CBSE's OSM Portal Under Scrutiny: Security Gaps Unveiled

The On-Screen Marking (OSM) portal, central to the evaluation of Class XII answer sheets, faced criticism for failing to undergo comprehensive testing before its deployment. A member of the IIT panel auditing the CBSE's result ecosystem highlighted the shortcomings, specifically pointing to security weaknesses that were missed during initial audits. The findings, revealed by a source privy to the internal review, indicate a lack of thorough security analysis before the portal's deployment, exposing the platform to potential vulnerabilities.

Prompted by controversies surrounding the OSM system, the IIT panel, involving experts from IIT Madras and IIT Kanpur, was tasked with a focused assessment. While the portal had previously undergone an audit, critical vulnerabilities persisted. Notably, independent findings by 19-year-old ethical hacker Nisarga Adhikary corroborated the panel's observations. Adhikary's assessment unearthed weaknesses that could allow unauthorized access to examiner accounts and compromised the security of millions of answer sheets.

The IIT panel advocates for advanced security measures to be embedded in future digital examination systems. Their forthcoming report to the Education Ministry will recommend rigorous cybersecurity operations, including Red Team-Blue Team exercises and penetration testing, to preemptively address security threats. While the ethical hacking incident sparked alarm, the panel assured that no evidence of data misuse, such as student record leaks, was found. The panel underscored the necessity of engaging expert external agencies and emphasized that CBSE should maintain more stringent control and scrutiny over systems handling sensitive data.