The Indian Computer Emergency Response Team (CERT-In) has recently issued new security guidelines that prohibit the use of remote desktop software like Anydesk and Teamviewer in government departments. The guidelines, released on Friday, aim to prioritize cyber security measures and controls within government organizations and their associated entities.
According to the guidelines, government departments are required to use virtual private networks (VPN) for accessing network resources from remote locations. In addition, multi-factor authentication (MFA) should be enabled for VPN accounts to enhance security.
The guidelines specifically state, Ensure to block access to any remote desktop applications, such as Anydesk, Teamviewer, Ammyy admin, etc. This step is taken to safeguard against potential security threats and unauthorized access to government systems.
Rajeev Chandrasekhar, Minister of State for Electronics and IT, emphasized the government’s commitment to creating an open, safe, trusted, and accountable digital space. He stated that the government is actively expanding and accelerating efforts in cyber security, with a focus on capabilities, systems, human resources, and awareness. Chandrasekhar also highlighted the aim to build a robust cyber security framework under the leadership of Prime Minister Narendra Modi, as India strives to achieve a USD 1 trillion Digital Economy.
The guidelines include various measures such as isolating critical servers, establishing dedicated secure zones, and implementing authenticated applications and ports. The servers should not communicate with each other unless they are part of the same application. These measures aim to prevent compromised servers and potential leaks of government data.
Voyager Infosec’s Director of Digital Lab, Jiten Jain, welcomed the guidelines, stating that they will standardize cyber security postures across India. He believes that the guidelines will help reduce the number of cyber security attacks in the country, especially in light of recent allegations and assumptions of ransomware attacks and data leaks.
Apart from computer and network infrastructure security, the guidelines also address social media accounts of government departments. The guidelines require the approval of content from appropriate authorities before it is posted on official social media accounts. Furthermore, the use of official social media platform accounts on public or unauthorized devices is strictly prohibited.
To enhance physical security, the guidelines recommend monitoring important and sensitive areas through CCTV cameras, with footage stored for a minimum of 180 days.
In conclusion, CERT-In’s new security guidelines aim to bolster cyber security measures in Indian government organizations. By prohibiting the use of remote desktop software like Anydesk and Teamviewer, prioritizing VPN usage and MFA, and implementing various other security measures, the government aims to create a safer digital environment. These guidelines align with the broader efforts to strengthen India’s cyber security framework and support the country’s progression towards a thriving USD 1 trillion Digital Economy.