In a significant move to enhance information security, the Jammu and Kashmir Government has issued a directive prohibiting its officers and officials from using third-party platforms such as WhatsApp and Gmail for sharing sensitive and confidential communications. This decision comes in response to a growing trend among government employees to utilize these platforms, which the government deems poses serious risks to the integrity and security of official information.
A circular released by the General Administration Department (GAD) outlined the dangers associated with using non-secure communication tools, including unauthorized access, data breaches, and potential leaks of confidential information. The government emphasized that these platforms are ill-equipped to handle classified information, lacking the necessary security measures for safeguarding official communications.
To address these vulnerabilities, the GAD has introduced new guidelines categorizing classified information into four levels: “top secret,” “secret,” “confidential,” and “restricted.” The circular explicitly states that “top secret” and “secret” documents must not be shared over the internet. Instead, such high-level documents should only be transmitted through closed networks equipped with leased line connectivity and SAG-grade encryption mechanisms, as per the National Information Security Policy Guidelines (NISPG).
While “confidential” and “restricted” information may be shared over the internet, the government stipulates that only networks employing commercial AES 256-bit encryption are permissible. Officials are strongly encouraged to utilize official communication channels, including Government email (NIC email) and secure instant messaging platforms like CDAC’s Samvad and NIC’s Sandesh.
Moreover, the government has stressed the importance of accurately classifying information and avoiding the downgrading of high-level documents for convenience. To bolster security, departments are advised to implement robust firewalls and maintain a whitelist of IP addresses. Access to the e-Office system must be conducted through a Virtual Private Network (VPN), with the stipulation that top-secret and secret information should only be transmitted via e-Office systems utilizing leased line networks with SAG-grade encryption.
In terms of video conferencing, the government mandates the use of official solutions provided by CDAC, CDOT, and NIC. Meeting IDs and passwords are to be shared solely with authorized participants, while additional security features such as ‘Waiting Room’ and prior registration are recommended. Notably, discussions involving top-secret and secret information are strictly prohibited during video conferences.
This directive underscores the Jammu and Kashmir Government’s commitment to safeguarding sensitive communications and ensuring that all official interactions adhere to stringent security protocols.
