Ban On VPN, Cloud Services For Govt Employees
Government employees will be barred from using third-party virtual private networks (VPN) and anonymisation services offered by companies like Nord VPN, ExpressVPN and Tor.
The government also urged its employees not to save “any internal, restricted or confidential government data files on any non-government cloud service such as Google Drive or Dropbox.”
The development comes just days after ExpressVPN, Surfshark, and NordVPN announced their exit from the country citing objection to a directive by the Indian Computer Emergency Response Team (Cert-In) on how VPN companies should operate within the country.
“In order to sensitize the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled,” National Informatics Centre (NIC) said in an internal document, titled Cyber Security Guidelines for Government Employees.
The advisory also instructs government employees to refrain from ‘jailbreaking’ or ‘rooting’ their mobile phones or using any external mobile app-based scanner services such as CamScanner to scan “internal government documents'.
“By following uniform cyber security guidelines in government offices across the country, the security posture of the government can be improved,” the directive added.
According to the internal document, “All government employees, including temporary, contractual/outsourced resources are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads."
Despite facing pressure from software companies and service providers the government remained firm on its stance, with Minister of State for Electronics and IT Rajeev Chandrasekhar stating that companies that did not wish to follow the norms were “free to leave India”.
India adopted a similar hard stance against VPN companies at a recently concluded meeting of the UN Ad Hoc Committee which debated a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.
