SRINAGAR, Jul 15: Chief Secretary Atal Dulloo on Tuesday chaired a high-level meeting to comprehensively review cyber security measures protecting government websites and critical digital infrastructure across Jammu and Kashmir.
The meeting was attended by Secretary IT, Dr. Piyush Singla; all Administrative Secretaries; and senior officials from NIC, JaKeGA, and the IT Department.
During the discussion, the Chief Secretary underlined the urgent need to fix clear timelines for website security audits, highlighting that prolonged downtime creates significant inconvenience for the public. He emphasized that all exercises must be completed within a definite time frame, ensuring critical websites are revived at the earliest.
Mr. Dulloo also directed the immediate decommissioning of redundant and unused websites, noting they pose unnecessary security risks and serve no practical purpose.
To build in-house expertise, he called for capacity building programmes for departmental Chief Information Security Officers (CISOs) and Information Security Officers (ISOs), so they can conduct future website audits independently and reduce external dependency.
Further strengthening safeguards, the Chief Secretary instructed:
- Installation of mandatory security software on all official devices.
- Discontinuation of private email IDs for official communication to protect sensitive data.
Addressing infrastructure requirements, he took note of the need to augment the State Data Centre (SDC) in Jammu. He directed the IT Department to begin the process immediately using available funds, while assuring that additional funding would be arranged as work progresses.
Administrative Secretaries also provided suggestions on preventing data breaches and strengthening IT asset security.
Status and ongoing measures
Secretary IT, Dr. Piyush Singla, gave a detailed presentation outlining current initiatives to secure government websites and portals. He informed that an audit agency has been engaged to conduct third-party security audits of websites hosted at the J&K SDC.
Out of 239 websites,
- 140 are live
- 99 are currently non-live, including:
- 70 under audit by the third-party auditor
- 11 under departmental audit
- 10 yet to be audited (covered under the plan)
- 6 allocated for audit (awaiting staging)
- 2 decommissioned so far
To speed up the process, the audit agency has been requested to deploy four additional resources, with audits of all pending websites expected to finish within two months. Regular follow-ups are being conducted with CISOs and ISOs, and detailed status reports are shared with Administrative Secretaries.
Additional cyber security measures include:
- Deployment of Endpoint Detection and Response (EDR) tools at Civil Secretariats in Jammu and Srinagar (4,011 EDR and 1,789 UEM installations completed).
- Restricting VPN access to users with Multi-Factor Authentication (MFA).
- Configuring all routers to accept requests only from India.
- Enforcing Standard Operating Procedures (SOPs) for opening IPs/ports via firewalls.
Dr. Singla further highlighted strict compliance with CERT-In and OWASP top 10 guidelines for all web applications. The audit of critical applications like Land Records, NGDRS, and CVS Portal has also been initiated, with reports shared with concerned departments for required source code patching and mitigation.
The Chief Secretary concluded by reiterating that cyber security is a shared responsibility, urging all departments to remain vigilant and proactive in protecting the digital assets that serve millions across Jammu and Kashmir.
Recent Comments