The Jammu and Kashmir government Wednesday asked its departments to shut down all their privately hosted and unauthorised departmental websites in view of the growing risks associated with unauthorised digital platforms, outdated hardware and software infrastructure, and increasing incidents of data compromise and phishing, officials have said.
Significantly, the instructions have come amid continued barrage of cyberattacks on various Indian government websites from hackers in Pakistan after the April 22 Pahalgam terrorist attack killing 25 tourists and a local pony operator. These cyberattacks reportedly continue even after the announcement of ceasefire between two countries on May 10.
Over 15 lakh cyberattacks reportedly targeting critical infrastructure websites were traced to Pakistan, Bangladesh, Indonesia and Middle East, sources said, adding that almost all of them had been unsuccessful. Although the incursions have considerably declined after the ceasefire, they have not fully stopped, they added.
Pointing out that it has come to notice that various departments are operating official websites using private domains such as “.com”, “.org”, or “.net”, which are not aligned with the Government of India guidelines on official domain usage, a circular issued by the General Administration Department on Tuesday ordered that “all such privately hosted/unauthorized departmental websites shall be deactivated forthwith”.
It asked the National Informatics Centre (NIC), J&K Centre to assist departments in migrating all the existing websites to security and authenticated government domains, preferable under “.govt.in” or “.jk.gov.in”. “No future departmental websites shall be developed or hosted on non-government domains,” it added.
While referring to extensive deliberations held at a meeting chaired by J&K Chief Secretary on the need for enforcing “a secure, standardised, and policy compliant digital an IT environment across government establishments”, it said that all proposals for new websites must be routed through NIC and approved by the Information Technology (IT) Department.
It asked the officials that not to make or respond to any official communication if it is transmitted from non-government email accounts such as Gmail, , Rediffmail etc., adding that they “shall mandatorily use NIC-provided email Ids (@jk.gov.in/…@gov.in) for all forms of official correspondence” so as to maintain data confidentiality and prevent leakage of sensitive information.
The head of departments (HoDs) shall ensure immediate issuance and activation of official NC email IDs for all staff involved in administrative or public facing roles, adding that “any emails received from non-NIC domains shall be treated as unofficial and may not be acted upon”.
It also asked all the Chief Information Security Officers (CISOs)/Information Security Officers (ISOs) designated in each department to conduct a detailed census and audit of the IT infrastructure including number and specifications of desktops/laptop systems, status of operating systems (licensed/unlicensed, updated/outdated), inventory of installed software (genuine vs pirated), antivirus/firewall status and last update logs, network architecture, access points and security configuration.
It must be ensured that all machines run genuine, licensed and currently supported operating systems (e.g Windows 11, Linux variants etc.), and no pirated, obsolete, or end of life software is used. It also called for protection of devices with active antivirus/firewall systems, saying that administrative access to systems was restricted and being monitored.
