SV RaghavanAs India accelerates toward its ambitious target of becoming a $5-trillion economy, a quiet vulnerability is emerging at the heart of our most vital systems. We have rightfully celebrated major legislative milestones like the Digital Personal Data Protection (DPDP) Act, which guards the data privacy of citizens.Yet, inside the high-security facilities that keep our lights on, our trains running, and our banks functioning — the very engines of our national economic output — a dangerous blind spot remains on every single desk. It is the unmonitored smartphone. For decades, the standard defence for critical infrastructure industries was a concept known as the “air gap”.The logic was simple: if a vital operational computer is physically disconnected from the public internet, it cannot be hacked. But in the modern digital era, the air gap is an illusion. The threat today is no longer just a distant, faceless hacker trying to break through a corporate firewall. It is the silent, unmonitored flow of information crossing between secure workplace terminals and the personal mobile devices sitting in the pockets of employees, contractors, and visitors.The leakageThis creates what policy experts call a “cross-medium” security crisis. Imagine a senior operator at a power grid or a relationship manager at a bank branch. They sit before a highly secure corporate computer. If they try to email sensitive operational data or customer files to an external address, the system will immediately block the attempt and sound an alarm.However, right next to that computer is their personal smartphone, connected directly to a commercial 5G network. If that individual simply takes a photo of the computer screen or dictates sensitive financial figures into a personal voice-to-text app, the data has successfully escaped. It has jumped from a highly regulated, secure digital medium to an unmonitored, private one.The secure corporate network remains entirely blind to this leak because the data left the building over a private cellular channel. This is not just an IT annoyance; it is a direct tax on our Gross Domestic Product (GDP). In India alone, the average cost of a corporate data breach surged to an unprecedented ₹22 crore recently. When a major power grid or a banking network stalls due to a breach, the cascading halts in productivity ripple across the supply chain, shaving fractions off our national economic output.For a nation targeting sustained 7-8 per cent GDP growth, allowing unmonitored digital leaks to threaten industrial continuity is a fiscal luxury we cannot afford.The Privacy LoopholeWhen governments or organisations attempt to restrict these devices, they are frequently met with fierce resistance from special interest groups and privacy advocates. The argument usually presented is that an employee’s personal device is their sovereign property, and monitoring it constitutes an invasive overreach.However, this absolute privacy loophole is actively being weaponised by hostile entities to the detriment of national security and economic stability. Sophisticated bad actors exploit these civil liberty arguments to bring unmonitored “burner” phones into sensitive operational zones. Because organisations are pressured not to interfere with personal devices, these phones effectively act as rogue internet bridges inside secure walls.Insiders can effortlessly photograph proprietary data and upload it to private cloud storage. Because the upload occurs over a private cellular network, the organisation’s security team cannot see it, stop it, or trace it.We must ask a fundamental question: does the right to personal privacy include the right to carry an unmonitored digital straw capable of siphoning data and economic value out of a national asset?From Surveillance to SafetyTo secure our nation’s critical infrastructure, the government must introduce a simple but profound regulatory shift. It must mandate that all critical infrastructure facilities provide a Centrally Managed Access Network — essentially, a dedicated, highly secure corporate WiFi layer — specifically for personal and transient devices within their premises.Instead of an aggressive, impractical ban on phones, or the equally dangerous alternative of ignoring them, organisations must draw these devices into a managed digital environment. This operates exactly like a physical metal detector at an airport or a bank vault. A managed access network does not look at the content of an employee’s private communications.Instead, it looks only at the digital destinations. If a device sitting inside a bank’s treasury department tries to connect to a known malicious server abroad, the network gateway drops the connection and alerts security. The benefits of this approach vastly outweigh the privacy concerns. For the employee, it protects privacy better than current corporate trends, which often force workers to install invasive monitoring apps directly onto their personal phones.With a managed network, the oversight is purely situational and geographic — the moment the employee walks out of the building, the organisation’s visibility drops to absolute zero.Unlocking FDIBeyond immediate defence, this simple mandate carries a profound economic upside: it acts as a magnet for Foreign Direct Investment (FDI). Global capital is notoriously risk averse. When multinational corporations and sovereign wealth funds look to deploy billions into India’s manufacturing, energy, and financial technology sectors, “cyber-resilience” is now a primary metric on their investment dashboards.By implementing this policy, India can signal to the world that its critical infrastructure is “Secure by Design”. Establishing a mandated digital perimeter reassures foreign investors that their intellectual property, proprietary financial algorithms, and supply chain links are insulated from insider threats and cross-medium leaks. This elevates India’s global ease-of-doing-business rankings, converting systemic security into a competitive advantage that can pull multi-billion-dollar FDI inflows away from geopolitical rivals.The Path ForwardThe government can act today by utilising existing legislative cycles. Minor but impactful amendments could be introduced into the upcoming Digital India Act or updates to national cybersecurity guidelines. By defining the wireless airspace inside critical facilities as part of our national security perimeter, we can mandate this basic level of network traffic management.By regulating the flow of information at the lowest physical level — the office floor — we create a powerful, cascading shield upstream. It deters insider malice, prevents foreign adversaries from using personal phones as listening posts, and protects our national economic output.We cannot secure what we choose to ignore. By bringing the invisible traffic of personal devices into the light of a managed corporate network, India can close its most glaring digital vulnerability. It is time to recognise that digital perimeter control is no longer just a technical checkbox — it is a cornerstone of our national economic sovereignty.The writer is Former Scientific Secretary, Office of the Principal Scientific Advisor, Government of India. Views expressed are personalPublished on June 30, 2026