Ministry of IT Issues Advisory About Cyber Security Risks

The Ministry of Information Technology and Telecommunication (MoITT) has issued a special advisory, saying that potential and intended threats to Cyber Security exist which pose a concern for national security.

The special advisory- information/cyber security stated that “It has come to our knowledge that potential and intended threats to Cyber Security exist which pose a concern for national security. There is an urgent need to undertake a holistic review of information systems and sensitize Ministries/Divisions to safeguard against any leakage of classified information.

Senior government officials holding sensitive portfolios and dealing with national security matters are advised to do the following:

  • Smart phones should be strictly forbidden in official meetings especially involving discussions on sensitive matters affecting national security.
  • No classified information be shared on Whatsapp or similar application.
  • Passage of sensitive/classified information via insecure email, plain fax or any other insecure means should be discouraged.
  • Commonly available data storage devices are a source of security vulnerability resulting in loss/ hacking of official data. They may be used under exceptional cases.
  • Meeting/ conference rooms where sensitive matters are discussed should be TEMPEST proof.
  • Regular electronic sweeping of offices, residences, meeting/conference rooms against possible bugs should be ensured. Special electronic sweeping should be ensured prior to sensitive meetings/discussions.
  • Screening of gifts/souvenirs presented by visiting dignitaries be done to rule out the presence of any bug. No official gift be placed in sensitive places without due clearance of the screening process.
  • Any ICT equipment/solution, especially of foreign origin/OEM for potential use in offices, must be cleared from NITB.
  • Special care be exercised with respect to communication on smartphones near foreign missions’ compounds (Cellular network be used), use of WiFi hot spots, smart TV devices, FTTH/ smart cable TV, NW printers/ scanners and vehicles equipped with datacomm devices/ onboard smart devices.
  • CCTV networks installed at sensitive locations should not be connected either on the internet or on cloud-based service. Their networks must remain standalone and isolated.
  • Timely sharing of information about security breaches be done with the National Information Technology Board for remedial measures and analysis.