The Union government updated an advisory directing government personnel to shun using third-party VPN services, such as NordVPN and ExpressVPN, as well as cloud storage services such as Google Drive and Dropbox. The National Informatics Centre (NIC), a department under the Ministry of Electronics and Information Technology, states in its document titled “Cyber Security Guidelines for Government Employees” that the new guidelines must be strictly followed, or the respective CISOs/department heads will sanction them.
Government employees are also instructed not to download pirated software, prohibited from accessing “external email services for official communication” and from convening critical internal consultations using unlicensed third-party video conferencing or collaboration platforms. The administration wants its personnel to utilise native systems such as DigiLocker, which offers a variety of services akin to Google Drive and Dropbox. The government likely does not want employees retaining data on third-party applications for security concerns. Storing files on third-party platforms may culminate in confidential data leakage if the account is compromised, which is also possible with in-house systems.
Due to the lack of adequate cyber security measures implemented on the ground, the government’s risk perimeter and danger perception have expanded as Implementation and use have increased. According to an official notice, these recommendations were prepared to enlighten government personnel and contracted/outsourced resources and raise awareness among them about what to do and what not to do in terms of cyber security.
India took a similar posture against VPN businesses at a recent meeting of the United Nations Ad Hoc Committee, which considered a sweepingly broad international agreement to address the exploitation of information and communications technology for malicious purposes. It is clear that a “zero-tolerance” attitude toward anonymity as a mask for online crimes has been adopted and that the submission of documentation is an unquestionable requirement on VPN service providers, social media intermediaries, and instant messaging services.
Written by: Aarav Gupta
Edited by: Prakhar Tripathi