Indian bureaucracy is often said to run on meetings fueled by food. The adage that there are no free lunches is well known, but Ambassador Latha Reddy, India's Deputy National Security Adviser from 2011 to 2013, put a novel spin on it. 
 
She quietly built one of the most consequential policy systems in modern Indian governance, using South Indian lunches as her instrument of progress. Meals that Ambassador Latha Reddy not only loved personally but also delighted in sharing with others.
 
Tasked with building India's cybersecurity architecture from scratch, Ambassador Reddy faced a challenge that was less technical than territorial: multiple ministries, departments, and agencies, each fiercely protective of their turf. 
 
The need for sensitivity was clear, but a common table was needed to clarify roles in the national cyber domain. Coordinating India's sprawling bureaucracy on unfamiliar terrain, such as cybersecurity, remained difficult. 
 
Ambassador Reddy’s elegant solution was to invite key bureaucrats to lunch, not for a formal meeting or a white-paper consultation, but for a South Indian meal from the iconic Saravana Bhavan, served informally in her Delhi office.
 
Ambassador Reddy and her team used idlis, vadas, masala dosas, lemon rice and chutneys to settle issues that had been deadlocked in official settings. The informality mattered: food dissolved hierarchy and conversations that might have dragged on for months in official correspondence moved forward decisively. 
 
Competing claims over cyber jurisdiction between intelligence agencies, the Ministry of Information Technology, defense establishments and the PMO were ironed out, one serving of chutney at a time.
 
The result was a consolidated architecture and cybersecurity policy presented to the National Security Council of India. After NSC clearance, the Ministry of Electronics and Information Technology (MeitY) formally proposed it, and it eventually received the Union Cabinet's approval. 
 
The National Cyber Security Policy of 2013 (NCSP-2013), published in July 2013, designated a national nodal agency for cyber security coordination. This established the 24x7 CERT-In as the response body and mandated the creation of the National Critical Information Infrastructure Protection Center (NCIIPC). It was a landmark document, the product of years of negotiation.
 
What made the achievement even more remarkable was who took notice. Former National Security Adviser Shivshankar Menon, who would present the policy to Prime Minister Manmohan Singh, told a "rather astounded" Prime Minister that the cyber architecture had come together thanks to "Latha's famous lunches." 
 
The phrase that struck a chord was "dosa diplomacy," a witty nod to how Reddy leveraged culinary soft power to lay the basis for India's first cyber governance framework. Ambassador Reddy, during her posting as DDG at ICCR, learned the significance of soft power diplomacy both internationally and domestically.
 
This story is more than a charming anecdote. It reveals a basic truth about governance in a system as complex as India's: formal authority only goes so far. What moves bureaucracies, ultimately, is trust built in close proximity, across group meals, in unguarded moments where candor is possible without fear of official record. Reddy’s genius rested in engineering those moments, disguising a policy workshop as a lunch.
 
The story's relevance endures. India continues to work on an updated cybersecurity framework, with NCIIPC, CERT-In, MeitY, and the National Security Council Secretariat still managing overlapping mandates. 
 
Reddy herself reflected that what is needed is not necessarily more lunches, but the same spirit: "very open and frank discussions over where the overlaps are occurring, why the overlaps are occurring, and trying to resolve those differences." The dosas may be optional. The honesty is not.