A three-day Cyber Security and Best Practices Workshop for Chief Information Security Officers (CISOs) of the Government of Uttarakhand was organised at the Civil Services Institute from September 23-25, 2024. Organised by the Information Technology Development Agency (ITDA) in collaboration with the National e-Governance Division (NeGD) under the Ministry of Electronics and Information Technology (MeitY), the workshop featured 25 participants from over 20 state departments.
Inaugurated by Nitika Khandelwal, IAS, Director of ITDA, the workshop aimed to enhance the cybersecurity posture of government departments by equipping officers with the skills necessary to address evolving cyber threats. The workshop’s key objectives included raising awareness about cybersecurity governance and risk management, providing practical knowledge in network, cloud, and application security, and training participants in developing Cyber Crisis Management Plans (CCMP) while addressing identity and access management challenges. The program featured hands-on training and practical sessions designed to strengthen cybersecurity protocols, ensure compliance with national standards, and enhance incident response capabilities.
This initiative marked a significant step towards establishing a robust cybersecurity framework for the Uttarakhand Government, contributing to the broader vision of a secure and digitally empowered India under the Digital India initiative. Express Computer spoke to Nitika Khandelwal to seek more insights into the initiatives.
Here are the edited excerpts:
Question: Could you provide some background on the Chief Information Security Officer workshop organised in collaboration with NeGD?
Answer: Absolutely. This workshop was part of a capacity-building initiative by NeGD, which has been conducting national-level workshops. This time, we hosted it in Uttarakhand, focusing on cyber security and information security—topics that have gained immense relevance recently. Cyber security is a subject that has to have strict protocols in the wake of cyber threats looming large across the government sector. Establishing a strong cyber security culture is crucial, but implementing the necessary protocols effectively is even more important.
With the rise of cyber threats, ensuring the security of our systems is paramount. It’s like the COVID analogy—no one is safe until everyone is safe. We recognize the pressing need for our IT department to collaborate with various other departments that are embarking on e-governance projects. While we provide services, it’s essential to understand how their IT ecosystems need to be protected and what protocols must be followed. We also focused on clarifying the roles and responsibilities of Chief Information Security Officers (CISOs) during the workshop, which concluded successfully, featuring excellent speakers.
Each department is mandated to appoint or nominate a Chief Information Security Officer. As the Director of IT, I serve as a guiding force along with representatives from various departments, including UPCL, Transport and other departments. The workshop aimed to orient these CISOs on our IT directives, national cyber security framework, existing cyber laws, and their specific responsibilities.
Question: How do you plan to integrate the lessons learned from this workshop into existing cyber security policies?
Answer: First, we will circulate the existing protocols among departments. Regular interactions will help ensure that these protocols are implemented effectively. Additionally, we are planning to establish a state-level Cyber Emergency Response Team (CERT-UK) to support departments in handling cyber incidents. This team will focus particularly on sensitive departments like UPCL and Transport, which have advanced IT systems. Our vision is for Uttarakhand to be a pioneer in implementing robust cyber security measures.
Question: How do you envision collaboration with other state agencies or private sector players in enhancing cyber security?
Answer: The NeGD workshops have already started incorporating industry perspectives by including speakers. This collaboration between government and private entities is vital as IT systems evolve. Moving forward, we plan to host regional or national workshops in Uttarakhand, allowing other states to share their experiences in combating cyber threats and enhancing security measures. I believe we will have to involve private players as we move towards adopting advanced and updated IT products and technologies across the digital transformation journey.
Question: Can you share some specific cyber security challenges currently faced in Uttarakhand?
Answer: Certainly. One major challenge is the rise in cyber crime, which has been alarming. This increase mirrors trends across India. Another challenge arises from the rapid implementation of e-governance initiatives across various departments. While technology improves service delivery, it also exposes us to new cyber risks. We encourage departments to adhere to non-negotiable security protocols during implementation, but there’s often resistance due to time constraints. However, we’ve developed security components ourselves to help audit and ensure compliance. Our vision is to keep improving upon these areas as we move forward.
Question: How would you assess the current status of digital transformation initiatives in Uttarakhand?
Answer: I would say Uttarakhand is on a very robust path toward digital transformation, ranking fourth nationally in e-service delivery assessments and first among hilly states. We have introduced the Citizen Centric service delivery platform e-Services ‘Apuni Sarkar’ to enable all services under one umbrella in response to the consistent challenges faced by the citizens of Uttarakhand to avail the services on time.
Further, we’ve implemented systems to capture project data and have made significant strides with e-office initiatives. We have established a solid foundation for digital systems to improve public service delivery.