Srinagar, Jul 15: Chief Secretary Atal Dulloo on Tuesday led a critical review meeting focused
on enhancing cyber security protocols to protect government websites and vital infrastructure
across Jammu and Kashmir. The meeting was attended by the Secretary IT, all Administrative
Secretaries, and key officials from NIC, JaKeGA, and the IT Department.
During the session, the Chief Secretary called for establishing clear timelines for website
security audits, saying that prolonged website outages cause significant inconvenience to the
public. He directed that all security assessments be completed promptly, with an emphasis on
swift website revival.
He ordered the immediate decommissioning of redundant and unused websites to eliminate
unnecessary security vulnerabilities. To strengthen internal capabilities, Dulloo stressed
capacity building for Chief Information Security Officers (CISOs) and Information Security
Officers (ISOs) to enable independent audits and reduce reliance on external agencies.
The Chief Secretary mandated the installation of security software on all official devices and
strictly prohibited the use of private email IDs for official communication, citing security risks.
Addressing infrastructure, he directed the IT Department to expedite the augmentation of the
State Data Centre (SDC) in Jammu, assuring additional funding would be provided as needed.
The meeting also included valuable suggestions from Administrative Secretaries aimed at
bolstering overall IT security and preventing data breaches.
Dr Piyush Singla, Secretary IT, presented a detailed overview of ongoing security measures. He
reported that out of 239 government websites hosted at the J&K SDC, 140 are live, with 99
under various stages of audit—70 by a third-party auditor, 11 departmental audits, and others in
progress or scheduled. He indicated that the audit process would be accelerated with four
additional resources engaged, aiming to complete all pending audits within two months.
The department is also deploying Endpoint Detection and Response (EDR) systems at the Civil
Secretariat, with over 4,000 installations completed, and VPN access restricted to users with
Multi-Factor Authentication (MFA). Routers are configured to accept requests only from India,
and SOPs for opening IP/Ports via firewalls are mandated.
Compliance with CERT-In and OWASP Top 10 guidelines is being enforced across all digital
assets, it was informed. Critical applications such as Land Records, NGDRS, and CVS Portal
are undergoing security audits, with mitigation and patching measures underway to ensure data
security and integrity.
