Inaction even after repeated instructions from Govt
Agency mandated to help others too facing shutdown
Mohinder Verma
JAMMU, May 13: The websites of several departments of the Government of Union Territory of Jammu and Kashmir have gone offline for failing to comply with mandatory security audit requirements laid down by the Ministry of Electronics and Information Technology (MeitY).
Follow the Daily Excelsior channel on WhatsApp
Reliable sources told EXCELSIOR that during the past several days the official websites of several Government departments and Public Sector Undertakings (PSUs) have been disabled after they failed to produce valid security audit certificates from the CERT-In (Computer Emergency Response Team-In), which offers security audit and certification process to help organizations validate their websites security and protect against potential cyber threats.
The non-compliance to the mandatory requirement is notwithstanding the fact that Government of the Union Territory of Jammu and Kashmir from time-to-time laid thrust on regular security audit of departmental websites and applications, sources informed, adding “due to non-functioning of websites of some of these departments the citizens are not in a position to avail the online services”.
“Interesting aspect is that even the websites of Information Technology and Jammu and Kashmir e-Governance Agency (JAKEGA), which are supposed to provide assistance and guidance to others departments, are also down for want of security audit certification”, sources informed, adding “the possibility of certain applications for citizen centric services remaining non-functional along with the websites cannot be ruled out”.
The Ministry of Electronics and Information Technology mandates security audits for Government websites and related infrastructure. These audits, conducted at least annually, aim to identify and address vulnerabilities to ensure secure online services.
“One of the key aspect of the audit is vulnerability assessment and penetration testing and this involves scanning IT systems and software for vulnerabilities”, sources said, adding “the security audits help protect Government websites and applications from cyber threats ensuring the confidentiality, integrity and availability of sensitive data”.
They further said, “not only security audits are imperative to check cyber threats but secured websites and applications are essential for maintaining public trust and ensuring the integrity of the Government services”, adding “had the concerned departments taken necessary steps for getting the security audits of their respective websites conducted through CERT-In empanelled agencies, more than a dozen websites would not have gone offline”.
In the Circular No.08 dated March 27, 2024 shared with all the departments, the General Administration Department had mentioned that the Information Technology Department has time-and-again issued instructions to all the Administrative Departments/ Heads of Departments/Deputy Commissioners/ Managing Directors of various PSUs/Boards/ Corporations etc to ensure security audit of their websites/applications periodically, at least once a year, in compliance with security policy, guidelines and procedures laid down by the CERT-In and Ministry of Electronics & Information Technology, Government of India.
It was pointed out in the circular that notwithstanding the instructions, large number of websites hosted on State Data Centre by different departments were still un-audited resulting in increased risk of cyber attacks as also reported by the CERT-In.
Accordingly, in view the criticality of the matter, it was enjoined upon all Administrative Departments/Headsof Departments/Deputy Commissioners/Managing Directors of various PSUs/ Boards/ Corporations to ensure security audit of their departmental websites/applications through CERT-In empanelled agencies within a period of one month to protect the Government entities against cyber threats.
It was made clear that failure to ensure security audit will lead to discontinuation/shutdown of the websites/applications.
Had guidelines of the Ministry of Electronics and Information Technology and circular instructions of the General Administration Department been taken seriously the prevailing situation could have been avoided by those departments, whose websites have gone offline.
When contacted, an officer of the Jammu and Kashmir e-Governance Agency confirmed that because of failure to obtain mandatory security audit certification the websites of several departments have gone offline. “We are in constant touch with these departments and hopefully within next few days all these websites will start functioning properly”, he added.
Follow our WhatsApp channel
