GS 3: Science & TechnologyGS 2: GovernancePrelims

CBSE invited ethical hacker to plug security gaps in IT system, Pg13

Ethical hacker Nisarga Adhikary, IIT experts, plug critical security gaps in CBSE's IT system, protecting sensitive student data from major vulnerabilities.

Practice MCQs

804 Students attempted
Attempt Now

Key Highlights:

  • The Central Board of Secondary Education (CBSE) engaged ethical hacker Nisarga Adhikary and an IIT expert team to address critical security vulnerabilities in its IT system.
  • Nisarga Adhikary, 19, initially reported significant flaws in the portal storing sensitive student data.
  • An expert team from IIT-Madras and IIT-Kanpur, including their Directors, worked for two weeks from May 24 at CBSE headquarters in New Delhi to secure the system.
  • The team identified numerous vulnerabilities, including seven to eight critical ones, in the On-Screen Marking (OSM) portal developed by COEMPT Eduteck.
  • Key fixes included migrating data from misconfigured cloud storage, resolving Authentication Bypass and Data Exposure flaws, and implementing a Red Team vs. Blue Team exercise.
  • The re-evaluation portal was launched on June 2, and the OSM portal went live on Friday, after extensive security enhancements.
  • The re-evaluation portal successfully withstood massive Denial of Service (DoS) attacks on June 2 and 3, due to newly implemented load management.

Detailed Insights:

  • The CBSE had previously denied any data security breach, despite reports of vulnerabilities in its student data portal.
  • The IIT expert team included prominent cybersecurity experts and Directors V. Kamakoti (IIT-Madras) and Manindra Agarwal (IIT-Kanpur).
  • The team worked for 16-18 hours daily to patch vulnerabilities across the CBSE IT ecosystem, including portals for re-evaluation and on-screen marking.
  • COEMPT Eduteck, the vendor, was found to have severely misconfigured cloud storage buckets and maintained unsecured backups of student answer scripts.
  • Critical vulnerabilities addressed included flaws allowing unauthorized logins (Authentication Bypass), administrative access without proper authorization, and extraction of answer scripts (Data Exposure).
  • A "Red Team versus Blue Team" dynamic was employed, with IIT-Kanpur simulating attacks and IIT-Madras, CBSE developers, and Digital India Corporation (DIC) defending the systems.
  • Artificial intelligence tools, such as Claude, were utilized by the expert team to efficiently identify system vulnerabilities.
  • The re-evaluation portal experienced millions of login attempts during coordinated DoS attacks, but its enhanced load management prevented system failure.
  • The IIT expert team is slated to submit a formal report to the Education Ministry, detailing their findings and recommendations for future cybersecurity measures.
CBSE.png

CBSE.png

Scientific/Technical Concepts Involved:

  • Ethical Hacking: Authorized practice of bypassing system security to identify vulnerabilities, performed by a "white hat" hacker.
  • Authentication Bypass: A security flaw allowing unauthorized users to gain access to a system without proper authentication credentials.
  • Denial of Service (DoS) Attack: A cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users.
  • Red Team vs. Blue Team: A cybersecurity exercise where a "Red Team" simulates attacks and a "Blue Team" defends against them to improve security.
SuperKalam
SuperKalam is your personal mentor for UPSC preparation, guiding you at every step of the exam journey.

Download the App

Get it on Google PlayDownload on the App Store
Follow us

ⓒ Snapstack Technologies Private Limited