Latest news with #NIC-provided
Indian Express
22-05-2025
- Politics
- Indian Express
Amid cyberattacks, J&K tells departments: Shut down unauthorised govt websites
The Jammu and Kashmir government Wednesday asked its departments to shut down all their privately hosted and unauthorised departmental websites in view of the growing risks associated with unauthorised digital platforms, outdated hardware and software infrastructure, and increasing incidents of data compromise and phishing, officials have said. Significantly, the instructions have come amid continued barrage of cyberattacks on various Indian government websites from hackers in Pakistan after the April 22 Pahalgam terrorist attack killing 25 tourists and a local pony operator. These cyberattacks reportedly continue even after the announcement of ceasefire between two countries on May 10. Over 15 lakh cyberattacks reportedly targeting critical infrastructure websites were traced to Pakistan, Bangladesh, Indonesia and Middle East, sources said, adding that almost all of them had been unsuccessful. Although the incursions have considerably declined after the ceasefire, they have not fully stopped, they added. Pointing out that it has come to notice that various departments are operating official websites using private domains such as '.com', '.org', or '.net', which are not aligned with the Government of India guidelines on official domain usage, a circular issued by the General Administration Department on Tuesday ordered that 'all such privately hosted/unauthorized departmental websites shall be deactivated forthwith'. It asked the National Informatics Centre (NIC), J&K Centre to assist departments in migrating all the existing websites to security and authenticated government domains, preferable under '. or '. 'No future departmental websites shall be developed or hosted on non-government domains,' it added. While referring to extensive deliberations held at a meeting chaired by J&K Chief Secretary on the need for enforcing 'a secure, standardised, and policy compliant digital an IT environment across government establishments', it said that all proposals for new websites must be routed through NIC and approved by the Information Technology (IT) Department. It asked the officials that not to make or respond to any official communication if it is transmitted from non-government email accounts such as Gmail, Yahoo, Rediffmail etc., adding that they 'shall mandatorily use NIC-provided email Ids (@ for all forms of official correspondence' so as to maintain data confidentiality and prevent leakage of sensitive information. The head of departments (HoDs) shall ensure immediate issuance and activation of official NC email IDs for all staff involved in administrative or public facing roles, adding that 'any emails received from non-NIC domains shall be treated as unofficial and may not be acted upon'. It also asked all the Chief Information Security Officers (CISOs)/Information Security Officers (ISOs) designated in each department to conduct a detailed census and audit of the IT infrastructure including number and specifications of desktops/laptop systems, status of operating systems (licensed/unlicensed, updated/outdated), inventory of installed software (genuine vs pirated), antivirus/firewall status and last update logs, network architecture, access points and security configuration. It must be ensured that all machines run genuine, licensed and currently supported operating systems (e.g Windows 11, Linux variants etc.), and no pirated, obsolete, or end of life software is used. It also called for protection of devices with active antivirus/firewall systems, saying that administrative access to systems was restricted and being monitored.
The Hindu
21-05-2025
- Business
- The Hindu
J&K Govt. offices ordered to stop using unofficial digital platforms
The J&K government on Wednesday (May 21, 2025) barred its departments from acquiring non-official domains and directed officials not to use non-official mailing services. 'In view of the growing risks associated with unauthorised digital platforms, outdated hardware/software infrastructure, and increasing incidents of data compromise and phishing, a comprehensive set of instructions is hereby issued for immediate implementation and strict compliance,' an order issued by J&K's General Administration Department (GAD) said. The GAD mandated all the departments to adopt stringent cybersecurity practices, terminate unauthorised digital platforms, and ensure full compliance with official IT governance protocols. It has directed immediate 'deactivation of all departmental websites operating on non-official domains like .com, .org, or .net.' 'Government websites will be hosted exclusively on authenticated domains such as '. or '. it said. Personal email banned The government also barred the use of personal email services such as Gmail, Yahoo, or Rediffmail for any official communication. 'All communications must be conducted using NIC-provided official email IDs. Emails from unofficial domains will be treated as invalid and may be ignored,' it said. The order also underlined that any proposals for new websites must be routed through the National Informatics Centre (NIC) and approved by the Information Technology Department to ensure uniformity and compliance with cyber standards. The administration has also ordered a comprehensive IT infrastructure audit across all departments. 'Chief Information Security Officers (CISOs) and Information Security Officers (ISOs) are tasked with compiling hardware and software inventories, verifying licensed systems, ensuring the presence of antivirus/firewall solutions, and assessing network security configurations. A standardised reporting format will be provided by the IT Department for uniformity,' it said.. Cyber hygiene The NIC will conduct cyber hygiene and threat response training for IT staff. These sessions will cover topics such as email security configuration, CERT-In reporting protocols, and safe digital practices. The order strictly prohibits the use of pirated or outdated software, stating that all IT procurements must adhere to the minimum technical standards set by the IT Department. All the departments have been given a 15-day deadline to submit detailed compliance reports. 'Failure to comply will invite disciplinary action under the relevant administrative and IT conduct rules,' the order said.
