IIT panel grants security clearance to examiner-facing CBSE evaluation portal
New Delhi, June 8
The IIT panel has granted security clearance to the examiner-facing Central Board of Secondary Education evaluation portal, which will be used in the re-evaluation process amid concerns over the platform's security and reports of attempted cyberattacks.
This comes after the CBSE's re-evaluation portal was targeted by a large-scale cyberattack involving nearly 3.8 million malicious packets on June 3 in an apparent attempt to disrupt the ongoing verification and re-evaluation process.
CBSE decided not to use COEMPT Eduteck Pvt Ltd for scanning answer sheets during the ongoing re-evaluation process, an IIT panel member told ANI on Monday.
"While the new system retains functionalities similar to the earlier platform, several security enhancements have been incorporated to strengthen data protection and address vulnerabilities identified during the review process," an IIT panel member added.
The IIT panel member said there were many security weaknesses in the Coempt EduTeck portal, which allowed access to data and records. There were multiple ways data could have been accessed.
The revised portal has been fortified with additional safeguards to mitigate such risks and ensure secure handling of examination-related information.
Following concerns over the platform's security and reports of attempted cyberattacks, CBSE brought in teams from IIT Kanpur and IIT Madras to review and strengthen the system.
The official said IIT Kanpur's cybersecurity team worked for more than ten days on two key systems, which are the CBSE registration portal and the OSM re-evaluation portal.
As of June 4, the Board had received 70,433 applications through the post-result grievance redressal mechanism, including 7,314 applications for verification of marks and 63,119 applications for re-evaluation.
However, all answer-sheet data and records have now been transferred to CBSE servers to ensure greater control over security and operations.
Earlier on Friday, CBSE disclosed that its re-evaluation platform faced large-scale cyberattacks, including a Denial-of-Service (DoS) attack involving nearly 3.8 million packets on June 3. The Board had said the attacks were successfully mitigated and that verification, answer-book access and re-evaluation services remained operational.
— ANI
Reader Comments
Wait, so initially they hired some private company COEMPT Edutech without proper security checks? Now they are 'transferring data to CBSE servers' after the attack? Bhai, this is basic IT security 101 – you test before launch, not after a breach of 3.8 million packets! Hoping IIT team did a thorough audit this time.
As a parent of a CBSE student, this is terrifying and reassuring at the same time. Terrifying that our kids' data was vulnerable, but reassuring that IIT experts have now secured it. 70,000+ applications for re-evaluation shows how many students are anxious. Please ensure timelines are met – every day matters for college admissions.
Classic case of 'jaldi kaam, bekaar kaam' – they rush to launch a portal without proper cybersecurity, and then IIT people have to fix it. But I'm glad the system is up now. At least our premier institutes stepped up to save the day. Kudos to the IIT Kanpur team for those 10 days of hard work. 🇮🇳
I'm an IT professional and DoS attacks of 3.8 million packets are no joke. But honestly, the real issue is why CBSE didn't have robust security from day one with so much sensitive student data at stake. Moving data to CBSE servers is a good step. Let this be a lesson – never compromise on cybersecurity for government exams.
This is so typical! First they hire some questionable vendor, then there's a breach, then IITs come to rescue. Why can't CBSE just work with IITs
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.