The Jammu and Kashmir government has issued a stern directive to officers and officials, emphasizing the need to ensure the security and confidentiality of official communications.
The administration has expressed concern over the increasing use of third-party tools, such as WhatsApp and Gmail, for transmitting sensitive information, highlighting the significant risks posed to the integrity and security of governmental data.
A circular released by the government states, "There is an alarming trend among officers and officials to use third-party tools for transmitting sensitive, secret, and confidential information."
It further warns, "This practice poses significant risks to the integrity and security of the information being communicated."
The use of such third-party communication tools can lead to unauthorized access, data breaches, and leaks of confidential information. These platforms are not designed to handle classified information and lack the stringent security protocols required for official communications.
Consequently, their use could result in severe security breaches that jeopardize governmental operations.
Classified information not be shared through the internet.
To underscore the importance of discretion and adherence to established protocols, the government has issued detailed guidelines for handling official communications. The guidelines categorize information into TOP SECRET, SECRET, CONFIDENTIAL, and RESTRICTED. It mandates that TOP SECRET and SECRET documents should not be shared over the internet. According to the National Information Security Policy and Guidelines (NISPG), such information must only be shared within a closed network with leased line connectivity and SAG-grade encryption. CONFIDENTIAL and RESTRICTED information can be shared online but must use networks with commercial AES 256-bit encryption.
The government strongly recommends using official email (NIC email) and government instant messaging platforms, such as CDAC's Samvad and NIC's Sandesh, for communicating CONFIDENTIAL and RESTRICTED information. The circular also advises careful classification of information, ensuring that TOP SECRET/SECRET data is not downgraded for the sake of convenience.
In the context of the e-office system, the circular stresses the deployment of proper firewalls and whitelisting of IP addresses. Access to the e-office server should be through a Virtual Private Network (VPN) to enhance security. Only authorized personnel should have access to this system, and TOP SECRET/SECRET information should only be shared over a leased line closed network with SAG-grade encryption.
For official video conferencing (VC), the government recommends using solutions provided by CDAC, CDOT, and NIC. Meeting IDs and passwords should be shared only with authorized participants, and security features like the 'Waiting Room' and prior registration of participants should be utilized. Even then, TOP SECRET/SECRET information should not be shared during VC meetings.
Officials working from home are instructed to use security-hardened electronic devices connected to office servers via a VPN and firewall setup. It is crucial that TOP SECRET and SECRET information is not shared in a work-from-home environment.
The government has also advised against the presence of Digital Assistant Devices, such as Amazon's Echo and Google Home, in offices during discussions on classified issues. Digital assistants, like Alexa and Siri, should be turned off during official meetings, and smartphones should be deposited outside meeting rooms when discussing classified information.
The circular concludes by directing all officers and officials to strictly adhere to these guidelines to safeguard the security and confidentiality of official communications. Non-compliance with these directives may result in disciplinary action by the administration.
