Indo-Bhutan Cyber Diplomacy and Regime Formation

Sreemoyee Sarkar |

Faculty of History at National University of Study and Research in Law, Ranchi, Jharkhand.

This article is in continuation of my previous article on Indo-Nepal Cyber Diplomacy and Regime Formation, published by Political Reflection Magazine (Sarkar, 2021: 23). The previous article dealt with how and why the notion of Indo-Nepal Cyber Diplomacy is important and recognised the scope of a regime formation, befitting the call of the time. The present article will focus on the development of Indo-Bhutan Cyber Diplomacy and the scope of a coherent cyberspace regime formation between India and Bhutan. It would also try to concentrate on why a cyber regime formation among the SAARC countries are relevant to both legal discourse and International Relations, which has been enduring incredible advances due to the revolution in Information and Communication Technology (ICT), fundamentally reshaping the conduct of the existing world order.

The Treaty of Westphalia, signed in 1648, helped in creating the modern system of state sovereignty. It effectively cemented the territorial integrity and legal equality of all nation-states and prohibited the interference of one state into the internal affairs of another. However, as Internet technology spread around the globe, it has offered incredible access to information around the world (Rosenzweig, 2018). Katherine Maher (2013) has noted “the internet’s laissez-faire culture of privacy, anonymity, and free expression inevitably come into conflict with military priorities of security and protocol.” Hence the “non-state actors in cyberspace have begun a challenge to the hegemony of nation-states that have been the foundation for international relations since the Peace of Westphalia.” (Rosenzweig, 2018). Furthermore, decolonisation, the cold war and globalisation have also redefined the idea of sovereignty, reshaping the existing World Order and transnationalism vis-à-vis gross ‘internet penetration’. The ‘Internet’ devalues territory and, in doing so, also undermines state actors, which were instrumental in the formation of the territorial state, culminating in the Peace of Westphalia (Mansbach, EOLSS). The ‘worldwide web’ has remained a crucial factor in understanding the erosion of the state today, as it has contributed to deterritorialisation. Barlow (1996) stated “Governments of the Industrial World … “You have no sovereignty where we gather. … Cyberspace does not lie within your borders.” The normative implications of this process are the growing impediments to the functional democracies, contributing to the newer ways of defining political space and organising for political ends of the stake-holding managements, manifested through different bilateral, trilateral and various multi-layered diplomatic response strategies.

Ever since ICT has become the key for the government organisation, business houses and individuals of both developed and developing countries facilitating e-Government services, e.g., online filing of tax returns, and visa applications; online businesses, e.g., buying online goods and e-commerce products and services; banking and finance services, e.g., paying utility bills and checking account details; e-learning, e.g., online courses and distance learning, and effective and efficient management of critical infrastructure, e.g., energy and telecom. The increase in the adoption of personal computers, laptops, smartphones, tabs, and various forms of ICT devices made cybersecurity one of the key concerns of the state and non-state actors. Cybercrimes and other virtual offences vis-à-vis the politico-economic and commercial developments owing to globalisation required deterrence calls from national, regional and international levels. United Nations, state and non-state players have formulated several treaties, implemented several policies, to achieve a legal regime to ensure cyberspace protection and virtual safety (Neupane, 2016: 2) as the security initiatives to protect against personal and national data infringement and violation of individual privacy and civil liberty.

India – Bhutan bilateralism and the diplomatic liaison have evolved over the years. These two developing nations are compelled to mainstream their respective Cyberspace to be in tune with globalisation and its effects on internal and external affairs, international relations, governance, public administration, trade and commerce, national deterrence, regional security, etc. Hitherto, the Indo-Bhutan Cyber Diplomacy imperatives are centred around the individual, domestic, interdependent national safety, regional, commercial and security interests. The present work would try to reflect upon cyber diplomacy, how a technologie d’avant-garde paradigm shift having long term consequences on political organisation, affect these two-neighbouring state-actors; focusing on the development of ICT in the sovereign territorial states of India and Bhutan; through the bilateral plane in terms of national interest, to develop a cybersecurity policy regime amidst the technological and political change in the context of global politics.

The South Asian Association for Regional Cooperation (SAARC) countries are yet to set up a resilient cyber regime, like the European Union (EU) or Association of South-East Asian Nations (ASEAN). The socio-economic inequality, digital divide, technical constraints and self-contradictory national security priorities existing among the SAARC states led to the development of the inversely proportional ICT goals among the regional stakeholders. Hitherto, India and Bhutan have enjoyed long-existing politico-cultural, geostrategic and politico-economic exchanges. These two concerned countries of the Global South have thus accelerated enormous geopolitical, politico-economic, socio-cultural and economic-geographic opportunities for e-commerce, digital marketing and cyberspace risk management think-tank to thriving. – Therefore, it would be pertinent to gauge the scope of Indo-Bhutan cyberspace bilateralism in this era of digital activism.

Information Technology (IT) Acts 2000 heralded an era of India’s digital activism. An amendment to the IT act in 2018 not only boosted the national cyber policy regime but also empowered the Indian netizens. The ‘Cyber-Crime, Cyber Security and Right to Privacy’ report of 2014 by the Parliamentary Standing Committee clearly defined the jurisdiction of the IT Acts. The National Crime Record Bureau (NCRB) data shows sharp growth of Internet Subscribers in India – from 27% in 2012 to 58.51% in 2020. The NCRB data also states that 4,4546 cases of cybercrimes were registered in 2019 as compared to 28248 in 2018. Digital India records a 63.5% increase in cybercrimes in 2020.

Meanwhile, Indian cyberspace has bloomed legal establishments, military instruments, administrative-technical infrastructure, civic enforcement mechanism, educational devices and health care (Rajagopalan, 2015). Since 2013, National Cyber Security Policy has articulated a holistic vision of public-private engagements. India recognised the position of the National Cybersecurity Coordinator in 2013 and established the National Cyber Coordination Centre in 2016. Department of Telecommunication, Ministry of Communications has also emphasised on acceptance of public opinion, civil society participation and a pro-stakeholder approach. It preserves that every Indian individual netizen is involved both as a victim and as a cybersecurity provider (Anas, 2015). National Cybersecurity Coordinator disseminates a revised National Cybersecurity Strategy, in 2020. Henceforth, Indian cyber legislation has so far set ambitious goals. It offers an inclusive capacity building cyber mechanism. – However, the existing Indian cyber regime is only partially adequate. The gap between cyberspace legislation, digitalisation and cyber policy implementation persists. The recent Covid Pandemic witnessed gross misinformation circulation and disinformation campaigns over WhatsApp, Facebook, Twitter, and other social media, multiplying phishing and other cybercrimes. The Pandemic induced concurrent Lockdowns have observed an acute Digital Divide within the society, more specifically between the core and the periphery, which affected the education and future of the students. The situation juxtaposes “the urgent need to enhance cyber resilience in critical infrastructures and across society” (Ebert et al. 2020)

Bhutan being a small landlocked Himalayan country, surrounded by China and India, broke its isolation in 1960. The computerisation and automation of the government offices started in 1984, aided by United Nations Development Programme (UNDP). The engagement with the Internet happened in 1999 as a part of the celebration of the Formula year reign of His Majesty, the Fourth King. However, the actual use of the Internet remained minimal. They were modestly used for basic word processing, database applications and personal communication. Very low computer literacy, lack of accessibility, maintenance cost etc. remained the obstacles to the effective proliferation of ICT and cyberspace in Bhutan for a long time (Gruys, 2000). However, the Royal Government of Bhutan recognised the need to be prepared to prevent and act against transnational terrorism quite early. In 2006, Bhutan came up with the Bhutan Information, Communication and Media Act (BICMA 2006), a legislative provision on counter-terrorism. Since BICMA has undergone few amendments to include provisions on cyber-offences, cyber-bullying, cyber-terrorism etc. (BICMA Report 2020).

Bhutan moved toward a robust ICT between 2004 to 2013. In a very short time, the number of subscribers using the Internet and mobile services grew phenomenally. In 2014, the annual InfoComm and Transport Statistical Bulletin stated that the Internet and mobile services are accessible in all 20 dzongkhags, i.e., the districts and 205 geogs, i.e., the village blocks (Choejey et al. 2015). In 2015 United Nations Office of Drugs and Crimes (UNODC) organised a national capacity building workshop titled “The Universal Legal Framework against Terrorism and Countering the Use of the Internet for Terrorist Purposes” in Thimpu. It addressed issues related to the use of the internet for terrorist purposes and strengthened Bhutan’s capacity of national criminal justice officials to implement the universal legal framework against terrorism quite successfully (UNODC 2015). According to the National Statistics Bureau (NSB) data, there are approximately 557,154 mobile subscribers, which translate into 76 mobiles per 100 inhabitants; and there were more than 80,000 Facebook and Social Networking sites users by the end of 2020. Furthermore, Bhutan has developed its ICT infrastructure with extensive fibre-optic networks connecting all the regional and local headquarters to the central ministries and constructed community centres in every geog to serve as one-stop-service windows for e-government services. Bhutan has also established two international gateways of high-speed fibre optic cables, to provide reliable and redundant connectivity to the outside world (Choejey et al., 2015). Own domestic local-area-network systems are also established to associate applications of company websites, webmail, file transfer servers and government-to-citizen (G2C) services for police clearance certificates and business licenses, and submission of income and personal tax returns etc. reducing cost and time and improving transparency of government services (Cheki 2017).

In the meantime, Bhutan’s rapid ICT growth also prompted potential cyber threats to information systems, computer networks and data privacy. Recognising the importance of cyber-security, in 2016, the Department of Information Technology and Telecom, Ministry of Information and Communications has initiated a project to establish the Bhutan Computer Incidence Response Team (BtCIRT) to serve as the national agency to

  1. collect, analyse and disseminate information on cyber incidents,
  2. establish emergency measures for handling cyber security incidents and
  3. prepare disaster management, contingency plans and business continuity plans for critical information infrastructure.

~ Since, BtCIRT operates under the Department of IT & Telecom (DITT) of the Ministry of Information & Communications, it provides both reactive and proactive cybersecurity services to the entire nation, including guiding the development of a national strategy. Bhutan’s National Cybersecurity Strategy (NCS) was also initiated towards the end of 2018 by the International Telecommunication Union (ITU) (Sheldon 2018). However, ITU’s report on “Readiness assessment of Bhutan’s Computer Incident Response Team (CIRT)” observes that before 2019, cyber incidents like phishing, online banking theft, hacking etc. were dealt with ad-hoc manners by computer-related departments and there is an absolute dearth of documentation on how these incidents were investigated, analysed, remediated and reported. Thereafter, in October 2020 the first version of the NCS was finalised and submitted to the Cabinet of Bhutan for approval (BtCIRT, 2020). Moreover, the Royal Bhutan Police (RBP) was found to be quite cautious and continuously cautioned the public on cyber-threats with the global surge of digital crimes and work-from-home culture around the world during the COVID-19 pandemic situation (Zangpo 2020).

It is to be noted that there is no universal cyber regime to date. Cyberspace is a rapidly growing technology. Its user base in India and Bhutan comes from all walks of life. Hence, it is vulnerable to numerous security threats pertinent to this domain. As cyberspace operates without boundaries, it challenges the very nature of the operating procedures of the real world in terms of governance, maintenance, ownership and legal jurisdictions. – In the next essay of this series therefore, digital diplomatic possibilities between India and Bhutan will be further enumerated.


Anas O (2015) In Search of India’s Policy Doctrine. Policy Brief. Indian Council of World Affairs. 5 June.

Barlow John Perry (1996) A Declaration of the Independence of Cyberspace, Electronic Frontier Foundation, 8 February. (Accessed 19 August 2021).

UNODC (2015) Bhutan: Countering use of internet for terrorist activities – an emerging concern, South Asia, United Nations Office of Drugs and Crime, January. (Accessed 2 September 2021)

BtCRT (2020) What we learned while developing Bhutan’s first National Cybersecurity Strategy, International Telecommunication Union, 5 November.  (Accessed 7 September 2021)

Cheki Karma (2017) Cybercrime liable for prosecution, Kuensel, 29 June.

Choejey Pema and Fung Chun Che et al. (2015) Cybersecurity Challenges for Bhutan, 12th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 24 – 27 June. (Accessed 4 September 2021)

Conversation on cyber diplomacy (2018) EU-India Cyber Expert Meeting, EU Cyber Direct, Brussels, 12 December.  (Accessed 1 August 2021).

Ebert H and Saslow K et al. (2020) Cyber Resilience and Diplomacy in India. EU Cyber Direct: Supporting EU Cyber Diplomacy. 14 July. (Accessed 19 April 2021).

Gruys R (2000) Information Technology in Bhutan – Propelling a Himalayan Kingdom into the Information Age, Tashi Delek, Druk Air In-Flight Magazine. (Accessed 2 September 2021)

Maher Catherine (2013) The New Westphalian Web, Argument, Foreign Policy, 23 February.

Mansbach R W International Relations and Information Technology, International Relations, Volume II, Encyclopaedia of Life Support Systems, UNESCO – EOLSS Sample Paper. International Relations and Information Technology ( (Accessed 24 August 2021)

MEA (2020) 6th India-EU Cyber Dialogue. Press Release. Media Centre. Ministry of External Affairs. 17 December. (Accessed 22 April 2021)

Rajagopalan R P (2015) India’s Cyber and Space Security Policies – Analysis. Eurasia Review. News and Analysis. Observer Research Foundation. 4 January. India’s Cyber and Space Security Policies – Analysis – Eurasia Review. (Accessed 19 April 2021).

Raju A S (2007) Reconstructing South Asia: An Agenda. New Delhi: Gyan Publishing House. pp. 135 – 150.

Rosenzweig (2018) Lecture on Cyber Conflict and the Westphalian System, Strategic Cyber Security, Module 7, (Accessed 19 August 2021).

Sheldon Pema (2018) Securing Bhutan’s Cyber Security, The Bhutanese, 12 January.

Study Report on Cybersecurity (2020) Bhutan Infocom and Media Authority, Royal Government of Bhutan, July. 

Vanthi Madhu (2021) India’s Cyber Space Security Requires an Urgent Booster Shot, Centre of Land and Warfare Studies, 3 August.

Zangpo Thukten (2020) Public cautioned about cyber-crimes amidst coronavirus, Business Bhutan, 28 May.

Previous post 2021 Ukraine-Russia Conflict: Why Does the Prospect of Ukraine’s NATO Membership Seem Remote?
Next post A Bone of Contention

Leave a Reply

Your email address will not be published. Required fields are marked *