Months after India-Pakistan conflict, the Jammu and Kashmir General Administration Department has issued a circular prohibiting the use of pen drives on all official devices across government departments. The order, dated August 25, 2025, is aimed at strengthening cybersecurity, safeguarding sensitive government information, and minimising risks of data breaches, malware infections, and unauthorised access.
Exceptions with controls
According to the directive, exceptions will only be made in cases where operational requirements demand the use of pen drives. Even in such circumstances, a department may request approval for only two to three pen drives, which must be routed through the administrative head to the State Informatics Officer. Approved pen drives will then be reconfigured and authorised by the National Informatics Centre (NIC) before use.
Push for GovDrive adoption
As a secure alternative, departments have been strongly encouraged to adopt GovDrive—a cloud-based, multi-tenant platform offering every government official 50 GB of secure storage with centralised access and synchronisation. The circular stresses that GovDrive will improve efficiency and ensure better protection of data integrity compared to physical storage devices.
Ban on unsecured platforms
The circular also explicitly warns against the use of unsecured platforms such as WhatsApp for sharing or storing confidential information. It highlights the importance of safeguarding digital sovereignty and preventing security breaches by adhering to secure communication channels.
Compliance and accountability
The government has made it clear that failure to follow the new instructions will be taken seriously and could result in disciplinary action under rules governing official conduct and IT usage. All departments have been instructed to give top priority to the guidelines, which have been issued with immediate effect.
Cybersecurity strategy
The order forms part of a larger strategy to implement ICT architecture, ensure compliance with national security directives, and adopt best practices outlined by the Ministry of Home Affairs and CERT-In. Departments have also been directed to strengthen security configurations, conduct vulnerability assessments, and apply classification policies to safeguard sensitive data.