AI-powered cyber defence platform developed by the Indian Space Research Organisation (ISRO), has recently won Gold at the National e-Governance Awards 2026. The system integrates Garuda-TIP, DNS Filtering, and AI Detection into a closed-loop architecture for real-time, automated cybersecurity. It addresses rising threats, cyberattacks, malware via DNS/web, and delayed detection, by enabling instant threat identification and blocking. The platform achieves 98% faster response times, ~99% accuracy, and processes thousands of threats daily, with real-world validation during Operations Sindoor. It also outlines a national vision through the BHARAT DNS Resolver and centralized threat intelligence. The information in the article is based on details available on the official portal (nceg.gov.in) of National Awards for e-Governance.
Landmark Recognition for India’s Cybersecurity Architecture
An indigenous AI-powered cyber defence platform developed at the Indian Space Research Organisation (ISRO) has been awarded the Gold Award at the National e-Governance Awards 2026, marking a significant milestone in the country’s cybersecurity evolution. Conceptualized by the Cyber Security and Networks Division of Space Applications Centre (SAC-ISRO), Ahmedabad, the platform represents a shift from fragmented, reactive security systems to a unified, automated, and intelligence-driven defence architecture.
At a time when cyber threats are escalating in both scale and sophistication, this system introduces a closed-loop cyber defence mechanism that integrates ‘Threat Intelligence’, ‘DNS (Domain Name System) Filtering’, and Artificial Intelligence into a seamless operational pipeline. Its recognition underscores its strategic importance in safeguarding critical infrastructure. More importantly, it signals a broader transformation in governance thinking, where cybersecurity is no longer an auxiliary concern but a core pillar of national resilience. With real-time threat detection, automated response, and AI-driven zero-day coverage, the platform sets a new benchmark for how governments can approach cybersecurity in an era defined by invisible warfare.
Also Read – The Cost of Forgetting: India’s Hidden Governance Crisis
Cyber Threat Landscape: Scale, Speed, and Stealth
The urgency behind such innovation becomes evident when one examines the evolving cyber threat, which has grown exponentially in recent years. Between 2019 and 2024 alone, cyberattacks have witnessed a 400 percent increase. Nearly 94 percent of malware today is delivered through email and DNS/web channels, highlighting the central role of internet infrastructure in enabling cyber intrusions. Even more concerning is the average dwell time of 21 days, which indicates the duration attackers remain undetected within a system, allowing them to escalate privileges, move laterally, and exfiltrate sensitive data.
Modern cyberattacks are no longer isolated incidents but coordinated campaigns involving nation-State actors, ransomware groups, and cyber-espionage networks. Techniques such as lateral movement enable attackers to compromise entire networks from a single endpoint, while Command and Control (C2) beaconing allows malware to communicate with external servers using seemingly legitimate DNS queries. Simultaneously, data exfiltration through DNS tunneling or HTTPs channels enables covert transfer of sensitive information beyond organizational boundaries. These dynamics show a critical insight: DNS, often overlooked in traditional security frameworks, has become a primary attack vector, making it a strategic point for early intervention.
Pre-Initiative Gaps: Manual Delays & Fragmented Defences
Before the deployment of this integrated platform, cybersecurity operations within large organizations, including ISRO, were constrained by systemic inefficiencies and structural limitations. Threat intelligence advisories received from agencies such as CERT-In and NCIIPC required manual parsing, often in formats like PDFs, CSVs, or STIX feeds, leading to delays and loss of contextual information. The absence of de-duplication mechanisms resulted in redundant entries, while manual entry into multiple security tools created inconsistencies in threat coverage. Response times ranged from hours to days, providing attackers with critical operational windows.
Equally problematic was the lack of centralized DNS protection, where reliance on public resolvers exposed query metadata, including browsing patterns and user behavior. Firewalls, despite their effectiveness at blocking known threats, failed to address DNS-level vulnerabilities, allowing malicious domains to enter successfully. The absence of zero-day detection capabilities further compounded the challenge, as static blocklists were ineffective against dynamically generated threats such as those created by Domain Generation Algorithms. Additionally, the security ecosystem remained siloed, with no integration between threat intelligence, detection, and response systems. This fragmented approach resulted in delayed response, increased cyber risk, and an inability to proactively defend against emerging threats.
Three-Pillar Architecture: Garuda-TIP, DNS Filtering, and AI Detection
The award-winning platform addresses these challenges through a tightly integrated three-pillar architecture, deployed as a Software-as-a-Service model at ISRO’s Space Applications Centre in Ahmedabad. At the core of this architecture lies ‘Garuda-TIP’ (Threat Intelligence Platform), which automates the entire process of threat intelligence. The system is designed to auto-fetch feeds from CERT-In and NCIIPC, parse and enrich ‘Indicators of Compromise’ (IOC) with full metadata, eliminate duplicates, and distribute intelligence across all connected security systems. This transformation from manual to automated intelligence handling ensures 100 percent IOC coverage and reduces response time from hours to seconds.
Complementing this is the DNS Filtering Service, which acts as the frontline defence layer. By operating as a privacy-preserving recursive resolver, it blocks malicious communication at the DNS stage, preventing any connection from being established. The integration of Response Policy Zones enables real-time domain and IP blocking, while continuous logging provides visibility through SIEM (Security Information and Event Management) systems. This approach ensures that threats are intercepted at the earliest possible stage, significantly reducing the attack surface.
The third pillar, the AI Detection Engine, introduces zero-day defence capabilities through two parallel tracks: Domain Generation Algorithm detection and DNS tunneling detection. By analyzing parameters such as domain entropy, query behavior, and encoded payloads within DNS queries, the system identifies threats that bypass traditional blocklists. Together, these three pillars create a closed-loop architecture where AI detections feed into threat intelligence, which in turn updates DNS filtering rules, enabling instant blocking across the network.
Operational Mechanism: A Closed-Loop Cyber Defence System
What distinguishes this platform is not just its individual components but the way they operate as an integrated system. The operational mechanism begins with the automated ingestion of threat intelligence, which is processed and converted into actionable indicators. These indicators are then distributed to DNS filtering systems and other security tools, ensuring uniform threat visibility. Simultaneously, all live DNS queries are scanned by the AI engine, which identifies anomalies indicative of Domain Generation Algorithm (DGA activity) or DNS tunneling. Once detected, these threats are fed back into the threat intelligence platform, where they are added to the IOC database and disseminated across the network.
This closed feedback loop ensures continuous learning and adaptation, allowing the system to respond to both known and unknown threats in real time. Integration with existing infrastructure such as Next-Generation Firewalls, SIEM, and SOAR systems further enhances its effectiveness, enabling automated detection, response, and orchestration. The result is a unified cyber defence ecosystem where intelligence, detection, and response are no longer isolated processes but interconnected functions operating in synchrony.
Performance Metrics and Real-World Validation
The effectiveness of the platform can be seen in its operational metrics, which demonstrate significant improvements in both efficiency and accuracy. The system has achieved a 98 percent reduction in response time, bringing it down from hours or days to mere seconds. With the capability to process over 3,000 Indicators of Compromise per day per centre, it ensures comprehensive coverage across all connected systems. The AI models have demonstrated approximately 99 percent accuracy with very low false positives, addressing one of the key challenges in automated threat detection. The mean time to detect and respond has been reduced to under five minutes, while automation has resulted in savings of approximately 30 hours of manual effort per month.
A notable demonstration of its capabilities was observed during Operations Sindoor, where threat intelligence was disseminated and blocking enforced across more than 20 ISRO and Department of Space centres within minutes. This real-time response highlighted the platform’s readiness for national security scenarios, where speed and coordination are critical.
Towards a BHARAT-Scale Cyber Defence Ecosystem
Beyond its operational success within ISRO, the platform is designed with scalability in mind, envisioning a broader national cybersecurity architecture. The proposed BHARAT DNS Resolver aims to provide secure, privacy-preserving DNS services to citizens and organizations, eliminating reliance on external cloud-based resolvers while offering built-in protection against advanced threats. Parallelly, the concept of a BHARAT Threat Intelligence Repository envisions a centralized, scalable platform that can be integrated across ministries, public sector enterprises, and private organizations.
Such framework would enable real-time sharing of threat intelligence, fostering collaboration and enhancing collective resilience against cyber threats. In a digital ecosystem where attacks are increasingly interconnected, the ability to share and act on intelligence at a national level becomes a critical capability. This vision positions the platform as a foundational element of India’s future cybersecurity infrastructure.
Strategic Significance: Redefining India’s Cybersecurity Doctrine
The recognition of this platform at the National e-Governance Awards 2026 signifies more than a technological achievement; it represents shift in India’s approach to cybersecurity. By emphasizing indigenization, the platform reduces dependence on foreign cybersecurity tools, enhancing data sovereignty and national security. Its proactive defence model ensures that threats are detected and neutralized before they can cause damage, marking a departure from traditional reactive approaches.
As cyber warfare becomes an integral part of geopolitical strategy, the ability to secure critical infrastructure such as space systems assumes paramount importance. The platform demonstrates that effective cybersecurity requires not just advanced technology but a cohesive strategy that integrates intelligence, detection, and response into a unified system. It also highlights the importance of investing in indigenous innovation to address emerging challenges in the digital age.
Conclusion: Securing the Future of Digital India
The AI-powered Integrated Cyber Defence Platform stands as an example to India’s growing capabilities in cybersecurity innovation. By combining real-time threat intelligence, DNS-level intervention, and AI-driven detection, it creates a robust and scalable defence architecture capable of addressing the complexities of modern cyber threats. Its recognition with the Gold Award at the National e-Governance Awards 2026 not only validates its effectiveness but also sets a benchmark for future initiatives.
As India continues to expand its digital footprint, the need for such integrated and proactive security systems will only grow. This platform provides a blueprint for how governments can approach cybersecurity in an increasingly interconnected world, ensuring that the nation remains resilient in the face of evolving threats. In securing the invisible battlefield of cyberspace, it positions India as a leader in shaping the future of cyber resilience.
Also Read – How the New Criminal Laws Are Rewiring India’s Justice System














