MeitY Holds National Workshop On State Cyber Security Frameworks

The Ministry of Electronics and Information Technology convened a national consultative workshop on “Strengthening Cyber Security Frameworks for State Data” at The Ashok Hotel on 11 May 2026. The event brought together senior officials from State and Union Territory governments, along with representatives from Indian Computer Emergency Response Team, National Informatics Centre, National e-Governance Division and senior MeitY officials.

The workshop formed Stage II of a four-stage departmental summit launched by the ministry following directions issued by Prime Minister Narendra Modi during the 5th National Conference of Chief Secretaries. The initiative aims to create a comprehensive national cybersecurity policy framework for all 36 States and Union Territories through structured consultations.

The workshop was chaired by Shri S. Krishnan, Secretary of the Ministry of Electronics and Information Technology. He stressed the importance of building a resilient digital governance ecosystem through coordinated efforts between the Union and State governments.

Moreover, Shri S. Krishnan said the protection of citizen data, including health records, land titles, educational credentials and welfare databases, is a core governance responsibility rather than a procedural requirement. He highlighted that the Digital Personal Data Protection Act, 2023 will become fully enforceable from 13 May 2027, making cybersecurity preparedness a legal obligation for all State departments handling citizen data.

He outlined four essential requirements for every State and Union Territory: a formally notified Cyber Security Policy, an empowered Chief Information Security Officer, an operational Security Operations Centre linked with the government SOC at National Informatics Centre, and a Cyber Crisis Management Plan implemented across departments.

Furthermore, the Secretary emphasised the principle of Secure by Design, urging States to integrate cybersecurity measures from the earliest stages of software development and procurement. He also warned about the rising threat of AI-enabled cyber attacks and called for proactive risk management frameworks across government IT systems.

The workshop discussed six national thematic areas, including risk-based assessments, protection of State Data Centres and State Wide Area Networks, incident response systems, legacy application modernisation, data classification, compliance with the Digital Personal Data Protection Act, 2023 and cybersecurity capacity building.

Dr. Sanjay Bahl, Director General of Indian Computer Emergency Response Team, presented an overview of the national cyber threat landscape. He highlighted ransomware campaigns targeting government data repositories, AI-enabled phishing attacks, supply-chain compromises and cloud security risks. He also urged every State to establish a formal State Computer Security Incident Response Team under CERT-In’s technical guidance.

Meanwhile, Shri V. T. V. Ramana of National Informatics Centre outlined the security architecture of NIC-managed State systems, including the Government Security Operations Centre, vulnerability assessment programmes and Zero Trust integration measures.

The workshop also allowed participating States and Union Territories to present their current cybersecurity preparedness, operational challenges and priority action areas. These inputs will help shape the national cybersecurity framework that is scheduled to be finalised during the National Departmental Summit in August 2026.

Following the consultative workshop, all States and Union Territories will conduct internal State-level workshops by 30 June 2026. Their recommendations and action plans will then be submitted to MeitY for the preparation of a final policy note, which will later be presented to the Cabinet Secretariat after the August summit.

With inputs from PIB