Don’t share ‘top secret’, ‘secret’ documents over internet: Govt warns employees

Jammu, Nov 25: The J&K government has warned its officials against sharing “top secret” and “secret” documents over the internet, using third-party tools like Whatsapp and Gmail.

However, there will be no such restriction on sharing ‘confidential’ and ‘restricted’ information over the internet, if shared through networks that have deployed commercial AES 256-bit encryption.

The officials have been asked to ensure the security and confidentiality of official communications by strictly adhering to these directives to avoid “potential risks.”

Potential risks have been identified as “unauthorized access, data breaches and leaks of confidential information.”

Sharing of “top secret” and “secret” information in a ‘work-from-home’ environment has been prohibited.

As per the National Information Security Policy and Guidelines (NISPG), the “top secret” and “secret” information should be shared only in a closed network with leased line connectivity where a Scientific Analysis Group (SAG) grade encryption mechanism is deployed.

The officials have been asked not to downgrade classification for sharing.

Smartphones and Digital Assistant Devices like Amazon's Echo, Apple's HomePod, Google Home, Alexa and Siri will not be allowed during discussions on classified issues.

In the same breath, the government has also warned that non-compliance will invite disciplinary action “as deemed appropriate by the administration.”

These directives have been issued after the government has taken serious cognisance of the increasing use of social media platforms for transmitting sensitive and secret information or confidential documents by officials.

“It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail and other similar platforms for transmitting sensitive, secret and confidential information. This practice poses significant risks to the integrity and security of the information being communicated. Using third-party communication tools can lead to several potential issues including unauthorised access, data breaches and leaks of confidential information,” it has been noted with concern in the directives.

It has been pointed out that these platforms (like WhatsApp and Gmail) are not specifically designed to handle classified or sensitive information and their “security protocols may not meet the stringent standards required for official communications.”

Consequently, the use of such tools can result in severe security breaches that jeopardise the integrity of governmental operations, it has been cautioned.

To emphasise the importance of exercising discretion and adhering to established protocols for handling official communications, particularly those of a sensitive, secret, or confidential nature, specific guidelines have been issued for the officers and officials of J&K.

Referring to ‘classified information’ which falls under four categories namely “top secret”, “secret”, “confidential” and “restricted”, it has been specified that the documents in the first two categories (top secret and secret) will not be shared over the internet.

For the communication of “confidential” and “restricted” information, the use of a government email (NIC email) facility or government instant messaging platforms, such as CDAC's Samvad, NIC's Sandesh etc, has been recommended.

However, the officials have been asked to remain cautious during the classification of information.

“Information that deserves a “top secret” and “secret” classification shall not be downgraded to “confidential” or “restricted” for sharing. In the context of the e-Office system, the departments must deploy proper firewalls and white-list IP addresses. The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security,” it has been instructed.

The departments have been asked to ensure that only authorized employees or personnel are allowed to access the e-Office system.

“However, “top secret", "secret" information shall be shared over the e-Office system only with a leased line closed network and SAG grade encryption mechanism,” it has been specified. Regarding Video Conferencing (VC) for official purposes, only government VC solutions offered by CDAC, CDOT and NIC may be used.

Meeting IDs and passwords, as per guidelines, should only be shared with authorized participants. For enhanced security, the ‘waiting room’ facility and prior registration of the participants may be utilized. Even then, “top secret”, and “secret” information will not be shared during the VC meetings.

Officials working from home have been directed to use security-hardened electronic devices, such as laptops and desktops connected to office servers via a VPN and firewall setup.

“It is important to note that “top secret” and “secret” information should not be shared in a work-from-home environment. Digital Assistant Devices such as Amazon's Echo, Apple's HomePod and Google Home should be kept out of the office during discussions on classified issues. Further Digital Assistants, such as Alexa and Siri should be turned off during official meetings in the office, used by employees. Smartphones should be deposited outside the meeting room when discussing classified information,” it has been instructed.

Though there is no reference on that account yet it is being presumed that recent developments in the United States and Canada may be behind this strict information security protocol.