The Indian Government has restricted its employees from using third-party virtual private networks (VPN) and anonymisation services offered by companies such as Nord VPN, ExpressVPN and Tor.
“All government employees, including temporary, contractual/outsourced resources are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads,” according to the internal document.
The directive comes just days after ExpressVPN, Surfshark and NordVPN said they would stop offering their services in the country following a directive by the Indian Computer Emergency Response Team (Cert-In) on how VPN companies should operate in India.
The directive also urges government employees not to save “any internal, restricted or confidential government data files on any non-government cloud service such as Google Drive or Dropbox. By following uniform cyber security guidelines in government offices across the country, the security posture of the government can be improved,” the directive added.
The National Informatics Centre (NIC), said it had put out the guidelines to improve the “security posture” of the government. “In order to sensitize the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled,” NIC said in an internal document, titled Cyber Security Guidelines for Government Employees.