The governments of India and Australia are in preliminary talks to explore sharing real-time information to tackle cybercrimes, fuelled by growing cyberattacks from nations such as North Korea on critical infrastructure such as power grids and medical facilities.
The two countries are increasingly interested in a bilateral treaty that specifically addresses data-sharing to tackle cybercrime, Brendan Dowling, ambassador for cyber affairs and critical technologies in Australia’s department of foreign affairs and trade, told Mint.
“The current MLAT process is not smooth and impedes our ability to cooperate. Bilaterally, there’s room to improve. There have been conversations between India and Australia to set up a bilateral cyber security-driven data sharing agreement,” Dowling said. “Conceptually, both countries agree upon the need for it—what hasn’t happened is a framework to make this happen, though the intent is there.”
MLAT, or mutual legal assistance treaty, is the cornerstone of cross-border information sharing between nations—where either party may have intent to pursue legal resolutions based on a crime. However, the process associated with sharing information through such treaties is prolonged, taking up to multiple years.
“There is a time lag in the process of MLATs being executed. When bilaterals are discussed for data sharing to particularly combat cybercrimes, the procedure being adopted is going to be the most critical for India to put it into effective use,” said NS Nappinai, senior counsel at the Supreme Court of India and founder of cybersecurity advocacy platform Cyber Saathi.
Expediting information sharing
As a result, various countries are working on ways to expedite information-sharing.
“There is interest on both sides to find ways for it. The Quad (comprising India, Australia, Japan and the US) has been a useful grouping, under which a cybersecurity working group actively speaks about cross-country data sharing arrangements,” Dowling said. “Between India and Australia, both governments are interested in sharing more information in real time, collaborating closely with specifically assigned points of contact, and so on.”
The ambassador was in India last week to attend the ministry of foreign affairs-backed Global Technology Summit 2025. On the sidelines, Dowling met with “various government departments, as well as private industry stakeholders”.
Speaking about how the potential bilateral treaty could work, Dowling said it will be hinged upon “the regularity of connecting on both ends”.
“Legal frameworks are important, but institutional linkages are important as well. Going forward, we will work on understanding the right mechanisms. There is a Computer Emergency Response Team (Cert) for Asia Pacific (APAC), through which some information sharing does happen. But, that is very broad-ranged—bilaterally, India and Australia will be speaking with each other to improve this aspect,” he said.
Such a move is crucial in the current geopolitical climate associated with cybercrime. Homegrown cybersecurity firm Indusface’s ‘State of Application Security in India, 2025’ report, published earlier this month, said that over 7.15 billion cyberattacks on enterprises were detected by cybersecurity tools through 2024—20% jump over the previous year. Over 1.2 billion attacks were tracked in the banking and financial services sector alone, with attacks on the sector increasing 74% through the year.
Crucial to track cybercrimes
Nappinai said despite data-sharing strictures laid down under India’s Digital Personal Data Protection (DPDP) Act, 2023, cross-border data sharing is a crucial aspect of tracking cybercrimes.
“Data protection laws have built-in exemptions, particularly for data sharing inter alia for criminal investigations. All countries that are signatories of the Budapest Convention have to do data-sharing as per the agreement. This includes European Union countries, which follow the General Data Protection Regulations (GDPR), the gold standard of privacy laws. Data protection laws, therefore, do not prevent countries from data sharing when it comes to combating crimes,” she said.
Nappinai added that an ad-hoc UN committee under the aegis of the United Nations Office on Drugs and Cyber Crime (UNODC) is close to finalizing a draft cybercrime convention in 2024, that is likely to come into effect soon. “This draft provides for data sharing and cooperation between countries for fighting cybercrime, and becomes part of initiatives that signatory countries are undertaking,” she said.
“A bilateral agreement between two countries is a good move, because ultimately, whatever the treaties and conventions may be, countries will eventually need to capture the same within municipal laws and methodologies for implementing them. Bilaterals are one way of doing that,” she said.
The catalyst for such information-sharing agreements is rising cyberattacks on public infrastructure such as healthcare, power distribution and water networks.
“There is scope for more collaborations here, because nation-backed cyberattacks are today interfering with democratic processes, stealing sensitive commercial data, and disrupting civilian services,” Dowling said. “If a district’s power or water supply is being disrupted by another nation, this is a problem—we’ve publicly called out Russia, Iran, North Korea and China for such activities.”
India, too, has been subjected to this. A report by cybersecurity tracker Recorded Future alleged in 2021 that widespread cyberattacks on Mumbai’s power distribution network were orchestrated by state-backed cyberattackers from China—causing a widespread power blackout in the nation’s financial capital.
