As tensions between India and Pakistan escalate both militarily and digitally, cyberspace has become an increasingly volatile front. While news of physical strikes and military engagements dominates headlines, a quieter but a dangerous engagement is quietly unfolding in cyber space. In recent days, there have been numerous reports of Pakistani journalists, politicians, and public figures having their social media accounts, YouTube channels, and digital platforms blocked or restricted by Indian authorities. These politically motivated actions highlight how states are using cyber spaces to control narratives and retaliate without crossing warfare boundaries.

In light of growing regional instability, Pakistan’s National Cyber Emergency Response Team issued a high-priority advisory warning that “the circulation of videos, images, and commentary revealing troop movements, military deployments, and sensitive national security activities… may severely compromise national security, jeopardize operational effectiveness, and facilitate hostile actions by adversaries.” The advisory further emphasized the rising threat of misinformation, disinformation, and deepfakes, urging media professionals and the public to exercise vigilance and ethical responsibility online.

An example of norm violation is the disinformation campaign exposed by EU DisinfoLab, 2019-20 which was linked to India. The network used fake media and NGOs to spread anti-Pakistan narratives at international forums. Those activities were a clear violation of UN norms discouraging disinformation, proxy use, and violations of sovereignty. Such actions rise critical questions under the UN global framework of responsible state behavior in cyberspace.
The UN norms were first agreed by a UN group of governmental experts in 2015. The group’s report was subsequently endorsed by consensus at the UN General Assembly in 2015 through resolution 70/237.

‘’The purposes of the norms are to reduce risks to international peace and security, and to contribute to conflict prevention. They have been crafted to deal with state-to-state actions that could potentially carry the highest risks to international peace and security and the welfare of citizens.’’
Here are some important points of UN norms;

a. Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security;

b. In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences;

c. States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs;

e. States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression;

One of the clearest concerns is targeting digital human rights, particularly the right to freedom of expression and freedom of the press. According to the UN norms, ‘’states must respect key human rights on the internet, even while safeguarding national security.’’ The restriction of voices from another side not only compromises freedom of expression but also leads to a narrowed and one sided digital discourse.

These kinds of actions can lead to disinformation, rumors, increased public polarization and an environment that could worsen the critical diplomatic objectives. More dangerous than narrative control is targeting the critical infrastructure in this digital confrontation. UN cyber norms explicitly restrict state activity that damages critical systems like power grids, hospitals or emergency response institutions. Civilian lives are deeply dependent on these network. Power failures, hospital outages, or financial disruptions could rapidly escalate the conflict and may cause real-word retaliation.

There is also a growing responsibility on both governments to secure their own infrastructure from potential cyber threats. This includes defending against not only external attacks but also managing internal vulnerabilities and preventing their digital assets from being misused for offensive actions. If non-state actors from either side conduct cyberattacks while authorities turn a blind eye, the state risks being held ac countable. In a region as sensitive as South Asia, where misperception can spiral into confrontation, even unclaimed cyber actions could be dangerously misunderstood.

According to UN norms, states must not target Computer Emergency Response Teams or CERTs or misuse them for offensive purposes because they are meant to be the neutral first responders in digital crises. The global cyber security cooperation trust mechanism will be undermined if either side begins interfering with the work of such teams by forging their communication or launching attacks against them. Once that trust undermined, it will be harder to stop malware attacks, respond to critical incidents and communicate in emergencies.

The evolving cyber activities in the current India-Pakistan conflict are not just a technical footnote but it is now constituting an alternative warfare tool for retaliation through narrative control and restricting freedom but the cost of doing so could be higher than that. Because the cyber realm, unlike physical battlefields, has no clear borders, no ceasefire lines, and no easy off switch. It may be harder to repair the damage than the physical one. it is the duty of both sides to uphold the basic principles of responsible state behavior which could lead to the diplomatic solution of the problem.