New Delhi: Ministry of Electronics and Information Technology reviewed a national cyber security framework for protecting State government data during a consultative workshop in New Delhi. The workshop focused on strengthening digital governance systems and improving cybersecurity preparedness across States and Union Territories.
S. Krishnan chaired the meeting. Senior officials from State governments, CERT-In, NIC, MeitY, and NeGD attended the discussions. Officials said the workshop formed the second stage of a four-phase national consultation process.
S. Krishnan said protection of citizen data remained a governance responsibility rather than only a technical task. He stated that the Digital Personal Data Protection Act, 2023, would become fully enforceable from May 13, 2027. He also stressed the need for stronger institutional systems to secure government databases.
The Secretary outlined four major requirements for States and Union Territories. These included a notified cybersecurity policy, appointment of Chief Information Security Officers, operational Security Operations Centres, and Cyber Crisis Management Plans. He also urged departments to follow secure-by-design principles during application development and procurement.
Cyber security framework focuses on State preparedness
Officials discussed six national themes during the workshop. These included risk-based security assessments, protection of State Data Centres, incident response systems, Zero Trust Architecture, data classification, and cybersecurity awareness programmes. Authorities also reviewed preparedness for AI-enabled cyber attacks and ransomware threats.
Indian Computer Emergency Response Team Director General Sanjay Bahl highlighted risks from phishing attacks, cloud misconfigurations, and supply-chain compromises. He urged States to establish Computer Security Incident Response Teams under CERT-In guidance.
Officials said all States and Union Territories would conduct internal workshops before June 30, 2026. MeitY will prepare a final report based on recommendations from States. The Ministry will discuss the final cyber security framework during a national summit scheduled for August 2026.
