Witnessing massive violation of national communication security policy guidelines and instructions of the government by officials and to control leaks of classified information, a new communication security advisory has been issued by the intelligence structure, News18 has learned.
According to the sources, the new communication has asked all government officials not to use WhatsApp, Telegram, etc., to share confidential information as private companies control storage servers outside the country and can be misused for different exchanges. Sources said that the communication has also given instructions on videoconferencing and officials working from home.
All ministries have been asked to take “urgent steps” to stop such violations and follow the communication security policies and guidelines while dealing with confidential, secret, or restricted communications.
“Various officials scan a classified document, store it in their mobile and send and share with others through private applications. New devices pose a big risk for national security and must be avoided while discussing important classified or secret issues by all ministries,” a senior official aware of the development told News18 on the condition of anonymity.
Top government sources said that the new communication sent to all ministries advises that officials keep their smartphones and smartwatches outside the room during meetings where classified issues are to be discussed. In offices, officers and staff shouldn’t keep various office assistant devices like Amazon Echo, Apple HomePod, Google Home, etc. Further, digital assistants like Siri and Alexa in smartphones and smartwatches must be switched off while entering a meeting where classified issues will be discussed. Smartphones must be deposited outside the meeting room while discussing classified issues.
Since various government officials are working from home, guidelines have been shared.
No sharing of classified information from home
Sources aware of the development told News18 that it had been advised that officers must avoid sharing classified, secret information or documents on home setup while accessing digital office systems. The system should be connected with the office network through a virtual private network. Officials have been asked to use security-hardened devices only. Sources also said that the electronic official system couldn’t be accessed from home and connected through an office network. Officials shall not share any classified, secret information from home.
Avoid discussing important things on VC.
Sources said that for virtual meetings, the communication says no classified information or issue be discussed during VCs, and it should be done in an office setup. Instead of private meeting applications, all officials and ministries should use the Government of India’s setup. VC solutions established by the Centre for Development of Advanced Computing (C-DAC), National Informatics Centre (NIC), etc., should be used. Access should be done through passwords and waiting room facilities; attendance must be marked during videoconferencing, said the sources.
Why do mobile apps pose a threat?
A senior official responsible for dealing with the cybersecurity of various government departments said that countries like Pakistan and China develop applications that contain security issues and can be used as spyware. “No one knows which application can have spyware, and it is mandatory to follow communication security guidelines issued by security agencies. Various countries develop applications, install servers in different locations, and store data which are accessible to law enforcement agencies of these countries,” the official said.
According to a recent report in the Wall Street Journal, a mandatory mobile app for all participants in next month’s Winter Olympics in Beijing contains security flaws that could make it easy for a hacker to steal sensitive personal information. Cybersecurity researchers in Canada have warned.
“The China-built app, My 2022, will be used to monitor the health of attendees, as well as facilitate information sharing, leading up to and throughout the 2022 Games. Technicians with Citizen Lab, a human-rights-focused cybersecurity and censorship research group at the University of Toronto, said they found the app failed to authenticate the identity of certain websites, leaving transfers of personal data open to attackers,” the news report says.
India banned Chinese apps.
The Government of India in 2020 blocked close to 100 China-origin apps in the country that included notable names such as TikTok, SHAREit, UC Browser, WeChat, CamScanner, etc., online game PUBG.