Srinagar: The Jammu and Kashmir government has banned the officials from using third-party applications like WhatsApp, Gmail and tools for sharing the official information and documents for preventing leakage of the confidential and secret information.
The government said that these applications and tools are not designed to handle classified or sensitive information and their security protocols do not meet the government standards.
"There is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information. This practice poses significant risks to the integrity and security of the information being communicated," the General Administration Department (GAD) Secretary Sanjeev Sharma said in an order issued on Monday evening.
Sharma said that the use of third-party communication tools can lead to unauthorized access, data breaches, and leaks of confidential information and their use could result in severe security breaches that jeopardize the integrity of governmental operations.
While issuing a slew of directions on which tools and channels the officials can use for official communication and convening e-meetings, the government explained the classified information falls under top secret, secret, confidential and restricted.
Sharma said the top secret and secret document shall not be shared over the internet. According to NISPG, the top secret and secret information shall be shared only in a closed network with leased line connectivity where SAG grade encryption mechanism is deployed. However, confidential and restricted information can be shared on internet through networks that have deployed commercial AES 256-bit encryption
"The use of government email (NIC email) facility or government instant messaging platforms (such as CDAC'S Samvad, NIC'S Sandesh etc. is strongly recommended for the communication of confidential and restricted information. Care should be taken during the classification of information that deserves a top secret and secret. Classification shall not be downgraded to confidential/ restricted for the purpose of sharing," Sharma said.
In the context of the e-Office system, the departments must deploy proper firewalls and white-list of IP addresses.
"The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security. Departments may ensure that only authorized employees/personnel are allowed to access to the e- Office system. However, Top secret/Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism," he said.
Regarding video conferencing (VC) for official purposes, only government VC solutions offered by CDAC, CDOT and NIC may be used.
"Meeting ID and passwords should only be shared with authorized participants. For enhanced security, the Waiting Room' facility and prior registration of the participants may be utilized. Even then, Top Secret/ Secret information shall not be shared during the VC meetings," Sharma said.
The government has restricted the employees for using smartphones while working from home.
"Use security-hardened electronic devices (such as Laptops, Desktops, etc.) connected to office servers via a VPN and Firewall setup. It is important to note
that Top Secret and Secret information should not be shared in a work-from-home' environment," Sharma said.
Digital Assistant Devices such as Amazon's Echo, Apple's HomePod, Google Home, etc. should be kept out of the office during discussions on classified issues. Further Digital Assistants, (such as Alexa, Siri, etc.) should be turned off during official meetings in the office used by employee.
"Smart phones should be deposited outside the meeting room when discussing classified information," he said.