1. Wetlands (Conservation and Management) Rules, 2017

Regulatory framework governing wetland protection in India, currently under constitutional scrutiny for excluding artificial wetlands.

Why in News

The Supreme Court of India has agreed to examine the constitutional validity of the Wetlands (Conservation and Management) Rules, 2017, following a petition alleging arbitrary exclusion of human-made wetlands from environmental protection.

Key Facts

• Rule 2(g) of the 2017 Rules allegedly violates India's obligations under the Ramsar Convention (1971), which mandates protection of both natural and artificial wetlands.
• 39 out of India's 94 designated Ramsar wetlands risk losing legal protection due to strict exclusions for waterbodies used for drinking water, irrigation, aquaculture, salt production, and recreation.
• The 2017 Rules decentralized wetland identification powers to State Wetland Authorities (SWAs), unlike the 2010 framework which retained the Central Wetlands Regulatory Authority (CWRA).
• The petition cites K. Balakrishnan v. Union of India (2017) case, where the Supreme Court ordered statutory protection of all wetlands mapped in the National Wetland Atlas.
• The 2017 framework focuses on wetland origin (natural vs. artificial) rather than functional characteristics like hydrology, soil saturation, and biodiversity support.
• ISRO's National Wetland Inventory and Assessment uses functional mapping standards contradicted by the 2017 Rules' definitional approach.
• The rules allegedly violate the principle of non-regression by weakening protections established under the 2010 Rules.

Quick Revision Box

Term	Detail
Ramsar Convention	1971 international treaty for wetland conservation; mandates protection of natural and artificial wetlands
Rule 2(g)	Definitional provision in 2017 Rules excluding artificial wetlands from protection
Central Wetlands Regulatory Authority (CWRA)	Body under 2010 Rules; replaced by decentralized State Wetland Authorities in 2017
Ramsar Sites in India	94 designated wetlands; 39 at risk under current definitional framework
Non-Regression Principle	Legal doctrine preventing weakening of existing environmental protections
National Wetland Atlas	ISRO mapping project identifying wetlands based on functional characteristics

---

2. Non-Communicable Diseases (NCDs) in India

Chronic lifestyle diseases including cardiovascular diseases, cancers, diabetes, and respiratory illnesses that now cause 60% of all deaths in India.

Why in News

The Sample Registration System (SRS) Statistical Report 2024 reveals that Non-Communicable Diseases (NCDs) caused 60% of all deaths in India during the 2022-2024 period, marking a profound shift in the country's public health landscape.

Key Facts

• NCD mortality share increased by 3 percentage points from 52.8% (2015-2017) to 60% (2022-2024), displacing infectious diseases as India's primary health threat.
• Cardiovascular diseases alone account for 32.1% of all deaths, rising from 27.1% in 2015-2017, and spike to 3% in the 30-69 age group.
• NCD mortality is higher in urban areas (64.8%) compared to rural zones (58.8%), and among men (62.3%) versus women (56.9%).
• Adults aged 30-44 account for 19.5% of total deaths, threatening India's demographic dividend window. (UPSC Mains Usage: Links to GS1 Population & Associated Issues + GS2 Health Sector)
• For youth aged 15-29, suicide remains the leading cause of death at 19% (up from 16.3%), reflecting mental health vulnerabilities.
• In Empowered Action Group (EAG) States and Assam, NCDs cause 53.9% of deaths compared to 5% in non-EAG states, mapping to urbanization and demographic aging patterns.
• The National Programme for Prevention and Control of NCDs (NP-NCD) was launched in 2010 across 100 districts and subsumed under National Health Mission (NHM) in 2013-14.

Quick Revision Box

Term	Detail
NCDs	Chronic, non-transmissible diseases of long duration caused by genetic, lifestyle, and environmental factors
NCD Mortality Share (2022-24)	60% of all deaths in India; up from 52.8% in 2015-17
Cardiovascular Disease Share	32.1% of total deaths; 37.3% in 30-69 age group
NP-NCD	National Programme launched 2010; subsumed under NHM 2013-14
EAG States NCD Mortality	53.9% vs 63.5% in non-EAG states
Youth (15-29) Leading Cause	Suicide at 19%; reflects mental health crisis

---

3. High-Level Committee on Demographic Change

Panel constituted by MHA to study demographic shifts from illegal immigration and recommend policy frameworks for border management and deportation mechanisms.

Why in News

The Union Ministry of Home Affairs (MHA) has constituted a High-Level Committee to study demographic changes arising from illegal immigration and other abnormal reasons, tasked with delivering actionable policy solutions by May 2027.

Key Facts

• The committee is chaired by Justice Prakash Prabhakar Navlekar, retired Supreme Court Judge and former Lokayukta of Madhya Pradesh.
• Census Commissioner is among the members of the panel.
• The committee must submit its final report within one year (by May 2027) with a provision for six-month extension if required.
• Main objectives include scientific assessment of demographic changes caused by illegal immigration and abnormal settlement patterns.
• The panel will conduct granular community-level analysis of population fluctuations across religious and social communities.
• It will recommend a permanent deportation framework for identification, detention, and time-bound deportation of undocumented immigrants.
• The committee will formulate mechanisms to strengthen border management and deploy tools for continuous monitoring of abnormal migration trends. (UPSC Mains Usage: Links to Article 355 constitutional duty to protect states from external aggression and internal disturbance)

Quick Revision Box

Term	Detail
Committee Chairman	Justice Prakash Prabhakar Navlekar; retired SC Judge, former MP Lokayukta
Submission Timeline	Within 1 year (May 2027); 6-month extension possible
Key Mandate	Study demographic changes from illegal immigration; propose deportation framework
Census Commissioner	Member of the High-Level Committee
Focus Areas	Border management, identity verification, inter-state coordination on migration
Constitutional Link	Article 355 - duty to protect states from external aggression and internal disturbance

---

4. Internet of Things (IoT) and Operational Technology (OT)

IoT connects physical devices to the internet for data exchange; OT controls industrial equipment and processes in critical infrastructure.

Why in News

Concerns over the cybersecurity of India's Critical National Infrastructure were raised due to increasing vulnerabilities from IoT and AI-based systems deployed across power grids, water supply, and industrial control networks.

Key Facts

• Internet of Things (IoT): Network of physical devices embedded with sensors, software, and connectivity to collect and exchange data over the internet without human intervention.
• Operational Technology (OT): Hardware and software that monitors and controls physical devices, processes, and infrastructure — used in power plants, water treatment, manufacturing, and transportation.
• Convergence Risk: Integration of IT (Information Technology) and OT systems expands attack surfaces — traditional air-gapped OT networks now internet-connected. (UPSC Mains Usage: Links to GS3 Internal Security — cyber threats to critical infrastructure.)
• Examples of IoT: Smart meters, industrial sensors, connected medical devices, traffic management systems, surveillance cameras.
• Examples of OT: SCADA (Supervisory Control and Data Acquisition) systems, PLCs (Programmable Logic Controllers), DCS (Distributed Control Systems), industrial control systems (ICS).
• Critical Infrastructure: Includes power grids, water supply, telecommunications, financial systems, transportation networks, healthcare facilities.
• Global Precedents: 2015 Ukraine power grid attack (BlackEnergy malware), 2021 Colonial Pipeline ransomware (USA), 2022 AIIMS Delhi ransomware (India).
• India's Response: National Critical Information Infrastructure Protection Centre (NCIIPC) under National Technical Research Organisation (NTRO) — designated under Section 70A, IT Act, 2000.

Quick Revision Box

Term	Detail
IoT	Physical devices with sensors connected to internet for data exchange
OT	Hardware/software controlling physical industrial processes
IT-OT Convergence	Integration expands cyber attack surfaces
SCADA	Supervisory Control and Data Acquisition — OT system
NCIIPC	National Critical Information Infrastructure Protection Centre — under NTRO
IT Act Section	Section 70A — designates critical infrastructure

---

5. National Critical Information Infrastructure Protection Centre (NCIIPC)

India's nodal agency for protecting critical digital infrastructure from cyber threats.

Why in News

Recent analysis highlights NCIIPC's expanded role amid rising cyberattacks on India's critical national infrastructure, with global infrastructure attacks surging by over 140%.

Key Facts

• Established under Section 70A of the IT Act, 2000 as the designated national nodal agency for Critical National Infrastructure (CNI) protection.
• Operates under the National Technical Research Organisation (NTRO) within the Prime Minister's Office.
• Mandate: Monitor, forecast, and coordinate responses to cyber threats targeting critical information infrastructure.
• Covers 11 critical sectors: Power & Energy, Banking & Finance, Telecom, Transport, Government, Strategic & Public Enterprises, and others. (UPSC Mains Usage: Links to GS3 Internal Security - Cyber Security)
• Works in coordination with CERT-In (Indian Computer Emergency Response Team) for incident response and threat intelligence sharing.
• Issues advisories and implements security frameworks for protecting SCADA systems, OT networks, and IoT-enabled industrial infrastructure.
• Approximately 60% of PSUs still rely on basic checklist audits rather than advanced firmware-level security checks, highlighting implementation gaps.
• One-third of industrial IoT systems remain vulnerable to legacy credential attacks threatening operational technology networks.

Quick Revision Box

Term	Detail
NCIIPC	National nodal agency under IT Act Section 70A
Established	Created to protect Critical Information Infrastructure
Parent Body	Operates under NTRO, Prime Minister's Office
Critical Sectors	11 sectors including power, banking, telecom, transport
Coordination	Works with CERT-In for cyber incident response
Key Challenge	60% PSUs use basic audits, not advanced security

---

6. Trusted Telecom Portal

Government initiative mandating procurement of telecom equipment only from verified trusted sources.

Why in News

The Trusted Telecom Portal gains significance as India moves to secure its 5G networks from potential foreign malware embedding through unverified equipment.

Key Facts

• Launched by the Department of Telecommunications (DoT) to prevent supply chain security risks in telecom infrastructure.
• Mandatory compliance: Telecom service providers must procure network equipment only from "Trusted Sources" listed on the portal.
• Primary objective: Prevent foreign malware and backdoors from embedding into India's national 5G and future 6G networks. (UPSC Mains Usage: Links to GS3 Science & Technology - Communication Networks)
• Designated authority: National Cyber Security Coordinator (NCSC) oversees the trusted source identification process.
• Security framework: Based on the National Security Directive on Telecommunication Sector issued in 2021.
• Vendor scrutiny: Equipment manufacturers undergo rigorous security audits before being designated as trusted sources.
• Covers critical equipment: Routers, switches, base stations, core network elements, and IoT devices.
• Part of broader strategy to reduce dependence on high-risk vendors in critical communication infrastructure.

Quick Revision Box

Term	Detail
Trusted Telecom Portal	DoT initiative for secure equipment procurement
Launch Purpose	Prevent supply chain security risks in telecom
Key Mandate	Procure only from verified "Trusted Sources"
Target Networks	Securing 5G and future 6G infrastructure
Oversight	National Cyber Security Coordinator (NCSC)
Legal Basis	National Security Directive on Telecom, 2021

---

7. SCADA Systems — Supervisory Control and Data Acquisition

Industrial control systems that monitor and control infrastructure operations remotely.

Why in News

SCADA systems' vulnerability highlighted as convergence of IT, OT, and IoT layers creates larger attack surfaces for remote hackers targeting critical infrastructure.

Key Facts

• Definition: Industrial control systems that supervise, acquire data from, and control physical processes across distributed infrastructure.
• Used in: Power grids, water treatment plants, oil and gas pipelines, manufacturing facilities, and transportation systems. (UPSC Mains Usage: Links to GS3 Infrastructure - Industrial Automation)
• Components: Master Terminal Units (MTUs), Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs), and Human-Machine Interfaces (HMIs).
• Key vulnerability: Previously isolated SCADA loops now connected to public internet via IoT, exposing industrial machinery to remote manipulation.
• Attack vector example: Hackers breach IT servers to directly manipulate heavy machinery or pipeline valves through SCADA interfaces.
• OT network risk: Operational Technology networks controlling physical processes face threats when integrated with Information Technology systems.
• International precedent: Fuel storage breaches show adversaries targeting pipeline pressure sensors to cause physical infrastructure damage remotely.
• Zero-Trust Architecture proposed to enforce multi-factor cryptographic authentication for every SCADA-connected IoT device.

Quick Revision Box

Term	Detail
SCADA	Supervisory Control and Data Acquisition systems
Function	Monitor and control infrastructure remotely
Applications	Power grids, water plants, pipelines, transport
Components	MTUs, RTUs, PLCs, HMIs
Key Risk	Isolated loops now exposed via internet/IoT
Proposed Solution	Zero-Trust Architecture with cryptographic authentication

---

8. Internationally Recognized Certificates of Compliance (IRCCs)

Digital proof issued under the Nagoya Protocol certifying legal access to biological resources — essential for tracking global biodiversity use and preventing biopiracy; UPSC-relevant for Environment and International Law.

Why in News

India's First National Report on the Nagoya Protocol revealed that India issued 3,556 IRCCs, constituting 60.24% of all certificates issued worldwide — demonstrating India's global leadership in ABS compliance and biodiversity traceability.

Why It Matters

• Definition: IRCCs are electronic certificates published on the ABS Clearing-House Mechanism (global online platform) confirming that biological resources were accessed legally under the Nagoya Protocol's Prior Informed Consent (PIC) and Mutually Agreed Terms (MAT) framework.
• India's Dominance: India's 3,556 IRCCs represent 24% of all global certificates — far ahead of any other country.
• Legal Function: Acts as international proof of compliance — enables customs, patent offices, and research institutions worldwide to verify legal sourcing. (UPSC Mains Usage: Prevents biopiracy cases like Turmeric patent (1995) and Neem patent (2005) — GS3 IPR)
• Tracking Mechanism: Each IRCC contains unique identifier, resource description, access date, provider country, and user details — creates transparent audit trail.
• Issuing Authority in India: National Biodiversity Authority (NBA) generates IRCCs after approving ABS applications involving foreign entities or IPR generation by Indian companies.
• Global Platform: Published on the ABS Clearing-House hosted by the Convention on Biological Diversity (CBD) Secretariat in Montreal, Canada.
• Compliance Window: Between November 1, 2017–December 31, 2025, India's total 12,830 approvals resulted in 3,556 IRCCs being uploaded globally.

Quick Revision Box

Term	Detail
IRCC Definition	Electronic certificate proving legal access under Nagoya Protocol
India's Share	3,556 IRCCs — 60.24% of global total
Global Platform	ABS Clearing-House Mechanism (CBD Secretariat, Montreal)
Issuing Body (India)	National Biodiversity Authority (NBA), Chennai
Purpose	Prevent biopiracy; enable customs/patent office verification
Period Covered	November 1, 2017–December 31, 2025

---

9. India's Leadership in Nagoya Protocol Implementation and Biodiversity Governance

India's First National Report reveals world-leading performance in Access and Benefit-Sharing (ABS) under the Nagoya Protocol, with 60.24% of global compliance certificates.

Why in News

The Union Ministry of Environment, Forest and Climate Change (MoEFCC) released India's First National Report on the Nagoya Protocol, showcasing India's global leadership in biodiversity governance through its robust ABS framework under the Convention on Biological Diversity (CBD, 1992).

Key Facts

• Nagoya Protocol: Adopted 2010 in Japan; entered force 2014 as supplementary agreement to CBD (1992) ensuring fair benefit-sharing from genetic resources through Prior Informed Consent (PIC) and Mutually Agreed Terms (MAT).
• India's Global Leadership: Issued 3,556 Internationally Recognized Certificates of Compliance (IRCCs) — 24% of global total — highest worldwide.
• ABS Approvals: 12,830 approvals granted (November 2017–December 2025) — 5,913 by National Biodiversity Authority (NBA), 6,917 by State Biodiversity Boards (SBBs).
• Revenue and Benefit-Sharing: Collected ₹216.31 crore; disbursed ₹139.69 crore directly to local communities and conservers.
• Institutional Framework: Three-tier structure — NBA (Chennai) established 2003 under Biological Diversity Act 2002, SBBs at state level, 2,76,653 Biodiversity Management Committees (BMCs) at grassroots — world's largest community biodiversity network.
• People's Biodiversity Registers (PBRs): 2,59,000+ PBRs documenting local biological resources and traditional knowledge maintained by BMCs.
• Capacity Building: 3,724 workshops training 2,56,393 functionaries on ABS compliance and biodiversity governance.

Quick Revision Box

Term	Detail
Nagoya Protocol	2010 adoption; force 2014; supplementary to CBD (1992)
IRCCs by India	3,556 — 60.24% of global certificates
ABS Approvals	12,830 (Nov 2017–Dec 2025)
Revenue Disbursed	₹139.69 crore to communities (of ₹216.31 crore)
NBA Headquarters	Chennai; established 2003
BMCs	2,76,653 local committees; 2,59,000+ PBRs prepared
CBD Parties	196 countries; USA signed but not ratified

---

10. Cybersecurity Challenges in India's Critical Infrastructure: The IoT-OT Convergence Conundrum

Introduction

The rapid digitalization of India's critical national infrastructure through Internet of Things (IoT) and Operational Technology (OT) systems has created unprecedented efficiencies but simultaneously opened new frontiers of vulnerability. As India aspires to become a $5 trillion economy, the security of power grids, water supply systems, financial networks, and transportation infrastructure has emerged as a paramount concern, particularly in light of increasing cyber threats targeting the IT-OT convergence layer.

Background

Understanding IoT and OT:

The Internet of Things refers to the network of physical devices—from smart meters to industrial sensors—embedded with sensors, software, and connectivity capabilities that enable them to collect and exchange data over the internet without human intervention. Operational Technology, on the other hand, comprises the hardware and software that directly monitors and controls physical devices, processes, and infrastructure events in sectors like power generation, water treatment, manufacturing, and transportation.

Historical Context:

Traditionally, OT systems operated in isolation through air-gapped networks, physically separated from internet-connected IT systems. However, the fourth industrial revolution has necessitated the convergence of IT and OT to enable real-time monitoring, predictive maintenance, and operational efficiency. This integration, while beneficial, has exponentially expanded the attack surface for cyber adversaries.

Legislative Framework:

Recognizing these vulnerabilities, India established the National Critical Information Infrastructure Protection Centre (NCIIPC) under the National Technical Research Organisation (NTRO), designated under Section 70A of the IT Act, 2000, to protect critical information infrastructure from cyber attacks.

Recent Developments

Recent concerns over cybersecurity vulnerabilities in India's critical national infrastructure have been triggered by several factors:

Global Cyber Incidents:

The 2015 Ukraine power grid attack using BlackEnergy malware demonstrated how cyber weapons could cause physical disruption. The 2021 Colonial Pipeline ransomware attack in the United States halted fuel supply across the East Coast, while India experienced its own wake-up call with the 2022 AIIMS Delhi ransomware attack that paralyzed healthcare services.

Expanding IoT Deployment:

India's smart city initiatives, digital agriculture programs, and industrial automation have led to proliferation of IoT devices across critical sectors. Smart meters in power distribution, connected traffic management systems, and industrial sensors have created millions of potential entry points for cyber adversaries.

AI-Integration Vulnerabilities:

The deployment of AI-based systems for predictive analytics and autonomous decision-making in critical infrastructure has introduced new vulnerabilities, including adversarial attacks on machine learning models and algorithmic manipulation.

Significance

National Security Implications:

Critical infrastructure forms the backbone of national security. Compromise of power grids, water supply systems, or financial networks could cripple economic activity, endanger public safety, and undermine national sovereignty. The strategic importance is heightened by geopolitical tensions and state-sponsored cyber warfare capabilities.

Economic Impact:

Cyber attacks on critical infrastructure can result in massive economic losses through operational disruption, data theft, and recovery costs. The interconnected nature of modern economies means that cascading failures can ripple across sectors.

Public Safety Concerns:

Disruption of healthcare facilities, water treatment plants, or transportation networks directly threatens citizen welfare. The COVID-19 pandemic demonstrated how critical healthcare infrastructure is to national resilience.

Technological Sovereignty:

Securing critical infrastructure requires indigenous capabilities in cybersecurity, reducing dependence on foreign technology that may contain backdoors or vulnerabilities.

Challenges

Legacy Systems:

Many OT systems were designed decades ago without cybersecurity considerations. Updating or replacing these systems is expensive and operationally complex, creating persistent vulnerabilities.

Skills Gap:

There is an acute shortage of professionals trained in both OT systems and cybersecurity. Traditional IT security experts often lack understanding of industrial control systems, while OT engineers may not possess adequate cybersecurity expertise.

Supply Chain Vulnerabilities:

IoT devices and OT components are often manufactured globally, creating supply chain risks through compromised hardware or software. The absence of comprehensive domestic manufacturing capabilities exacerbates this challenge.

Regulatory Fragmentation:

Critical infrastructure spans multiple sectors regulated by different authorities, leading to inconsistent security standards and coordination challenges.

Real-time Constraints:

Unlike IT systems, OT systems often require real-time processing with minimal latency. Traditional security measures like encryption or authentication can introduce delays unacceptable in industrial control contexts.

Resource Constraints:

Many infrastructure operators, particularly in public sector undertakings and smaller municipalities, lack adequate budgets for comprehensive cybersecurity measures.

Way Forward

Comprehensive Policy Framework:

Develop sector-specific cybersecurity standards for critical infrastructure, mandating regular audits, penetration testing, and incident response capabilities. The proposed Digital Personal Data Protection Act should incorporate specific provisions for IoT and OT security.

Capacity Building:

Establish specialized training programs combining OT domain knowledge with cybersecurity skills. Public-private partnerships with academic institutions can create a pipeline of qualified professionals. NCIIPC should expand its outreach and training initiatives.

Indigenous Technology Development:

Invest in domestic development of secure IoT devices, SCADA systems, and cybersecurity solutions through initiatives like Make in India and Production Linked Incentive schemes. This reduces supply chain vulnerabilities and builds strategic autonomy.

Zero Trust Architecture:

Implement zero trust security models that verify every access request regardless of origin. Micro-segmentation of networks can limit lateral movement of attackers within OT environments.

Public-Private Collaboration:

Create information-sharing mechanisms enabling private sector infrastructure operators to report and learn from cyber incidents without fear of regulatory penalties. Establish sector-specific Information Sharing and Analysis Centers (ISACs).

Regular Security Assessments:

Mandate periodic vulnerability assessments and penetration testing of critical infrastructure, with results reported to NCIIPC. Adopt security-by-design principles for new infrastructure projects.

International Cooperation:

Engage in bilateral and multilateral frameworks for sharing threat intelligence, best practices, and coordinated responses to transnational cyber threats targeting critical infrastructure.

Conclusion

The convergence of IoT and OT systems in India's critical national infrastructure represents both an opportunity for enhanced efficiency and a significant security challenge. As digital technologies become inseparable from physical infrastructure, a holistic approach combining technological solutions, skilled workforce development, robust regulatory frameworks, and public-private collaboration is essential. India's economic growth and national security increasingly depend on our ability to secure the cyber-physical systems that underpin modern civilization.

Mains Practice Question

Q. The integration of Internet of Things (IoT) and Operational Technology (OT) systems in critical national infrastructure has created new cybersecurity vulnerabilities. Examine the challenges posed by IT-OT convergence and suggest a comprehensive framework for securing India's critical infrastructure. (250 words, 15 marks)

---