New Delhi [India], June 6 (ANI): The Central Board of Secondary Education (CBSE) has retained COEMPT Eduteck Pvt Ltd for scanning answer sheets on Saturday, during the ongoing re-evaluation process, while moving all data and records related to the On-screen marking (OSM) system from the vendor’s servers to CBSE-controlled servers, an IIT official told ANI.
The IIT official associated with the security audit told ANI that COEMPT’s OSM platform continues to be used for the re-evaluation process.
“COEMPT will scan the copies for re-evaluation,” the official said.
When asked about whether COEMPT will be able to scan answer sheets despite its track record, the official said, “They scanned 40 crore pages, of which about 30,000 odd have problems. That means about 1 in 10,000 pages were problematic. Now they only need to scan problematic pages. So they should be able to scan without any problem.”
As of June 4, the Board had received 70,433 applications through the post-result grievance redressal mechanism, including 7,314 applications for verification of marks and 63,119 applications for re-evaluation.
However, all answer-sheet data and records have now been transferred to CBSE servers to ensure greater control over security and operations.
“The scanned answer scripts and associated data were originally hosted on the vendor’s servers. We brought the data to CBSE servers and reviewed and improved the OSM code so that it could run on CBSE infrastructure. When security is a concern, it is naturally better to have the system under CBSE’s control rather than depend entirely on a vendor’s servers,” the official said.
The continued involvement of COEMPT comes amid controversy surrounding the company after vulnerabilities were reported in the OSM portal used for verification, obtaining photocopies of answer books and re-evaluation of CBSE board examination answer sheets.
Following concerns over the platform’s security and reports of attempted cyberattacks, CBSE brought in teams from IIT Kanpur and IIT Madras to review and strengthen the system.
The official also informed that COEMPT will be used to scanning of copies for revaluation.
The official said IIT Kanpur’s cybersecurity team worked for more than ten days on two key systems which is the CBSE registration portal and the OSM re-evaluation portal.
The registration portal, launched on May 19, had encountered technical issues and was subsequently taken offline. IIT Kanpur, along with teams from IIT Madras and CBSE, undertook multiple rounds of security testing before relaunching it in the early hours of June 2.
The OSM portal also underwent extensive security reviews. The official said a “blue team” responsible for improving and strengthening the code worked alongside a “red team” tasked with identifying vulnerabilities and attempting to break the system.
While the Digital India Corporation (DIC) led the code-strengthening exercise for the OSM platform, IIT Kanpur served as the red team conducting penetration and vulnerability testing.
Five rounds of security assessment were conducted on the OSM portal before it was cleared for launch. The system was initially rolled out to a limited number of centres and has since been expanded for wider use in the re-evaluation process.
COEMPT officials remained involved during the transition, assisting teams in understanding parts of the code, facilitating the migration of data and implementing security-related measures, the official said.
The developments come days after CBSE disclosed that its re-evaluation platform faced large-scale cyberattacks, including a Denial-of-Service (DoS) attack involving nearly 3.8 million packets on June 3. The Board had said the attacks were successfully mitigated and that verification, answer-book access and re-evaluation services remained operational.
The security review also followed the identification of vulnerabilities by ethical hacker Nisarga. The IIT Kanpur official said the student was invited to explain how the vulnerabilities were discovered and was appreciated for the work, but was not asked to conduct any further security audit of the portals.
“So far, we have not found any breach of data from the systems that have been created,” the official said.
CBSE had earlier engaged experts from IIT Kanpur and IIT Madras to review the security of its digital infrastructure after technical glitches and cybersecurity concerns surfaced during the rollout of post-result services for students. (ANI)
Related reading
