On 9 July, Australia and India unveiled the Partnership on Cyber, Critical Technologies and Supply Chains (PACTS), a reworked bilateral mechanism that the two governments say will be more prescriptive, reduce duplication and push harder for operational outcomes.
Consolidating dialogues under MEA, DFAT, NSCS and PM&C
PACTS replaces the 2020 framework and explicitly rationalises the web of talks and taskforces that have accumulated since 2014. The two countries had run five rounds of cyber policy dialogues led by India’s External Affairs Ministry (MEA) and Australia’s Department of Foreign Trade (DFAT), plus the 2022 India‑Australia Foreign Ministers’ Cyber Framework Dialogue and two joint working groups created in 2020. Under PACTS those dialogues and working groups will continue to be led by MEA and DFAT but will be overseen by the deputy national security adviser in India’s National Security Council Secretariat (NSCS) and by the deputy secretary of the International and Security Group in Australia’s Department of Prime Minister and Cabinet (PM&C).
Those deputies will provide strategic oversight and hold annual review meetings to track progress. The source material points to an administrative logic for this design: India’s NSCS was made responsible for overall coordination and strategic direction in cybersecurity by a 2024 Allocation of Business Rules amendment, and Australia’s PM&C already supports the prime minister across national security briefs including cybersecurity. The new oversight layer is intended to improve agility and coordination on cyber issues.
Embedding cybersecurity across supply chains and critical technologies
PACTS is structured around five linked pillars — cyber, supply chain resilience and diversification, critical technology, digital resilience and defence research collaboration — and it aims to mainstream cybersecurity into all of them. The partnership anticipates joint work that ties cybersecurity to bilateral supply chains for critical technologies and to policy work on AI, biotech, critical minerals, aerospace and defence, and digital public infrastructure.
The source gives a concrete example: Australia’s Department of Industry, Science and Resources could work with India’s National Critical Minerals Mission and share cybersecurity expertise such as Australia’s planned 2025 information toolkit to protect critical mineral supply from foreign cyber interference using structured information and reporting procedures.
Building operational capability: skill incubator, grants and joint development
PACTS moves beyond policy talk to emphasise tangible capability-building. The partnership will establish practical workshops and a cyber skill incubator hub intended to fund training for cyber practitioners to tackle sophisticated threats. It also contemplates a bilateral cyber challenge grant program to encourage joint product investment and development for government procurement and commercial sale in both countries.
That is a shift from the existing Australia‑India Cyber and Critical Technology Partnership grant, which the source says supports projects to enhance shared understanding of standards and ethical frameworks but “lacks support for joint development of cybersecurity products and capabilities involving industries and research institutions.” The stated rationale is practical: both countries face an increase in cyberattacks — attributed to state‑sponsored and non‑state actors — targeting electricity grids, transportation and the biotechnology sector, and there have been instances of state‑backed cyber espionage and intellectual‑property theft affecting India’s biotech, aerospace and defence sectors.
The source also attaches technical priorities to this effort, noting that deeper R&D linkages will be important to address emerging challenges in areas such as post‑quantum cryptographic standards and secure telecommunications.
Countering cybercrime: police, forensics and cross‑sector sharing
PACTS explicitly includes countering cybercrime as a priority and proposes operational steps to deliver on that aim. The Australian Federal Police and the Indian Cybercrime Coordination Centre are named as potential facilitators of exchange programmes for cybercrime investigators and “cyber commandos.” Industry bodies such as the Data Security Council of India’s Center for Cybercrime Investigation Training & Research could partner with Australia’s CI‑ISAC (a cross‑sectoral information‑sharing organisation) to curate workshops focused on enhancing digital forensic capabilities.
The emphasis is on improving digital policing and forensic skills so that both sides can reduce the financial costs of cybercrime and more effectively investigate incidents affecting critical infrastructure and sensitive industries.
What this means for research institutions, procurement leaders, and policymakers
- Research institutions and technologists: PACTS signals new opportunities to move from policy studies to co‑developed products and shared R&D, particularly in areas flagged by the partnership such as secure telecoms and post‑quantum cryptography. The proposed cyber challenge grants and incubator hub would be the primary mechanisms to convert collaboration into deployable capability.
- Procurement leaders and enterprises: The partnership explicitly aims to “enhance trade and investment between Australian and Indian businesses on cybersecurity and tech ventures,” creating incentives to co‑design products for government procurement and commercial sale across both markets.
- Policymakers and security coordinators: The move to NSCS and PM&C oversight — with annual review meetings — changes the accountability and coordination architecture and sets expectations for clearer, more prescriptive announcements and measurable outcomes.
PACTS is designed to take bilateral cyber engagement from conversations to contracts and from workshops to workforce development. If the governance promises are implemented — with deputy‑level oversight, annual reviews, incubator funding and challenge grants — the partnership could forge the “trust and muscle memory” the source says are needed for quicker intelligence sharing and joint responses to adversarial cyber threats. The concrete next steps the source highlights are the operationalisation of the incubator hub, the creation of challenge grants, and the joint programmes to strengthen digital policing and forensics.




