J&K govt bans use of third party tools for transmitting official documents; However, there will be no such restriction on sharing “confidential” and “restricted” information over the internet, provided they were shared via networks that have deployed commercial AES 256-bit encryption
The J&K government has embargoed its officials from using third party tools like Whatsapp and Gmail to transmit “top secret” and “secret” documents via these platforms as they risk data breach and leaks.
However, there will be no such restriction on sharing “confidential” and “restricted” information over the internet, provided they were shared via networks that have deployed commercial AES 256-bit encryption.
In the government order, officials have been directed to strictly ensure security and confidentiality of official communications by abiding by government directions to avoid “potential risks.”
Potential risks were described as “unauthorised access, data breaches and leaks of confidential information.”
The government has banned sharing of “top secret” and “secret” information in a “work-from-home” environment. As per the National Information Security Policy and Guidelines (NISPG), the “top secret” and “secret” information should be shared only in a closed network with leased line connectivity where a scientific analysis group (SAG) grade encryption mechanism is deployed.
Officials have also been asked not to downgrade classification for sharing.
Smartphones and digital assistant devices like Amazon’s Echo, Apple’s HomePod, Google Home, Alexa and Siri will not be allowed during discussions on classified issues. “Non-compliance will invite disciplinary action as deemed appropriate by the administration,” read the order.
The government observed that there had been increasing use of social media platforms for transmitting sensitive and secret information or confidential documents by the officials. “This practice poses significant risks to the integrity and security of the information being communicated. Using third-party communication tools can lead to several potential issues including unauthorised access, data breaches and leaks of confidential information,” the order read further.
“The use of such tools can result in severe security breaches that jeopardise the integrity of governmental operations”, it stated.
The departments have been asked to ensure that only authorised employees or personnel are allowed to access the e-office system. “However, ‘top secret’, ‘secret’ information shall be shared over the e-office system only with a leased line closed network and SAG grade encryption mechanism,” stated the order.