IIT panel clears CBSE re-evaluation portal after security review
What's the story
The Indian Institutes of Technology (IIT) review panel has approved the Central Board of Secondary Education (CBSE)'s re-evaluation portal. The decision comes after a series of security concerns and attempted cyberattacks on the Board's digital systems. The launch of CBSE's Post-Result Activities (PRA) portal was previously delayed due to high-risk vulnerabilities found by experts from two IITs.
Platform transition
CBSE has developed a new system
The IIT review panel member revealed that CBSE has decided not to go ahead with the COEMPT EduTeck platform, which was used for the On-Screen Marking (OSM) system. Instead, student and examination data was transferred to infrastructure directly controlled by the Board. The new system retains functionalities similar to the earlier platform but comes with several security enhancements aimed at strengthening data protection and addressing vulnerabilities identified during the review process.
Data risks
COEMPT EduTeck platform had multiple vulnerabilities
The IIT review panel member further noted that the COEMPT EduTeck portal had multiple security vulnerabilities that could have exposed sensitive data and records. The expert said there were several potential routes through which data could have been leaked. To tackle these issues, the updated re-evaluation platform has been fitted with additional security measures aimed at mitigating such risks and enhancing the protection of examination-related data.
Expert intervention
Cybersecurity team at IIT reviewed critical systems
In light of these security concerns, CBSE roped in experts from IIT Kanpur and IIT Madras to review the platform and suggest improvements. An official told ANI that the cybersecurity team at IIT Kanpur spent over 10 days reviewing and reinforcing two critical systems, the CBSE registration portal and the OSM re-evaluation platform. All answer-sheet records have now been transferred to servers directly controlled by CBSE for better control over security and operational management.
Cyber threats
CBSE thwarted cyberattacks on re-evaluation system
Earlier on Friday, CBSE had revealed that its re-evaluation system was targeted by major cyberattacks. One such incident was a Denial-of-Service (DoS) attack on June 3 involving nearly 3.8 million packets. However, the Board said its security measures successfully thwarted the threat and services related to mark verification, access to answer books and re-evaluation continued without disruption.
Future guidelines
Recommendations for Education Ministry, CBSE underway
The IIT-led teams are now preparing a set of recommendations for the Education Ministry and CBSE. These are likely to recommend that all future examination software be developed with cybersecurity safeguards. The recommendations will focus on ensuring that cybersecurity considerations are incorporated from the earliest stages of software development. Once developed, the software should undergo a thorough "red-teaming" exercise by an independent group before being deployed.