The National e-Governance Division (NeGD), in partnership with Kerala State IT Mission (KSITM), organised a three-day Cyber Security Workshop in Thiruvananthapuram, bringing together over 100 government representatives to address critical cybersecurity challenges. Sandip Kumar, IAS, Director of KSITM, emphasised the growing importance of securing Kerala’s digital infrastructure and shared insights on key topics such as Cyber Resilience Ecosystems, Identity and Access Management (IAM), and AI’s role in cybersecurity.
The National e-Governance Division (NeGD) under the Ministry of Electronics and Information Technology (MeitY), in collaboration with the Kerala State IT Mission (KSITM) under the Department of Electronics & IT, Government of Kerala, recently organised a three-day Cyber Security Workshop in Thiruvananthapuram. Designed for Chief Information Security Officers (CISOs), Deputy CISOs, and Technical Officers of the Kerala Government, the workshop saw the participation of over 100 representatives from various state departments.
The workshop was inaugurated by Sandip Kumar, IAS, Director of KSITM, who emphasised the critical importance of cybersecurity in protecting Kerala’s digital infrastructure and ensuring the resilience of its e-governance services.
In an exclusive interaction with Express Computer, Kumar shared insights on pivotal topics such as the Cyber Resilience Ecosystem, Identity and Access Management (IAM), Artificial Intelligence (AI) in cybersecurity, and the implementation of Cyber Crisis Management Plans (CCMPs).
Edited excerpts:
As the Director of KSITM, you’ve emphasised the importance of cybersecurity in safeguarding Kerala’s digital infrastructure. Could you elaborate on some of the specific cybersecurity challenges Kerala is currently facing, and how this workshop is helping to address them?
The Kerala State Government views information technology as an enabler of socio-economic progress, presenting numerous business opportunities across geographic boundaries. The government has taken on the role of a facilitator, encouraging IT adoption in both the public and private sectors. However, as IT adoption has increased, so have information security risks.
With Kerala’s digital infrastructure rapidly expanding—particularly in government e-services, healthcare, and education—the need to secure sensitive data has grown more urgent. If critical systems are inadequately protected, they remain vulnerable to cyberattacks that could escalate into a national-level crisis.
Kerala faces a variety of cyber threats, including phishing, ransomware attacks, data breaches, botnets, and Distributed Denial of Service (DDoS) attacks. Additionally, there is a lack of cybersecurity awareness among users, from government employees to private-sector workers and the general public. This knowledge gap leads to weak password habits, unsafe browsing practices, and an underestimation of cyber risks.
To address these challenges, the Kerala government has prioritised awareness programs, robust security measures, and ongoing investments in cybersecurity infrastructure. The workshop fostered collaboration among government agencies, private firms, educational institutions, and cybersecurity experts. It also educated officials on recognising and responding to threats and emphasised the creation of a cybersecurity culture through secure practices like multi-factor authentication, regular software updates, and strong password policies.
Moreover, participants were familiarised with key cybersecurity laws, including India’s IT Act and DPDP Act, along with guidelines from CERT-In and NCIIPC. These measures are essential for compliance and help strengthen Kerala’s overall cybersecurity posture.
The workshop highlighted the significance of the Cyber Resilience Ecosystem and the role of Artificial Intelligence (AI) in enhancing cybersecurity. How do you foresee AI being integrated into Kerala’s cybersecurity framework, and what impact do you think it will have on state-level security?
AI holds immense potential to strengthen Kerala’s cybersecurity framework by enhancing threat detection, prevention, and response. It can automate real-time monitoring, detect anomalies, and predict cyberattacks before they occur. By collaborating across public and private sectors, AI can help establish a more resilient cybersecurity ecosystem. This will not only safeguard critical infrastructure but also improve the state’s readiness to handle and recover from cyber threats, ensuring greater overall security.
Data protection and privacy are core mandates for KSITM. With the new Data Protection Bill (DPDP Act 2023) in focus during the workshop, how is Kerala’s government preparing to comply with these regulations, and what steps are being taken to ensure the protection of citizens’ data across digital platforms?
The finalisation of rules under the DPDP Act is expected to significantly raise awareness about data protection and privacy in Kerala. The state is preparing to implement clear guidelines for data collection, storage, and processing, with a focus on transparency, consent, and accountability. These measures aim to address emerging data privacy challenges effectively, ensuring the security of citizens’ personal data and fostering greater trust in digital governance.
The workshop covered the importance of developing Cyber Crisis Management Plans (CCMPs). Can you share some insights into how KSITM plans to implement these plans at the state level, and how government departments will be trained to respond effectively to a cybersecurity crisis?
KSITM plans to implement Cyber Crisis Management Plans (CCMPs) through a structured, coordinated approach. This will include protocols for identifying, responding to, and mitigating cyber threats to ensure swift and efficient action during a crisis. A central command center will play a pivotal role in this strategy, overseeing and coordinating responses across sectors to maintain seamless communication and collaboration.
Training is a crucial aspect of implementation. KSITM aims to conduct regular cybersecurity drills, simulations, and tabletop exercises in collaboration with CERT-In. These exercises will familiarise government employees with their roles and responsibilities during crises, test response protocols, and enhance decision-making under pressure. Technical teams will receive advanced training, while senior officials will be trained on crisis communication and management.
Identity and Access Management (IAM) was a key topic discussed during the event. Given the growing complexity of digital governance, what are the primary IAM challenges faced by Kerala’s government departments, and how is KSITM addressing these to ensure robust security for government services?
Identity and Access Management (IAM) is integral to securing Kerala’s digital infrastructure, particularly the data centres managed by KSITM. These centres are crucial for Government-to-Government (G2G), Government-to-Citizen (G2C), and Government-to-Business (G2B) services.
KSITM is addressing IAM challenges by implementing advanced technologies such as Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and Single Sign-On (SSO). The Digital Kerala Architecture (DKA) serves as a foundational framework, integrating government services and infrastructure with secure and scalable systems for efficient user access management.
Regular audits and real-time monitoring are vital to maintaining the system’s integrity, ensuring that only authorised users can access sensitive data and services.