Srinagar, Nov 25:
The government on Monday asked officers and officials to ensure the security and confidentiality of official communications, underling that the increasing trend of using third-party tools poses significant risks to the integrity and security of the information being communicated.
“It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information,” reads a circular, a copy of which lies with GNS.
“This practice poses significant risks to the integrity and security of the information being communicated.”
Using third-party communication tools can lead to several potential issues including unauthorized access, data breaches and leaks of confidential information, it said.
“These platforms are not specifically designed to handle classified or sensitive information, and their security protocols may not meet the stringent standards required for official communications.” Consequently, the use of such tools could result in severe security breaches that jeopardize the integrity of governmental operations, it said.
To emphasize the importance of exercising discretion and adhering to established protocols for handling official communications, particularly those of a sensitive, secret, or confidential nature, the government issued guidelines for the officers and the officials of Jammu and Kashmir.
Underlining that classified information falls under the four categories namely, TOP SECRET, SECRET, CONFIDENTIAL and RESTRICTED, it said, the TOP SECRET and SECRET document shall not be shared over the internet. “According to NISPG, the TOP SECRET and SECRET information shall be shared only in a closed network with leased line connectivity where SAG grade encryption mechanism is deployed.” However, CONFIDENTIAL and RESTRICTED information can be shared on internet through networks that have deployed commercial AES 256-bit encryption.
“The use of government email (NIC email) facility or government instant messaging platforms (such as CDAC’s Samvad, NIC’s Sandesh etc.) is strongly recommended for the communication of CONFIDENTIAL and RESTRICTED information.” Care should be taken during the classification of information, it said.
“Information that deserves a TOP SECRET/ SECRET classification shall not be downgraded to CONFIDENTIAL/ RESTRICTED for the purpose of sharing.”
In the context of the e-Office system, the circular emphasised that the Departments must deploy proper firewalls and white-list of IP addresses. “The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security.” Decadents may ensure that only authorized employees and personnel are allowed to access to the e-Office system, it said. “However, Top secret/Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism.”
Regarding Video Conferencing (VC) for official purposes, it said, only Government VC solutions offered by CDAC, CDOT and NIC may be used. “Meeting ID and passwords should only be shared with authorized participants.” For enhanced security, it said, the ‘Waiting Room’ facility and prior registration of the participants may be utilized. “Even then, Top Secret/ Secret information shall not be shared during the VC meetings.”
Officials working from home should use security-hardened electronic devices (such as Laptops, Desktops, etc.) connected to office servers via a VPN and Firewall setup, it said. “It is important to note that Top Secret and Secret information should not be shared in a work-from-home’ environment.”
Digital Assistant Devices such as Amazon’s Echo, Apple’s HomePod, Google Home, etc. should be kept out of the office during discussions on classified issues, it said. “Further Digital Assistants, (such as Alexa, Siri, etc.) should be turned off during official meetings in the office used by employee.” Smart phones should be deposited outside the meeting room when discussing classified information, it said.
“In light of the potential risks outlined above, all officers and officials are directed to adhere strictly to these guidelines to ensure the security and confidentiality of official communications,” the Circular said, adding, “Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration.” (GNS)