Govt Offices Told to Strengthen e-Office Security Within 30 Days

The National Computer Emergency Response Team (National CERT) has issued a critical security advisory to protect the e-Office system used by federal ministries. The advisory comes amid concerns over cybersecurity threats to the government’s digital infrastructure

The advisory has been sent to 43 ministries and key departments with instructions to immediately strengthen security measures.

National CERT has directed ministries to install Next Generation Firewalls to monitor e-Office traffic and prevent unauthorized access. Ministries have also been advised to restrict e-Office access only to authorized users and specific networks, and to keep the system isolated from the public internet to reduce the risk of external cyberattacks.

The advisory further recommends appointing a Director of Cyber Security in every ministry and forming a dedicated cybersecurity team within the National Information Technology Board (NITB). Ministries have been instructed to implement the security guidelines within 30 days to avoid potential vulnerabilities in the system.

Director General National CERT, Dr. Haider Abbas, has formally sent the security recommendations to federal ministries, while Director National CERT Khurram Javed has been assigned the responsibility of coordinating with all departments to ensure compliance. Officials said the measures are aimed at protecting sensitive government data and preventing unauthorized access to official systems.

The advisory also calls for strict access control policies, IP whitelisting, and the mandatory use of strong passwords with two-factor authentication for all government email and e-Office users. Only approved devices and networks will be allowed to connect to the system, and the use of unauthorized VPNs has been prohibited without prior approval from NITB.

Ministries have also been directed to ensure endpoint security, antivirus installation, regular updates, and full compliance with cybersecurity policies issued by National CERT and the National Telecommunication and Information Security Board (NTISB) to prevent malicious activity and cyber intrusions.