An Analytical Study of Legal Implications of Cyber Attack on Indian Defence System: Issues, Challenges and Redressal Dissertation

The Global Defence Chain System (GDCS) – the interconnected network of defence contractors, sub-suppliers, logistics providers, and technology vendors – has become a primary target for sophisticated cyber operations. While the digitisation of supply chains enhances efficiency, it introduces systemic vulnerabilities that adversaries exploit to exfiltrate sensitive defence data, disrupt weapons production, or degrade military readiness. This dissertation provides an analytical study of cyber attacks targeting the GDCS, with a focus on the redressal mechanisms available to victims and the challenges that impede effective remedies. Adopting a mixed-methods approach combining doctrinal legal analysis, comparative case studies, and policy evaluation, the research examines three landmark incidents: the SolarWinds supply chain compromise (2020), the NotPetya malware attack (2017), and the 2023 MOVEit Transfer breaches. These cases illustrate the evolving tactics of state-sponsored and criminal actors, the cascading effects of supply chain compromises, and the inadequacy of existing legal frameworks. The study finds that redressal is hampered by four principal challenges: (i) the difficulty of technical and legal attribution to a responsible actor; (ii) jurisdictional fragmentation that complicates cross-border law enforcement and civil litigation; (iii) contractual and insurance mechanisms that either exclude state-sponsored attacks or fail to flow down liability to lower-tier suppliers; and (iv) the absence of a harmonised international legal framework specifically addressing cyber operations against defence supply chains. The dissertation concludes by proposing a multi-layered redressal framework. It recommends regulatory expansion to cover all supply chain tiers, the establishment of specialised cyber courts, clarification of the “cyber war” exclusion in insurance policies, and the pursuit of international norms that recognise systematic supply chain attacks as a breach of responsible state behaviour. Ultimately, strengthening the resilience of the GDCS requires not only technical improvements but also a fundamental rethinking of legal accountability and global cooperation.