Does DISHA hack back?
No. The doctrine rejects retaliation and unauthorised external action.
DISHA public architecture
Defend. Protect. Preserve. Never initiate.

Direct Answer
The DISHA No-First-Use doctrine means the architecture may defend authorised environments, preserve evidence, isolate risk, recover systems and protect public-interest records. It does not initiate offensive cyber action, hacking back, malware deployment, credential theft, unauthorised scanning or retaliation against external systems.
Page Facts
How this works in DISHA v6.6 runtime
DISHA does not turn every input into truth. It turns every input into a record that can be examined.
The current runtime uses a typed mission signal. A signal can include raw text, evidence files, geospatial points, threat indicators, requested action, data-source references, sensitivity, user role, device trust, action risk and telemetry risk.
Permitted defensive actions may include blocking hostile inbound activity, restricting untrusted outbound activity, rate limiting abusive traffic, isolating compromised devices, quarantining suspicious files, revoking risky sessions, rotating keys, preserving evidence and recovering from a trusted state.
The doctrine refuses hacking back, external exploitation, credential theft, malware deployment, unauthorised scanning, destructive retaliation, disruption of third parties and self-propagating behaviour. Defence cannot become the reason to attack.
A defensive system may identify risk, preserve material and propose action. Irreversible consequence belongs behind policy, authority and human review.
This page does not publish attack methods, exploit paths, credentials or restricted control logic. It states the public boundary: defensive protection without retaliation.
Research note
DISHA No-First-Use Cyber Doctrine is part of the DISHA public architecture record authored by Nitish Kumar (@thenitishkr). It is written for scrutiny and source-aware reading, not blind acceptance.
Nitish Kumar (@thenitishkr). "DISHA No-First-Use Cyber Doctrine." thenitishkr.in, 2026-06-29. https://thenitishkr.in/disha/no-first-use-policy/
Continue through DISHA
FAQ
No. The doctrine rejects retaliation and unauthorised external action.
Only within authorised defensive environments and subject to the policy boundary.
Evidence preservation allows later review, correction, reporting or lawful escalation.
No. It is a public doctrine statement and must remain subject to applicable law and authority.
Next step
Explore Yudh and Vyuha formations.