Critical Infrastructure Security , Cybercrime , Encryption & Key Management

India Tests Instant Messaging Service for Government Workers

Move Comes After Hackers Targeted Some Officials
India Tests Instant Messaging Service for Government Workers

The government of India is testing a new instant messaging service for government officials to help ensure the confidentiality of official communications and prevent the leaking of sensitive information.

See Also: Would You Rather be Cloud Smart or Cloud First in Government?

The government is considering offering the new service to central government offices and departments, and states may opt to use it as well, according to a source at Ministry of Electronics and Information Technology, or MeitY. The government is not considering offering the service to the public, the source tells Information Security Media Group .

Government officials would use the new services for government communication, but they could continue to use other channels for personal use, the MeitY source says.

The move comes after news reports that senior government officials in at least 20 countries, including India, were targeted earlier this year with Pegasus hacking software that used Facebook's WhatsApp messaging service to take over users' phones (see: Govt. Officials in 20 Nations Targeted Via WhatsApp: Report).

The new Government Instant Messaging Service, or GIMS, platform, which is being tested by the MeitY, could be rolled out later this year, a source at MeitY tells Financial Express.

"This is an important service in the wake of the recent Pegasus Incident, where phones were compromised, says Mumbai-based Ritesh Bhatia, founder, V4Web Cybersecurity and Cybercrime investigator. “The government, indeed felt that it was imperative that it's officials use a messaging platform that is fully in their control from the app to the servers.”

Yet, another government official, who requested anonymity, tells Financial Express: "Today, almost every ministry has its chat group on commercial platforms like WhatsApp and WeChat. Often, officials discuss strategic and sensitive issues on these platforms. With cybercriminals or rogue states targeting such communication, it is high time India has its own government instant messaging service. Such services are crucial today for effective and efficient administration.”

Dinesh Bareja, COO of the Open Security Alliance, adds: "Over the years, government departments and officials have used the social media messaging platform for their communication individually and (must have done so) in groups too." As a result, Bareja says, it makes sense for the government to build its own messaging system to improve security.

A Work in Progress

The new GIMS unified messaging platform is being developed by the National Informatics Center, which also created the email service for government departments, informs the source. That email service handles more than 2 crore emails daily, the MeitY source tells ISMG.

GIMS is being built through an open-source solution, as per the government’s open-source policy recommended by Meity, a senior government official tells Financial Express. The platform eventually will accommodate 11 local languages, but initially will handle messaging in English and English and Hindi, that official says.

GIMS is being developed for both Android and iOS platforms. The 17 government organizations now testing the platform include the Ministry of External Affairs, Ministry of Home Affairs, Central Bureau of Investigation, Ministry of Electronics and Information Technology, Navy and railways, India Today reports. So far, about 6,600 users have generated close to 20 lakh messages using GMIS, according to that news report.

Several states, including Odisha and Gujarat, are also participating in the beta testing, the official told Financial Express.

Security Precautions

Dr. Balsing Rajput, superintendent of police, cyber crime cell, for the Maharashtra Police, says: "The government is creating an alternate instant messaging communication channel for the government enterprises and employees. It is responsible and accountable to the users for not to snoop over them or have surveillance."

In the United Arab Emirates, concerns about government surveillance have arisen as a result of the nation’s development of the secure messaging service ToTok available for use by the public, and the restrictions against the use of other platforms (see: What Orwell's '1984' Missed: Free Social Media Apps).

"A democratic country like India cannot be compared with a non-democratic and the dictatorial country like UAE, which allegedly rolled out an app for surveillance purpose," Rajput says.

But Rahul Sharma, CEO of The Perspective, which helps the organization with privacy programs, says it’s essential that the developers of the new government messaging platform take adequate security precautions, given the volume of messages the new platform may eventually accommodate. "The National Informatics Center, which is developing this app, needs to take cognizance of ensuring the app is secure," he says.

C.N. Shashidhar, CEO, SecurIT Consulting Services, says the Indian government should closely monitor the center’s work on the project to ensure that it hardens the IT infrastructure; hunts aggressively for bugs; promptly patch vulnerabilities; strictly restricts access privileges, and maintains a robust and proactive security posture to prevent the messaging system from being spied on by foreign governments and agencies.


About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.