, detectable only after damage is complete.
Key Dimensions — AI Asymmetry: The Defining Risk
- AI Asymmetry describes the condition where offensive AI capabilities (available cheaply to threat actors) are outpacing defensive AI and regulatory frameworks designed to contain them — placing attack tools on a faster development curve than defence.
- Activities once requiring specialist teams and weeks of manual effort can now be executed at machine speed by comparatively low-resource adversaries using frontier AI models.
- Context-aware, AI-generated phishing attacks are now nearly indistinguishable from legitimate communication, making traditional user-awareness training an insufficient primary defence.
- Frontier AI models are demonstrated to run cyberattacks against financial institutions with minimal human supervision — this is an operationally realised threat, not a theoretical future risk.
Key Dimensions — Anatomy of Cyber Failure & Institutional Model
- The “Anatomy of Cyber Failure — 4-Layer Gap Archetype Framework” reconstructs end-to-end how a modern breach actually happens. Its core insight: a breach is rarely a single lapse but a chain of compounding weaknesses across four layers, helping organisations identify recurring patterns and prioritise investments.
- The framework enables a shift from periodic, incident-level security reviews to continuous systemic risk assessment — aligned with global best practice (NIST CSF 2.0, MITRE ATT&CK).
- The report exemplifies a public-private partnership (PPP) model in cyber resilience: government expertise (CERT-In, CSIRT-Fin) combined with private sector operational intelligence (SISA) — a replicable template for other critical sectors.
- The 18-month roadmap structures action in three phases: (i) strengthen foundational controls → (ii) build continuous capabilities → (iii) construct resilient security architectures.
Critical Analysis — Strengths
- The 6/7 prediction realisation rate lends strong credibility to the report’s forecasts and provides a robust empirical basis for forward policy investment.
- The AI Asymmetry framework correctly identifies AI not as a future risk but as a present operational asymmetry demanding immediate regulatory and institutional action.
- The 4-Layer Framework is a sophisticated upgrade from incident-counting approaches; systemic gap analysis enables more effective investment prioritisation.
- The PPP collaboration model (MeitY + CERT-In + CSIRT-Fin + SISA) can serve as a replicable template for energy, telecom, and healthcare cyber resilience.
Critical Analysis — Structural Questions
- The report is advisory, not binding; actual impact depends on RBI, SEBI and IRDAI operationalising recommendations through enforceable compliance mandates — a step the report itself cannot take.
- Mid-sized and smaller BFSI institutions — where BCG–DSCI data shows the highest exposure — may lack the technical capacity and budget to implement the continuous monitoring architectures the roadmap envisions.
- The AI Asymmetry finding highlights a regulatory lag: India’s evolving AI governance framework (India AI Mission) is not yet calibrated to the adversarial AI dimension that cybersecurity demands.
- Supply-chain compromise as an established vector raises concerns about India’s heavy third-party and outsourced IT dependency in BFSI — CERT-In advisories exist but enforcement remains uneven.
- Information sharing, while emphasised, faces competitive and legal barriers; institutions avoid disclosing breaches due to reputational risk, undermining the collective defence model the report advocates.
Way Forward
- Translate recommendations into compliance: RBI, SEBI and IRDAI should issue sector-specific frameworks incorporating the 4-Layer Gap analysis as a mandatory self-assessment tool for all regulated entities.
- Adversarial AI policy track: India AI Mission and MeitY should develop a dedicated policy track on adversarial AI — distinct from general AI governance — focused on detecting and neutralising AI-powered cyber threats.
- Shared SOC model for smaller BFSI: Create a Cyber Resilience Fund or shared Security Operations Centre (SOC) for mid-tier financial institutions that cannot individually afford continuous threat monitoring.
- Mandatory third-party audits: RBI and SEBI frameworks should require vendor cybersecurity audits and supply-chain risk assessments for all regulated entities, closing the most exploited attack vector.
- Safe-harbour for breach disclosure: Legislate safe-harbour provisions for entities that promptly and voluntarily disclose breaches to CSIRT-Fin, removing the reputational deterrent that suppresses threat intelligence sharing.
Prelims Pointers
CERT-In: National nodal cybersecurity agency; designated under IT Amendment Act, 2008 (not original IT Act, 2000); under MeitY. DG: Dr. Sanjay Bahl. Functions: incident response, advisories, forecasting.
CSIRT-Fin: Nodal sectoral CSIRT for India’s financial sector (banking, securities, insurance, pensions). Distinct from CERT-In by sector-specific mandate.
AI Asymmetry: Condition where offensive AI capabilities outpace defensive ones — the defining risk of the 2025–26 Digital Threat Report. Enables low-resource attackers to operate at machine speed.
Digital Threat Report 2025–26: 2nd edition; MeitY + CERT-In + CSIRT-Fin + SISA; draws on DFIR research; central finding: 6/7 prior predictions already realised.
4-Layer Gap Archetype Framework: “Anatomy of Cyber Failure” — reconstructs how breaches unfold as chains of compounding systemic weaknesses, not single lapses.
DPDP Act, 2023: Digital Personal Data Protection Act — India’s primary data protection law; relevant for BFSI breach disclosure obligations to affected parties.
BFSI: Banking, Financial Services and Insurance — India’s most targeted sector; cyberattacks doubled since 2021; occur at 1.6× global average rate.
SISA: Private cybersecurity firm; global payment security leader; 40+ countries; collaborating partner on the report. Provides DFIR (Digital Forensics and Incident Response) expertise.
Practice Mains Question
AI-powered threats are fundamentally altering the cybersecurity landscape for India’s banking and financial services sector. Critically examine the nature of these threats and evaluate the adequacy of India’s existing institutional and regulatory framework to address them.
GS Paper 3 · Internal Security, Science & Technology · 250 words · 15 marks
Practice MCQs
Q1. Consider the following statements regarding CERT-In:
(1) It is the national nodal agency for cybersecurity incident response in India.
(2) It was designated under the Information Technology Act, 2000.
(3) Its functions include issuing guidelines, advisories and vulnerability notes on cyber security.
Which are correct?
A) 1 and 2 onlyB) 1 and 3 onlyC) 2 and 3 onlyD) 1, 2 and 3
Q2. With reference to the Digital Threat Report 2025–26, consider the following statements:
(1) It was released jointly by MeitY, CERT-In, CSIRT-Fin and SISA.
(2) “AI Asymmetry” refers to the condition where defensive AI capabilities outpace offensive ones.
(3) It introduces a “4-Layer Gap Archetype Framework” to analyse how cyber breaches unfold.
Which are correct?
A) 1 and 3 onlyB) 2 and 3 onlyC) 1 and 2 onlyD) 1, 2 and 3
Q3. (Odd-one-out) Which of the following is NOT a function of CSIRT-Fin?
A) Collection and analysis of cyber incident information in the financial sectorB) Issuing guidelines and advisories for financial sector cybersecurityC) Regulating interest rates and liquidity management in commercial banksD) Coordinating cyber incident response across banking, insurance and pension entities