Aug 14, 2025: Due to the absence of required security audits, 99 of the 239 government websites in Jammu and Kashmir remain inactive. Concerns about cybersecurity led the UT administration to instruct all departments to deactivate their websites on May 21 of this year. Departments operating websites through private domains not aligned with Government of India guidelines were specifically asked to take them offline until a security audit was conducted.

After Operation Sindoor, there were more cyberattacks, so the move was made. A high-level meeting today was presided over by Chief Secretary Atal Dulloo to review the Cyber Security Action Plan for the Union Territory, which aims to improve J&K's digital defenses and safeguard critical IT infrastructure. After undergoing mandatory security audits in accordance with CERT-In and OWASP standards, it was discovered that 140 of the 239 government websites had been restored. Web application firewalls have been installed on these websites as well. Online public services have been severely impacted by the prolonged shutdown of nearly 100 websites, causing residents across the UT inconvenience. Officials were informed that departments are now following standard cybersecurity protocols. Unused domains are being rationalised, and cyber hygiene practices are being actively promoted.

Secretary of the IT Department, CEO of JaKeGA, State Informatics Officer of NIC, senior civil administration, police, and other departmental representatives attended the meeting. In order to guarantee the uninterrupted delivery of e-governance services, the administration is implementing a combination of rapid response measures, structural reforms, and long-term capacity-building initiatives. During the review, the Chief Secretary assessed progress on his earlier directives and reaffirmed the government’s commitment to building a secure, modern and resilient digital ecosystem. He emphasized that the UT's IT infrastructure should be secured without compromise. The Cyber Security Contingency Plan (CSCP) was one of the most important initiatives discussed during the meeting. Secretary IT, Piyush Singla, informed that a comprehensive proposal has been submitted to the Ministry of Electronics and Information Technology (MeitY) for approval.

As part of endpoint and device security enhancements, over 4,500 devices have been secured using Endpoint Detection and Response (EDR) solutions, and more than 2,300 with Unified Endpoint Management (UEM) tools. This process is currently underway in major Head of Department (HoD) and Deputy Commissioner (DC) offices.

The restriction on VPN access is yet another significant measure. Officials stated that VPN usage is now limited to users with multi-factor authentication and is geo-fenced to restrict access within India.

The meeting also reviewed the ongoing merger of departmental data centres into a centralised State Data Centre (SDC), with the aim to complete the integration within six months. As a result, departments will have more efficient operations and uniform security standards. Other measures discussed included the implementation of secure protocols for video conferencing, transition from IPv4 to IPv6, disabling and white-listing of USB ports, rollout of the e-SAM platform, and capacity-building programmes in collaboration with CERT-In.