SRINAGAR: The Jammu and Kashmir government has directed the officers to avoid using third-party applications to share official information. The guidelines are expected to enhance the security of official communications and safeguard classified information.
To address the growing concerns over the use of third-party tools such as WhatsApp and Gmail for transmitting sensitive, secret, and confidential information, the government according to a circular no. 26-JK(GAD) of 2024, has emphasised the risks associated with such practices, including unauthorized access, data breaches, and leaks of classified information.
The order calls for strict adherence to secure communication protocols to preserve the integrity of governmental operations.
The key directives in the order include: Use of Government Communication Platforms: Officials are instructed to utilize NIC email and government-mandated messaging platforms like CDAC’s Samvad and NIC’s Sandesh for CONFIDENTIAL and RESTRICTED communications.
The government has instructed the officials that the top secret information must be transmitted only via closed networks with SAG-grade encryption, while CONFIDENTIAL and RESTRICTED information may use commercial AES 256-bit encryption. Similarly, the departments are supposed to ensure VPN and firewall-protected access to e-Office systems, restricting usage to authorized personnel only. Regarding the Video Conferencing Protocols, the Government-approved VC solutions must be employed, with precautions like Meeting IDs, passwords, and waiting room features. The top secret details are prohibited during Video Call meetings.
The order clarifies the Work-from-Home Guidelines that state that secure, hardened devices with VPN connections are required for remote work. The sharing of top secret data remotely has been strictly forbidden. Furthermore, the government has prohibited the Digital Assistants in meetings like Amazon Echo and Google Home, as well as features like Alexa and Siri, must be disabled or removed during discussions on classified matters.
The circular warns that non-compliance will lead to disciplinary actions. (ANB)
PTI adds
The Jammu and Kashmir government has banned the use of third-party tools like WhatsApp and Gmail for transmission of sensitive official documents, saying it can lead to data breaches and leaks.
These platforms are not specifically designed to handle classified or sensitive information, and their security protocols may not meet the stringent standards required for official communications, an order passed by the General Administration Department on Saturday.
“It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information. This practice poses significant risks to the integrity and security of the information being communicated,” the order read.
It said using third-party communication tools can lead to several potential issues including unauthorised access, data breaches, and leaks of confidential information.
“Consequently, the use of such tools could result in severe security breaches that jeopardize the integrity of governmental operations,” the order reads.
The GAD issued guidelines for the officials to follow while handling official communication.
“Classified information falls under the following four categories namely, Top Secret, Secret, Confidential and Restricted. A ‘Top Secret’ and ‘Secret’ document shall not be shared over the Internet. According to NISPG, the ‘Top Secret’ and ‘Secret’ information shall be shared only in a closed network with leased line connectivity where a SAG-grade encryption mechanism is deployed.
However, ‘Confidential’ and ‘Restricted’ information can be shared on internet through networks that have deployed commercial AES 256-bit encryption,” it added.
The directive said the use of government email facility or government instant messaging platforms (such as CDAC’s Samvad, NIC’s Sandesh etc) is strongly recommended for the communication of ‘Confidential’ and ‘Restricted’ information.
“Care should be taken during the classification of information; information that deserves a ‘Top Secret/Secret’ classification shall not be downgraded to Confidential/ Restricted for the purpose of sharing,” it added.
In the context of the e-Office system, departments have been directed to deploy proper firewalls and white-list IP addresses.
“The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security. Departments may ensure that only authorised employees/personnel are allowed to access the e-Office system.
“However, Top secret/Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism,” it said.
It said there was a blanket ban on sharing any top secret or secret information through video conferencing. The officials working from home have been directed to use security-hardened electronic devices (such as laptops, desktops) connected to office servers via a VPN and firewall setup.
‘Top Secret’ and ‘Secret’ information should not be shared while working from home, it said.
The order said digital assistant devices such as Amazon’s Echo, Apple’s HomePod, Google Home, etc. should be kept out of the office during discussions on classified issues.
“Digital assistants (such as Alexa, Siri) should be turned off during official meetings in the office used by employee. Smartphones should be deposited outside the meeting room when discussing classified information,” the order said.
In light of the risks, all officers and officials were directed to adhere strictly to the guidelines to ensure the security and confidentiality of official communications.
“Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration,” the order read.
Visit: Valley Vision News
