Days following Operation Sindoor witnessed the first cyber war. Jammu and Kashmir government, which spent more than Rs 300 crore and emerged as one of the leaders in e-governance in India, pushed its entire digital infrastructure to an induced sleep for one or another reason, a phenomenon that may require investigation, writes Masood Hussain
Shameem is the youngest of his 6-member family who is tech-savvy, well-read and also the technology’s lone ambassador at home. He has passwords for every member’s bank account and is the family’s only person who is mandated to manage everything on his phone. Withdrawing cash, making online payments, purchasing things online and most importantly, paying the power tariff in time, it is all his responsibility.
“For the last 10 days, I have been in a crisis,” Shameem regretted as he has a job where he can hardly spare any time to move around. “I am unable to pay my power tariff, and my aged parents will face a serious crisis if the lights go off.” He said he tried a thousand times, and finally, he had the only option of requesting the local lineman not to disconnect the lines, an option that was never practical. “I have no time to visit the bank and pay.”
In Jammu and Kashmir, it is not just with the Kashmir Power Distribution Corporation Ltd (KPDCL) alone. There are several applications which are not been operational for some time. It is said to be a major digital disruption in Jammu and Kashmir. The Government recently shifted the issuance of Domicile Certificates from the Service Plus portal to the Jan Sugam portal with the justification that it will improve service delivery and ensure better public access. Nobody is admitting that the main portal is not operational. The service delivery apps that are shut or silent include Bill Sahuliyat, Revenue Plus, JKPaySys, EMpower, Awam Ki Awaaz, eUnnat, and Apki Zameen Apki Nigrani. This has started creating a crisis for people who have been using these digital interfaces to access the services.
Informally, officials are talking about glitches, but nobody is coming on record to reveal the details, if any. However, the Jammu and Kashmir Bank, the main financial institution of the region, which usually would report downtime with added load, especially around festivals, exhibited a rare strength and is working normally. “We had no downtime and we had no issues at all,” one insider in the bank said. “We invested massively in the security of the digital infrastructure we have.”
In Deep Sleep Mode
The sudden offline of key service apps has triggered a sort of tension, and the people are asking if Jammu and Kashmir has gone completely virtual in the last few years, where the infrastructure is invisible. Efforts made by the government in the last few years were acknowledged at the highest level. It bagged a series of awards for taking the number of services from 35 in 2019 to more than 1166 services online by early 2025. The initiative had enhanced service delivery, reduced corruption, and increased citizen satisfaction.
In Jammu and Kashmir, the official digital universe is being managed by the Information Technology Department and the Jammu and Kashmir e-Governance Agency (JaKeGA). Established in 2009, the JaKeGa is the implementing agency for various IT and e-governance projects that Jammu and Kashmir’s IT department requires. Over the years, the twin institutions have spent quite an impressive amount on creating the digital infrastructure in Jammu and Kashmir.
In April, the Jammu and Kashmir government informed the newly constituted assembly that JaKeGA has implemented or is implementing 19 projects worth Rs 291.39 crore. These include digitisation of records of the civil secretariat for Rs 5.75 crore; Wi-fi connectivity of Civil Secretariat Jammu at Rs 9.50 crore; Upgradation of Data Centre for Jammu and Kashmir at an investment of Rs 124.66 crore; Smart Performance Appraisal Report Recording Online Window (e-SPARROW), a platform recording the Annual Performance Reports of the JKAS officers, for Rs 63.60 lakh; several smaller wired LAN projects for Rs 67 crore; a Digital Village Centre for Rs 6.38 crore; State Wide Area Network (SWAN) for Rs 72.22 crore; online domicile application for Rs 25 lakh; third party audit of various IT projects for Rs 4.99 crore.
On its own, the IT department has implemented six projects worth Rs 17.48 crore, the assembly was informed. These include booking an expenditure of Rs 2.50 crore on establishing an IT Cell; Rs 25 lakh for My Gov App; Rs 25 lakh for upgradation of IT Skills; Rs 2.50 crore for information, education and communication (IEC) awareness among employees; Rs 7 crore for new e-Governance initiatives; and Rs 4.98 crore for third party audit of various IT projects.
Several projects are still under implementation or in the tendering phase. These include the setting up of wired LANs at the Civil Secretariats in Jammu and Srinagar, the establishment of a near data centre in Srinagar parallel to the Jammu facility, and gap infrastructure to support the broader e-governance rollout.
The State Data Centre (SDC) has emerged as a key digital infrastructure initiative in Jammu and Kashmir, and according to the Economic Survey 2025, its current architecture and scale are being reviewed to transform it into the unified computing backbone for all government departments. A secure and cost-effective government cloud environment is planned within the existing SDC to host all government applications and data, adhering to the Meghraj cloud guidelines issued by the Government of India. The SDC will provide scalable compute and storage resources on demand to departments, eliminating the need for parallel infrastructure. A key component of the National e-Governance Plan, SDC is supposed to act as a central hub for storing, managing, and delivering digital services to citizens, businesses, and government departments across Jammu and Kashmir.
To ensure uninterrupted operations, a near disaster recovery centre (N-DRC) will be established within 10 kilometres of the main SDC to maintain business continuity of critical applications, while a remote disaster recovery centre (R-DRC) will be set up in a different seismic zone to guard against data loss in the event of a major disaster.
After The Cyber Attack
The government told the assembly that they engaged Grant Thornton LLP to audit more than 140 government websites and issued safe-to-host certificates to 60.
In the wake of Operation Sindoor, when the hackers, both state and non-state actors, from Pakistan, Indonesia, Korea, Bangladesh, parts of the Middle East and Malaysia mounted cyber attacks, Jammu and Kashmir’s digital platforms were shut – some because they could not withstand the attacks and mostly because they had enough loopholes and fell in most vulnerable pieces of digital infrastructure. Insiders in the digital space of Jammu and Kashmir said this was the first and the most significant attack on the digital space in India, with a focus on financial systems and public services. Reports appearing in the media said more than 15 lakh cyber intrusion attempts were recorded, although most were successfully thwarted.
“I am told that in Haryana, cyber attackers targeted the power supply and around 5000 consumers got disconnected in the attack and were pushed to grope in the dark,” a key technology techie with a focus on security said. “There were efforts to reconnect them to the supply line, but so far it has failed.”
In Jammu and Kashmir, the policymakers did not wait for the attacks. In a sweeping move, the Government put most of the websites in a sleeping mode. In a quick follow-up, they took several urgent measures following widespread non-compliance among its departments and public sector undertakings (PSUs) with mandatory security audit protocols.
Insiders in the government said several official websites went offline after they failed to secure valid security audit certifications from the Computer Emergency Response Team-In (CERT-In), as mandated by the Ministry of Electronics and Information Technology (MeitY). These audits, required annually, are designed to detect and mitigate vulnerabilities through procedures such as vulnerability assessments and penetration testing. Tragically, even the websites of agencies tasked with overseeing digital governance and IT assistance had been disabled for lack of certification!
The situation has exposed a significant gap in adherence to IT security standards, despite repeated government directives, including a General Administration Department (GAD) circular issued on March 27, 2024, which had warned departments to complete audits within a month or face shutdowns. The instructions were clear: failure to obtain certification through CERT-In empanelled agencies would result in the suspension of affected websites and services.
In a subsequent and more decisive action issued on May 21, the administration ordered the immediate deactivation of all privately hosted or unauthorised departmental websites, particularly those using non-official domain extensions like .com, .org, or .net, which do not comply with the Government of India’s domain guidelines. The National Informatics Centre (NIC)’s Jammu and Kashmir Centre has been tasked with assisting departments in migrating their websites to secure domains under .gov.in or .jk.gov.in. All future proposals for websites are to be routed through NIC and require approval from the IT Department.
Besides, to protect against data breaches and phishing attacks, it has been mandated that no official communication will be made or acknowledged if sent from personal email services such as Gmail, Yahoo, or Rediffmail. Departments must now ensure that all employees involved in administrative or public-facing duties are issued NIC-provided email addresses (@jk.gov.in or @gov.in). Any email from a non-government domain will be considered unofficial and may be ignored.
The IT cells of all departments are currently busy conducting an audit of their digital infrastructure, envisaging cataloguing desktops and laptops, verifying operating system authenticity and update status, checking for the use of pirated or outdated software, confirming the presence of active antivirus and firewall protections, and assessing network configurations and access points. Only genuine and currently supported systems, such as licensed Windows or Linux distributions, are permitted. Administrative privileges are to be monitored to reduce security risks. They have been granted a fortnight to submit detailed reports to the IT Department about domain statuses, email protocol compliance, audit findings, and any instances of pirated software, along with corrective plans. The digital crackdown is aimed at securing digital governance, restoring public trust in e-services, and aligning Jammu and Kashmir’s IT ecosystem with national cybersecurity standards, officials said.
Accountability
Insiders assert that while a lot of public funds have been spent on creating a digital infrastructure that is too vulnerable, people who have made decisions must face investigations. Even a BJP lawmaker, Ranbir Singh Pathani, had asked the relevant questions in the assembly. “Whether it is a fact that the Jammu and Kashmir e-Governance Agency (JaKeGA) sublets IT projects to private vendors instead of executing them in-house; if so, the details thereof with specific reference to the number of projects out sourced by JaKeGA during the last two years, the name of private vendors, terms of out sourcing agreements,” he had asked. “The steps taken for curbing commission-based sub-contracting practices.”
The government said nothing of this sort is happening in Jammu and Kashmir. Insiders, however, insist that the lack of oversight and transparency has resulted in people getting work on their terms. When the government hired a third party for digitising the records of the civil secretariat, the deserted hall of the Jammu and Kashmir Legislative Council was given to them for the work. In the hall, still, there are thousands of documents under the carpet, thrown and abandoned.
Post Script
Some websites have resumed, but mostly are in deep sleep awaiting mandatory audits.
