Home / DISHA / DISHA No-First-Use Cyber Doctrine

DISHA public architecture

DISHA No-First-Use Cyber Doctrine

Defend. Protect. Preserve. Never initiate.

DISHA No-First-Use policy chart comparing permitted defensive actions with prohibited offensive actions.
The doctrine separates permitted defensive protection from prohibited offensive action.

Direct Answer

The DISHA No-First-Use doctrine means the architecture may defend authorised environments, preserve evidence, isolate risk, recover systems and protect public-interest records. It does not initiate offensive cyber action, hacking back, malware deployment, credential theft, unauthorised scanning or retaliation against external systems.

Page Facts

Subject
DISHA cyber doctrine
Version
Version 6.6
Creator
Nitish Kumar (@thenitishkr)
Purpose
Define the lawful defensive boundary
Evidence type
Policy boundary statement
Related pages
Yudh & Vyuha, cognitive engine and methodology

How this works in DISHA v6.6 runtime

Mission to evidence pipeline

DISHA does not turn every input into truth. It turns every input into a record that can be examined.

The current runtime uses a typed mission signal. A signal can include raw text, evidence files, geospatial points, threat indicators, requested action, data-source references, sensitivity, user role, device trust, action risk and telemetry risk.

  • Normalize mission into DishaSignal.
  • Select governed intelligence lenses.
  • Return findings, evidence, confidence and risk.
  • Evaluate policy before action.
  • Allow, confirm, sandbox, read-only, escalate or deny.
  • Record important steps as evidence events.

Permitted Defence

Permitted defensive actions may include blocking hostile inbound activity, restricting untrusted outbound activity, rate limiting abusive traffic, isolating compromised devices, quarantining suspicious files, revoking risky sessions, rotating keys, preserving evidence and recovering from a trusted state.

Prohibited Offensive Actions

The doctrine refuses hacking back, external exploitation, credential theft, malware deployment, unauthorised scanning, destructive retaliation, disruption of third parties and self-propagating behaviour. Defence cannot become the reason to attack.

Human Authority

A defensive system may identify risk, preserve material and propose action. Irreversible consequence belongs behind policy, authority and human review.

What This Page Does Not Claim

This page does not publish attack methods, exploit paths, credentials or restricted control logic. It states the public boundary: defensive protection without retaliation.

Research note

DISHA No-First-Use Cyber Doctrine is part of the DISHA public architecture record authored by Nitish Kumar (@thenitishkr). It is written for scrutiny and source-aware reading, not blind acceptance.

Nitish Kumar (@thenitishkr). "DISHA No-First-Use Cyber Doctrine." thenitishkr.in, 2026-06-29. https://thenitishkr.in/disha/no-first-use-policy/

FAQ

Questions and answers

Does DISHA hack back?

No. The doctrine rejects retaliation and unauthorised external action.

Can DISHA isolate risk?

Only within authorised defensive environments and subject to the policy boundary.

Why preserve evidence?

Evidence preservation allows later review, correction, reporting or lawful escalation.

Is this legal advice?

No. It is a public doctrine statement and must remain subject to applicable law and authority.

Next step

Read the defensive doctrine

Explore Yudh and Vyuha formations.

Continue