SUMMARY
Govt officials to not carry out classified work on private cloud services
Classified data should be encrypted before copying into the removable storage media
It also bans taking away a USB device out of offices unless authorised
Ministry of Home Affairs has issued internet usage guidelines for government officials at the centre. Reportedly, government employees have been cautioned against accessing social media on official devices, including mobile phones and computers, unless permitted. The government also directed officials not to carry out classified work on computers connected to private cloud services (Google Drive, Dropbox, iCloud etc) and instead use standalone systems.
The ministry’s cyber and information security division deals with cybercrime, the National Information Security Policy & Guidelines (NISPG) and implementation of NISPG. The move aims to prevent security breach and ensuring sensitivity of data.
“On an average, 30 attempts are made every day by foreign entities to hack into or deface government portals and unlawfully extract confidential information,” a government official was quoted as saying by ET.
The guidelines further mention:
- Classified data should be encrypted before being copied into removable storage media designated to store classified information
- Classified information should be stored only on organisation-allocated removable storage media for work purposes
- Ban on taking USB device out of offices unless authorised
- Ban on sending classified information via emails
- Restriction on using official email accounts on public Wi-Fi connections
The government has urged employees to set up Media Access Control or ‘MAC’ address filters in wireless routers, which will only allow those MAC addresses that have been whitelisted to access the internet.
According to World Economic Forum’s 14th edition of Global Risks Report 2019, the world’s ability to foster collective action in the face of urgent major crisis has reached critical levels, with worsening international relations hindering action across a growing array of serious challenges, including cybersecurity.
“Malicious cyber-attacks and lax cybersecurity protocols again led to massive breaches worldwide of personal information in 2018 and the largest were in India,” the report mentioned.
As Supratim Chakraborty, Associate Partner Khaitan & Co. highlighted once, India’s approach with respect to the protection of its cyber assets thus far has been dictated after cybersecurity incidents come to light, particularly where the systems of the government have been impacted.
Chakraborty and many other experts have called for proactive rather than a reactive approach like this, and the government’s latest usage guidelines are a way to tackle internal weak points that are often a big factor in such cyber attacks.
[The development was reported by ET]
