MeitY convenes national workshop to strengthen state cyber security frameworks

NEW DELHI: Ministry of Electronics and Information Technology (MeitY) has convened a national consultative workshop aimed at strengthening cyber security frameworks for state government data, as India prepares for stricter digital governance and data protection compliance under the Digital Personal Data Protection Act, 2023.

Held at The Ashok Hotel in New Delhi on 11 May 2026, the workshop brought together principal secretaries, senior officials from states and Union Territories, along with representatives from Indian Computer Emergency Response Team (CERT-In), National Informatics Centre (NIC), National e-Governance Division (NeGD) and MeitY.

The workshop forms the second stage of a four-part departmental summit initiative launched by MeitY following directions from Narendra Modi during the 5th National Conference of Chief Secretaries.

Chairing the session, Ministry of Electronics and Information Technology (MeitY) secretary S. Krishnan stressed that safeguarding citizen data held by state governments was no longer merely an administrative requirement but a governance responsibility. He pointed to increasing digitisation of public services including health records, land titles, educational certificates and welfare databases as areas demanding stronger cyber resilience.

Krishnan added, “India’s digital governance ecosystem must be not only expansive but resilient. The protection of citizen data held in trust by State governments is a governance responsibility and not merely a technical obligation.”

Krishnan also warned that with the DPDP Act becoming fully enforceable from 13 May 2027, cybersecurity preparedness would become a legal obligation for every state department handling citizen data.

During the workshop, MeitY outlined four foundational requirements for states and Union Territories, including a formally notified cybersecurity policy, appointment of empowered chief information security officers (CISOs), operational security operations centres (SOCs) integrated with NIC systems, and comprehensive cyber crisis management plans.

The discussions also highlighted concerns around AI-enabled cyberattacks, ransomware threats, phishing campaigns and cloud security vulnerabilities.

Indian Computer Emergency Response Team (CERT-In) director general Sanjay Bahl presented an overview of the national threat landscape and urged every state to establish dedicated Computer Security Incident Response Teams under CERT-In’s technical framework.

Meanwhile, National Informatics Centre (NIC) officials showcased the government’s cybersecurity architecture, including Security Operations Centres, Zero Trust integration and vulnerability assessment programmes aimed at securing public digital infrastructure.

The workshop deliberated on six broad themes, including risk-based assessments of state IT assets, modernisation of legacy applications, data classification frameworks, compliance with the DPDP Act and large-scale cybersecurity skilling programmes for government officials.

K. K. Singh briefed participants on the broader national cybersecurity policy architecture, while Savita Utreja presented the regulatory framework and policy evidence shaping the consultations.

States and Union Territories also shared their existing cybersecurity capabilities, operational gaps and implementation challenges, inputs that will feed into the final national framework expected to be discussed during the National Departmental Summit scheduled for August 2026.

Before that, all states and Union Territories have been asked to conduct internal state-level workshops by 30 June 2026 and submit structured recommendations to MeitY.

As India’s public infrastructure becomes increasingly digital, the Centre’s message to states is becoming clearer: cyber security can no longer sit quietly in the server room. It now belongs firmly in the boardroom of governance.