SRINAGAR: Chief Secretary Atal Dulloo on Monday directed that the cyber security audit of all government websites in Jammu and Kashmir be completed within two months, stressing the need for time-bound processes to avoid public inconvenience due to prolonged website outages.
Chairing a high-level review meeting attended by the Secretary IT, Administrative Secretaries, and officials from NIC, JaKeGA, and the IT Department, the Chief Secretary instructed immediate decommissioning of redundant websites and called for urgent revival of critical government portals. He said that non-functional websites pose both security risks and service delivery issues.
Of the 239 government websites hosted at the JK State Data Centre (SDC), 140 are currently live. Of the remaining 99, 70 are under audit by a Third-Party Auditor (TPA), 11 are under departmental audit, 10 are covered in the audit plan but yet to start, 6 await staging before audit, and 2 have been decommissioned, according to the IT Department.
To speed up the process, the TPA has been asked to engage four additional resources. The audit of the remaining websites is expected to be completed within two months. Regular follow-ups and audit status reports are being shared with all Administrative Secretaries.
The Chief Secretary also directed strict discontinuation of private email use for official work and instructed installation of security software on all government devices. He stressed the need for training Chief Information Security Officers (CISOs) and Information Security Officers (ISOs) to build internal capacity for conducting future audits.
He further instructed the IT Department to initiate augmentation of the State Data Centre in Jammu using available funds and assured additional financial support as needed.
Providing an update, Secretary IT Dr Piyush Singla highlighted ongoing cybersecurity initiatives including Endpoint Detection and Response (EDR) and Unified Endpoint Management (UEM) deployment in the Civil Secretariats in Jammu and Srinagar. A total of 4011 EDR and 1789 UEM installations have been completed.
VPN access has now been restricted to users with Multi-Factor Authentication (MFA), and all routers have been configured to respond only to domestic IP addresses. Standard Operating Procedures (SOPs) have been enforced for firewall changes.
Compliance with CERT-In and OWASP top 10 guidelines is being monitored across all websites. Audits have also been initiated for critical applications like Land Records, NGDRS, and the CVS portal, and audit findings have been shared with departments for source code patching and other mitigation steps.
Administrative Secretaries attending the meeting shared inputs to strengthen overall IT security and ensure uninterrupted public access to government services.
