Over 40% J&K Govt websites remain inactive due to cybersecurity concerns

Out of 239 government websites in Jammu and Kashmir, 99 remain inactive due to the absence of mandatory security audits.

On May 21 this year, the UT administration had directed all departments to deactivate their websites over cybersecurity concerns. Departments operating websites through private domains not aligned with Government of India guidelines were specifically asked to take them offline until a security audit was conducted. The move followed a surge in cyberattacks post Operation Sindoor.

Chief Secretary Atal Dulloo chaired a high-level meeting today to review the Cyber Security Action Plan for the Union Territory, aimed at strengthening J&K’s digital defenses and ensuring the protection of critical IT infrastructure.

It was revealed that 140 of the 239 government websites have been restored after undergoing compulsory security audits in line with CERT-In and OWASP standards. These sites have also been equipped with web application firewalls.

The prolonged shutdown of nearly 100 websites has severely impacted online public services, causing inconvenience to residents across the UT.

Officials informed that standard cybersecurity protocols are now being enforced across departments. Unused domains are being rationalised, and cyber hygiene practices are being actively promoted.

The meeting was attended by Secretary, IT Department; CEO, JaKeGA; State Informatics Officer, NIC; senior officers from civil administration and police and other departmental representatives.

The administration is implementing a combination of rapid-response measures, structural reforms, and long-term capacity-building initiatives to ensure uninterrupted delivery of e-governance services.

During the review, the Chief Secretary assessed progress on his earlier directives and reaffirmed the government’s commitment to building a secure, modern and resilient digital ecosystem. He emphasised that no compromises should be made in securing the UT’s IT infrastructure.

Key initiatives reviewed during the meeting included the Cyber Security Contingency Plan (CSCP). Secretary IT, Piyush Singla, informed that a comprehensive proposal has been submitted to the Ministry of Electronics and Information Technology (MeitY) for approval.

As part of endpoint and device security enhancements, over 4,500 devices have been secured using Endpoint Detection and Response (EDR) solutions, and more than 2,300 with Unified Endpoint Management (UEM) tools. This process is currently underway in major Head of Department (HoD) and Deputy Commissioner (DC) offices.

Another significant measure is the restriction of VPN access. Officials stated that VPN usage is now limited to users with multi-factor authentication and is geo-fenced to restrict access within India.

The meeting also reviewed the ongoing merger of departmental data centres into a centralised State Data Centre (SDC), with the aim to complete the integration within six months. This will ensure uniform security standards and greater operational efficiency across departments.

Other measures discussed included the implementation of secure protocols for video conferencing, transition from IPv4 to IPv6, disabling and white-listing of USB ports, rollout of the e-SAM platform, and capacity-building programmes in collaboration with CERT-In.