Govt issues cyber security advisory for e-office users
Jammu: Government has issued a cyber security advisory for all the “e-office users” asking them to remain extra cautious against possible hacking, phishing, etc. after a “major breach” in a State Data Centre.
Even as security of the system is being strengthened, the danger of hacking (ethical hacking, keylogger, phishing, denial of service, etc.) cannot be overruled,” the advisory by Administrative Secretary, IT Department, Amit Sharma, says.
“All the e-office users have been advised to remain extra-cautious and vigilant with regard to potential online invasion and hacking attempts,” the advisory reads.
Earlier, to make all users aware of the security risks, a security advisory has been received from the National Critical Information Infrastructure Protection Centre, a Government of India unit of National Technical Research Organisation (NTRO) with regard to the cyber hygiene of e-office.
The security advisory has been issued after a major breach in one of the State Data Centres, according to the Information Technology Department which quoted an advisory from Government of India.
“The State Data Centre was compromised and a web shell was uploaded through which every document in the Data Centre was accessible. Further, e-office of several other State’s have also been found hosted on public IP, which is not recommended (sic),” reads the advisory of the Cyber Security Advisory (Cyber Hygiene of e-office).
It says that the cyber attacks including ethical hacking on government websites and many more threats like a keylogger, phishing, denial of service etc. have been on the rise. Therefore, scanned documents containing sensitive information are not recommended to be hosted on e-office.
“Latest anti-virus and anti-malware software on client machines through which e-office is accessed is regularly updated,” the advisory reads.
It says: “e-office applications are regularly audited against all known vulnerabilities at the time of release. There may be new vulnerabilities that crop-up and were not known at the time of release. In case e-office is allowed to be accessed from a public network, possibilities of external attacks increase. Therefore, e-office should be accessed in a restricted environment (NICNET/NKN/SWAN/LAN etc).”
It was advised to the departments that secret, top secret, and classified documents should not be handled in e-office. “If any user wants to access the e-office outside the restricted environment, Virtual Private Network (VPN) certificates should be issued in such cases,” it says.
Pertinently, e-office was initiated in 2009 and developed by the National Informatics Centre with an aim to improve the functioning of government through more efficient, effective, and transparent in-government transactions and processes.