Srinagar, Nov 25: The Jammu & Kashmir government has urged its officials to avoid using the internet or smartphones for transmitting sensitive data, stating that the risks associated with third-party communication platforms like WhatsApp and Gmail are increasing as they are used for sharing confidential government information.
In the circular, the government expressed growing concern over the use of such platforms, warning that they pose substantial threats to data security.
“Third-party tools such as WhatsApp, Gmail, and other similar platforms are not designed for handling classified information. Their security measures may fall short of the stringent standards required for official communication, leading to potential data breaches, unauthorized access, and leaks,” the circular states.
The government has categorized classified information into four levels: "Top Secret," "Secret," "Confidential," and "Restricted." As per the new guidelines, “Top Secret” and “Secret” information must never be shared over the internet, and smart devices should be kept outside the meeting room during discussions involving classified content.
Echoing cybersecurity standards, the circular references the National Information Security & Policy Guidelines (NISPG), which mandate that "Top Secret" and "Secret" information be shared only through closed networks with leased line connectivity, protected by a high-level encryption mechanism. “Confidential” and “Restricted” information can be transmitted over the internet, provided that commercial AES 256-bit encryption is deployed.
To further safeguard communications, the government encourages the use of official government email platforms, such as NIC email, and secure messaging tools like CDAC's Samvad and NIC's Sandesh for sharing “Confidential” and “Restricted” information.
Video conferencing, often used for official communications, is also subject to strict security protocols. “Top Secret” and “Secret” information should not be shared during video calls, which must only be conducted on government-approved platforms such as those provided by CDAC, CDOT, and NIC. To enhance security, meetings should use features like the ‘Waiting Room’ and require prior registration of participants.
The circular also outlines guidelines for securing the e-Office system, instructing departments to implement firewalls, whitelisting of IP addresses, and Virtual Private Networks (VPNs) for enhanced protection. Access to the e-Office system should be limited to authorized personnel, with “Top Secret” and “Secret” information shared exclusively over a closed network with a leased line and high-level encryption.
For officials working remotely, the government mandates the use of security-hardened devices like laptops or desktops connected to office servers via VPN and firewalls, it reads further.
The circular also said that “Top Secret” and “Secret” information should never be shared in a work-from-home setting.
(With KNO Inputs)