Cybersecurity must be treated as core digital infrastructure : Alok Tiwari, MD, National Informatics Centre Services Inc

In an exclusive interaction with Express Computer, Alok Tiwari, MD, National Informatics Centre Services Inc (NICSI), shares how the organisation is anchoring India’s digital governance on cyber security and AI-led modernisation. He highlights NICSI’s focus on agentic AI for faster, secure transformation of legacy systems, the shift towards a coordinated national SOC framework, and the need to embed cyber security, data protection, and interoperability as core digital infrastructure. Looking ahead, he emphasises NICSI’s vision to secure national data centres, central and state systems, and district-level e-governance services, making cyber security a foundational pillar of India’s expanding Digital Public Infrastructure.

How do you see NICSI’s role in evolving AI-led transformation across government departments?

At NICSI, different branches of AI are being mapped and planned, but we see agentic AI as a major enabler for government transformation. In a positive sense, agentic AI can help departments modernise faster by converting legacy, monolithic applications into secure, microservices-based architectures. From my experience of designing, developing, and implementing large e-governance systems (such as in Environment & Forests/Parivesh and Food & Public Distribution), an end-to-end cycle typically takes around 1–1.5 years. Agentic AI can significantly reduce this effort by accelerating code migration, remediation, and secure-by-design development. While this may create disruption for some traditional developer roles, it also opens opportunities for higher-value work in architecture, governance, testing, and security. The biggest advantage is that faster modernisation leads to more secure and up-to-date systems, strengthening the government’s overall cyber security posture.

With cyber threats growing in scale and sophistication, what shifts are needed in how government organisations should approach cyber security and digital resilience?

The Government of India has taken proactive steps in 2024 and 2025, including strengthening frameworks and operational readiness. A key shift is the move toward a structured, multi-layer SOC (Security Operations Center) approach—GSOC at the central level, RSOC at the regional level, and SSOC at the state level—so that monitoring and response can be coordinated across the country. Another shift is clearer sectoral responsibility, such as telecom security being overseen by the Department of Telecommunications and telecom operators being mandated to run 24×7 SOCs. For the broader government ecosystem, responsibilities flow through MeitY, with implementation and operational support through NIC. The creation of a centralised national-level security view (referred to as NSCS) further strengthens coordination and visibility across the national cyber security landscape.

How will emerging technologies like AI, cloud, and automation help government systems move from reactive security to proactive cyber defence?

Earlier, organisations often reacted only after an attack, but the focus is now shifting to preventing incidents through continuous monitoring, early detection, and rapid mitigation. The government is building central Security operations Center (SOC) capability and strengthening SOC/NOC- driven operations to improve readiness. With large-scale telemetry collection targeting high events-per-second (EPS) intake from different states into a central monitoring framework—AI and automation can help detect anomalies faster, trigger alerts earlier, and execute response playbooks more efficiently. Cloud-scale processing and modern security tooling will enable proactive defence, reducing the impact of threats before they escalate and improving overall national digital resilience.

As India’s Digital Public Infrastructure expands, how should cyber security be reimagined as a foundational pillar of digital governance rather than a reactive safeguard?

Cyber security needs to be treated as core digital infrastructure, built into governance, architecture, and operations from the start, rather than added after incidents. This becomes even more critical as AI adoption grows and as quantum computing advances, which may challenge current encryption and security models over time. The government has already strengthened institutional capacity by creating dedicated cyber security roles within ministries and departments, where each ministry now has a CISO and Deputy CISO structure—typically a senior officer supported by a technical resource from NIC. Additional expert capacity has also been strengthened through deployments and external support from firms like Deloitte, EY, PwC, and KPMG. This approach helps embed cyber security into the foundation of digital governance, protecting government systems as well as citizen-facing services at scale.

Data is central to both digital governance and cyber security. What are the key challenges around securing data, sharing, interoperability, and privacy that government departments must address?

A core challenge is that data is still not consistently viewed as the primary asset and responsibility in governance. Many departments focus on physical security, but in a digital and distributed environment, data must be protected end to end. This includes securing both data at rest and data in motion. Data stored in databases must be encrypted so that even if unauthorised access occurs, the information remains unreadable. Similarly, data moving between locations must also be encrypted to prevent misuse if intercepted. Beyond security, a major gap lies in the lack of uniform data standards across government systems. While some standardisation efforts were undertaken earlier and platforms like data.gov.in exist, key elements such as address formats, biometric interfaces, and cyber safety practices are still not fully standardised. This limits interoperability and secure data sharing. A focused institutional effort, possibly through a dedicated wing within MeitY, is required to drive deep data standardisation so that systems can interoperate securely while safeguarding citizen privacy.

How can partnerships between government, industry, and startups accelerate innovation while ensuring accountability and compliance?

Structured partnerships are critical to accelerating innovation while maintaining accountability. Over the past decade, NICSI has enabled this by empanelling vendors and allowing departments to procure trusted services through established government mechanisms. This gives departments access to vetted vendors, ensures proper timelines, billing, and service-level agreements, and allows flexibility in vendor selection through shortlisting and competition. Importantly, this model also supports startups by giving them access to real government use cases, enabling them to scale their platforms and capabilities responsibly. In this way, empanelment creates a controlled yet innovation-friendly ecosystem where government, industry, and startups can collaborate effectively.

Looking ahead, what is your long-term vision for NICSI’s role in building a resilient, trusted, and future-ready cyber security framework for India’s digital governance ecosystem?

The long-term vision is to evolve NICSI from being largely manpower-driven to a strong enterprise-level organisation capable of designing, delivering, and running large-scale applications and cyber security programs. While NICSI and NIC already support many departments, fewer large enterprise applications are fully entrusted to them despite existing capabilities. To address this, NICSI is strengthening internal capacity by recruiting domain experts, CTOs, and solution architects to improve project design, RFP quality, and execution. The goal is to work collaboratively with large industry players and startups while building enough trust that government departments increasingly place major applications directly with NICSI. Recent responsibilities in national applications and critical cyber security for central government systems reflect growing confidence. Building on this trust, NICSI aims to secure national data centres, central and state systems, and district-level e-governance services, making cyber security a foundational pillar of India’s digital governance ecosystem.