Employees of the government have been ordered not to use third-party VPNs, Google Drive, or Dropbox
Ten-page guideline from National Informatics Centre issues ‘do’s and don’ts’ for cyber security
According to a 24-point “cyber security don’ts” list produced by the state’s National Informatics Centre, Indian government personnel are warned not to utilise third-party virtual private networks (VPN) and cloud services such as Google Drive and Dropbox (NIC).
The NIC’s 10-page policy instructs employees not to use third-party toolbars in internet browsers, such as download managers or weather toolbars, or external email services for “official correspondence.”
“Do not utilise any third-party anonymization services (for example, Nord VPN, Express VPN, Tor, Proxies, etc.),” reads the eighth point on the list of don’ts. That warning comes just weeks after NordVPN, ExpressVPN, Surfshark, and Tor withdrew from India after the country’s Computer Emergency Response Team (CERT-In) ordered all VPN service providers to keep user data for five years.
“All government employees, including temporary, contractual, and outsourced resources, must fully follow the principles outlined in this paper.” Any noncompliance will be dealt with by the respective CISOs/Department heads,” according to the NIC document classified “limited” and posted on the roads ministry’s website.
“The growing acceptance and use of ICT has expanded the attack surface and threat perception for the government as a result of a lack of adequate cyber security measures on the ground.” These guidelines have been created in order to sensitise government personnel and contracted/outsourced resources and raise awareness among them about what to do and what not to do in terms of cyber security,” the note continued.
According to the BusinessLine website, a senior NIC official verified the instructions but declined to provide further specifics.
The NIC document includes a 25-point list of “security do’s,” such as using authorised software and reporting strange emails.