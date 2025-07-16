Srinagar, Jul 15: Chief Secretary Atal Dulloo on Tuesday led a critical review meeting focused

on enhancing cyber security protocols to protect government websites and vital infrastructure

across Jammu and Kashmir. The meeting was attended by the Secretary IT, all Administrative

Secretaries, and key officials from NIC, JaKeGA, and the IT Department.

During the session, the Chief Secretary called for establishing clear timelines for website

security audits, saying that prolonged website outages cause significant inconvenience to the

public. He directed that all security assessments be completed promptly, with an emphasis on

swift website revival.

He ordered the immediate decommissioning of redundant and unused websites to eliminate

unnecessary security vulnerabilities. To strengthen internal capabilities, Dulloo stressed

capacity building for Chief Information Security Officers (CISOs) and Information Security

Officers (ISOs) to enable independent audits and reduce reliance on external agencies.

The Chief Secretary mandated the installation of security software on all official devices and

strictly prohibited the use of private email IDs for official communication, citing security risks.

Addressing infrastructure, he directed the IT Department to expedite the augmentation of the

State Data Centre (SDC) in Jammu, assuring additional funding would be provided as needed.

The meeting also included valuable suggestions from Administrative Secretaries aimed at

bolstering overall IT security and preventing data breaches.

Dr Piyush Singla, Secretary IT, presented a detailed overview of ongoing security measures. He

reported that out of 239 government websites hosted at the J&K SDC, 140 are live, with 99

under various stages of audit—70 by a third-party auditor, 11 departmental audits, and others in

progress or scheduled. He indicated that the audit process would be accelerated with four

additional resources engaged, aiming to complete all pending audits within two months.

The department is also deploying Endpoint Detection and Response (EDR) systems at the Civil

Secretariat, with over 4,000 installations completed, and VPN access restricted to users with

Multi-Factor Authentication (MFA). Routers are configured to accept requests only from India,

and SOPs for opening IP/Ports via firewalls are mandated.

Compliance with CERT-In and OWASP Top 10 guidelines is being enforced across all digital

assets, it was informed. Critical applications such as Land Records, NGDRS, and CVS Portal

are undergoing security audits, with mitigation and patching measures underway to ensure data

security and integrity.