CBSE has completed the migration of re-evaluation records to Board-controlled infrastructure as IIT-led teams continue monitoring the security of student-facing post-result services.
Photo: IANS
Even as the Central Board of Secondary Education (CBSE) has moved answer-sheet data and records linked to its re-evaluation system to servers under its direct control, the Board has decided to continue using COEMPT Eduteck Pvt Ltd for scanning answer sheets during the ongoing re-evaluation process, according to an IIT official involved in the security audit.
The decision comes against the backdrop of security concerns surrounding CBSE’s On-screen Marking (OSM) platform, which is used for verification of marks, access to photocopies of answer books and re-evaluation requests. The Board recently brought in cybersecurity experts from IIT Kanpur and IIT Madras after reports of vulnerabilities and attempted cyberattacks on the system.
Advertisement
According to the official, COEMPT’s OSM platform remains operational for re-evaluation work, with the company continuing to handle the scanning of answer sheets.
Advertisement
“COEMPT will scan the copies for re-evaluation,” the official told ANI.
Responding to concerns over the vendor’s continued role, the official said the volume of affected answer sheets was relatively small when viewed against the scale of the original scanning exercise.
“They scanned 40 crore pages, of which about 30,000 odd had problems. That means around one in every 10,000 pages was problematic. Now they only need to scan problematic pages, so they should be able to do that without any issue,” the official said.
While the vendor remains involved in the scanning process, CBSE has completed the transfer of answer-sheet data and related records from vendor-controlled infrastructure to its own servers.
The official said the Board also reviewed and modified portions of the OSM code to ensure it could operate on CBSE-managed systems.
“The scanned answer scripts and associated data were originally hosted on the vendor’s servers. We brought the data to CBSE servers and reviewed and improved the OSM code so that it could run on CBSE infrastructure. When security is a concern, it is naturally better to have the system under CBSE’s control rather than depend entirely on a vendor’s servers,” the official said.
As of June 4, CBSE had received 70,433 applications under its post-result grievance redressal mechanism, including 7,314 requests for verification of marks and 63,119 applications for re-evaluation.
The IIT official said cybersecurity teams worked extensively on both the CBSE registration portal and the OSM re-evaluation platform after technical issues emerged during the rollout of post-result services.
The registration portal, launched on May 19, was temporarily taken offline following technical glitches. Teams from IIT Kanpur, IIT Madras and CBSE subsequently carried out several rounds of testing before restoring the portal in the early hours of June 2.
For the OSM platform, a dedicated “blue team” focused on strengthening the code while a “red team” attempted to identify weaknesses and exploit vulnerabilities.
The official said the Digital India Corporation (DIC) led efforts to strengthen the codebase, while IIT Kanpur functioned as the red team conducting penetration and vulnerability testing.
A total of five rounds of security assessment were completed before the platform was cleared for wider deployment. The system was initially introduced at a limited number of centres before being expanded for broader use in the re-evaluation process.
The official said COEMPT personnel remained involved throughout the migration exercise, helping technical teams understand portions of the code, transfer data and implement security-related changes.
The latest review followed a series of cybersecurity incidents reported by CBSE, including a large-scale Denial-of-Service (DoS) attack on June 3 involving nearly 3.8 million packets. The Board had stated that the attack was successfully mitigated and that services related to verification, answer-book access and re-evaluation continued without disruption.
The review also examined vulnerabilities flagged by ethical hacker Nisarga. According to the IIT official, the student was invited to explain how the issues were identified and was appreciated for the findings. However, no further audit work was assigned.
“So far, we have not found any breach of data from the systems that have been created,” the official said.
CBSE had engaged experts from IIT Kanpur and IIT Madras to assess its digital infrastructure after technical glitches and cybersecurity concerns surfaced during the rollout of post-result student services.
Advertisement
