SRINAGAR: Chief Secretary, Atal Dulloo, today chaired a crucial meeting to thoroughly review cyber security measures safeguarding government websites and critical infrastructure across Jammu and Kashmir.
The meeting, besides the Secretary IT, was attended by all Administrative Secretaries of various departments, and key officers from NIC, JaKeGA, and the IT Department.
In this meeting, the Chief Secretary underscored the urgent need for fixing clear timelines for completing website security audits, stressing that prolonged website downtime causes significant inconvenience to the public. He emphasized that all exercises must be time-bound, with a focus on reviving all important websites at the earliest.
Furthermore, he directed the immediate decommissioning of all redundant and unused websites, stating they serve no purpose and pose unnecessary security risks.
To bolster internal capabilities, the Chief Secretary advocated for capacity building of all departmental Chief Information Security Officers (CISOs) and Information Security Officers (ISOs). This initiative aims to empower them to conduct future website audits independently, thereby mitigating potential security compromises.
He also mandated the installation of necessary security software on all devices used for official work and strictly directed the discontinuation of private email IDs for official communications, citing the inherent security risks to official data and devices.
Addressing infrastructure needs, the Chief Secretary took note of the requirement for augmenting the State Data Centre (SDC) in Jammu. He directed the IT Department to promptly initiate the process using available funds, assuring that additional requisite funding would be provided as the work progresses.
During the meeting, Administrative Secretaries also contributed valuable suggestions to enhance the overall security of IT assets and prevent data breaches.
The Secretary, IT, Dr. Piyush Singla, took this occasion to provide a comprehensive presentation detailing the safety and security precautionary measures undertaken by the department to ensure the cybersecurity of all government websites and assets. He informed the meeting that an audit agency has been engaged to conduct security audits of websites/portals hosted at the J&K SDC.
Dr. Singla highlighted the current status of websites hosted at the J&K SDC. He gave out that of a total of 239 websites, 140 are live. Of the 99 non-live websites, 70 are currently under audit by a Third-Party Auditor (TPA), 11 are under departmental audit, 10 are yet to be audited but are covered under the audit plan, 6 more have been allocated for auditing but their staging is not ready, and 2 websites have been decommissioned till date.
He further informed that to expedite the security audit process, the TPA has been requested to engage four additional resources, with the audit of all pending websites expected to be completed within the next two months. Regular follow-ups with CISOs/ISOs is done by the Department and detailed reports are being shared with all Administrative Secretaries for their appraisal.
Regarding other departmental measures, it was reported that Endpoint Detection and Response (EDR) deployment is underway at the Civil Secretariat in Jammu and Srinagar, with 4011 EDR and 1789 UEM installations completed. VPN access has been restricted to users with Multi-Factor Authentication (MFA), and all routers have been configured to accept requests only from India. Furthermore, Standard Operating Procedures (SOPs) have been mandated for opening IP/Ports via firewalls only.
The meeting was also informed that compliance with CERT-In and OWASP top 10 guidelines is being strictly enforced for all websites and web applications. To ensure public convenience and data security, the audit of critical applications such as Land Records, NGDRS, and CVS Portal has been initiated, and reports have been shared with respective departments for mitigation actions and necessary source code patching as required under the cybersecurity framework.
