The Jammu and Kashmir government has banned the use of third-party tools like WhatsApp and Gmail for transmission of sensitive official documents, saying it can lead to data breaches and leaks.
These platforms are not specifically designed to handle classified or sensitive information, and their security protocols may not meet the stringent standards required for official communications, an order passed by the General Administration Department on Saturday.
"It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information. This practice poses significant risks to the integrity and security of the information being communicated," the order read.
It said using third-party communication tools can lead to several potential issues including unauthorised access, data breaches, and leaks of confidential information.
"Consequently, the use of such tools could result in severe security breaches that jeopardize the integrity of governmental operations," the order reads.
The GAD issued guidelines for the officials to follow while handling official communication.
"Classified information falls under the following four categories namely, Top Secret, Secret, Confidential and Restricted. A 'Top Secret' and 'Secret' document shall not be shared over the Internet. According to NISPG, the 'Top Secret' and 'Secret' information shall be shared only in a closed network with leased line connectivity where a SAG-grade encryption mechanism is deployed.
However, 'Confidential' and 'Restricted' information can be shared on internet through networks that have deployed commercial AES 256-bit encryption," it added.
The directive said the use of government email facility or government instant messaging platforms (such as CDAC's Samvad, NIC's Sandesh etc) is strongly recommended for the communication of 'Confidential' and 'Restricted' information.
"Care should be taken during the classification of information; information that deserves a 'Top Secret/Secret' classification shall not be downgraded to Confidential/ Restricted for the purpose of sharing," it added.
In the context of the e-Office system, departments have been directed to deploy proper firewalls and white-list IP addresses.
"The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security. Departments may ensure that only authorised employees/personnel are allowed to access the e-Office system.
"However, Top secret/Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism," it said.
It said there was a blanket ban on sharing any top secret or secret information through video conferencing. The officials working from home have been directed to use security-hardened electronic devices (such as laptops, desktops) connected to office servers via a VPN and firewall setup.
'Top Secret' and 'Secret' information should not be shared while working from home, it said.
The order said digital assistant devices such as Amazon's Echo, Apple's HomePod, Google Home, etc. should be kept out of the office during discussions on classified issues.
"Digital assistants (such as Alexa, Siri) should be turned off during official meetings in the office used by employee. Smartphones should be deposited outside the meeting room when discussing classified information," the order said.
In light of the risks, all officers and officials were directed to adhere strictly to the guidelines to ensure the security and confidentiality of official communications.
"Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration," the order read.