After initial denial, CBSE invited ethical hacker to plug gaps in IT system

Account subscription benefits alongside Premium Stories, Editorials, Opinions and more. Unlock these with Subscription

The View From India Looking at World Affairs from the Indian perspective.

First Day First Show News and reviews from the world of cinema and streaming.

Today's Cache Your download of the top 5 technology stories of the day.

Data Point Decoding the headlines with facts, figures, and numbers

Health Matters Ramya Kannan writes to you on getting to good health, and staying there

The Hindu On Books Books of the week, reviews, excerpts, new titles and features.

Image used for representational purposes. File | Photo Credit: Reuters

The Central Board of Secondary Education (CBSE) invited ethical hacker Nisarga Adhikary, 19, this week for meetings with an Indian Institute of Technology (IIT) expert team to flag security gaps in its IT ecosystem. Mr. Adhikary had last month reported “critical vulnerabilities” in the portal that stores sensitive student data. The CBSE had earlier denied any breach in its data security.

“Nisarga is a bright kid. He found important vulnerabilities. We were curious to understand his thought process. Because he happened to be in Delhi, we exchanged messages and found him very focused on cybersecurity, so we called him in to help us fix the system,” a member of the IIT expert team said.

“It is very important to admit that there is a breach, but earlier CBSE was not properly advised on how to deal with the situation. On the contrary, when the JEE (Advanced) portal had a minor breach, we admitted the flaw and fixed it,” the member said.

Top cybersecurity experts from the Indian Institutes of Technology, including the Directors of IIT-Madras and IIT-Kanpur, camped at the CBSE headquarters in New Delhi for nearly two weeks starting May 24 to fix the IT ecosystem.

“Top faculty members suddenly had to drop everything and stay put at CBSE for two weeks to patch vulnerabilities in two portals — the on-screen marking (OSM) portal OnMark, developed by private firm COEMPT Eduteck, and the CBSE portal for procuring answer sheets and applying for re-evaluation,” sources in the Education Ministry told The Hindu.

The IIT-Madras team consisted of two cybersecurity experts in addition to Director V. Kamakoti, while the IIT- Kanpur team consisted of Director Manindra Agarwal and a senior cybersecurity engineer.

Sources said that for two weeks, the expert team worked 16 to 18 hours every day to patch vulnerabilities that were emerging in the CBSE IT ecosystem. The team found that the OSM portal developed by COEMPT Eduteck ha