MeitY Holds National Workshop to Strengthen Cyber Security Frameworks for State Data

The Ministry of Electronics and Information Technology (MeitY) organised a National Consultative Workshop on “Strengthening Cyber Security Frameworks for State Data” at The Ashok Hotel, New Delhi, on 11 May 2026. The workshop was chaired by MeitY Secretary S. Krishnan, and attended by senior officials from States and Union Territories, along with representatives from CERT-In, NIC, NeGD and MeitY.

The workshop marked the second stage of MeitY’s four-stage national initiative aimed at developing a comprehensive cybersecurity framework for State governments. The initiative follows directions issued by Prime Minister Narendra Modi during the 5th National Conference of Chief Secretaries and seeks structured consultations with all States and Union Territories.

Addressing participants, S. Krishnan stressed that cybersecurity is a governance responsibility and not merely a technical function. He highlighted the growing responsibility of State governments in safeguarding citizen data, including health, land, education and welfare records, amid expanding digital governance systems.

He noted that with the Digital Personal Data Protection Act, 2023 set to become fully enforceable from 13 May 2027, cybersecurity preparedness would become a legal obligation for departments handling citizen data.

The Secretary outlined four key institutional requirements for all States and Union Territories: a formally notified Cyber Security Policy, appointment of an empowered Chief Information Security Officer (CISO), establishment of a Security Operations Centre (SOC) integrated with NIC systems, and implementation of a Cyber Crisis Management Plan across departments.

He also underlined the need for continuous monitoring of disaster recovery systems, endpoint security and adoption of Secure-by-Design principles in digital infrastructure development. Highlighting emerging threats such as AI-enabled cyber attacks, he called for proactive risk management and stronger cyber hygiene practices among government officials.

The workshop discussed six thematic areas, including risk-based security assessments, securing State Data Centres and SWAN networks, strengthening incident response systems, legacy application modernisation, DPDP Act compliance and cybersecurity capacity building.

CERT-In Director General Dr. Sanjay Bahl briefed participants on the evolving cyber threat landscape, including ransomware attacks, AI-enabled phishing and cloud security risks. He urged States to establish dedicated State Computer Security Incident Response Teams under CERT-In’s technical framework.

NIC officials presented the cybersecurity architecture supporting State systems, including the Government Security Operations Centre and Zero Trust integration mechanisms.

The workshop also provided a platform for States and Union Territories to present their existing cybersecurity preparedness, operational challenges and reform priorities. Inputs gathered during the consultations will contribute to the final national cybersecurity framework to be discussed at the National Departmental Summit scheduled in August 2026.

As part of the next phase, States and Union Territories will conduct internal workshops by June 30, 2026, and submit structured recommendations to MeitY. The final report and reform roadmap will subsequently be submitted to the Cabinet Secretariat following the national summit.