CBSE debacle: Student tells Parliamentary panel about 'tendering flaws'

New Delhi: CERT-In, the govt-run agency tasked with handling cyber threats, has said it first flagged vulnerabilities in CBSE-related domains on Feb 26 and its emergency assessment of one portal revealed the platform was not fit for hosting in-production environment, the operational stage of a software app, as a parliamentary panel quizzed officials.

Sarthak Sidhant, a student from Jharkhand, made a presentation on alleged irregularities in the tendering process for vendor selection, days after he flagged the issue online, swinging govt agencies into action.

Changes made to make bidding competitive: CBSE
He pointed out alleged anomalies in the tendering process that allowed Coempt to be part of the bidding process.

CBSE, however, maintained that changes were made to make the bidding more competitive.

A note from CERT-In shared with the committee headed by Congress MP Digvijaya Singh stated that the agency verified vulnerabilities flagged by users between Feb-end and May, and informed CBSE for rectification. CBSE said in its communication that these issues would be addressed in the production environment. Some of the vulnerabilities were fixed.

CERT-In stated it verified the reported vulnerabilities and notified CBSE for rectification three times between Feb and May 25, and also to Amazon Web Services, which hosts parts of CBSE’s digital infrastructure, on May 31, sources said.

CBSE chairman Rahul Singh — who was shunted hours later — and school education secretary Sanjay Kumar were among the officials who appeared before the committee. “The committee has always been looking at the issues of students and their problems. This is exactly what the committee has done,” Digvijaya Singh told reporters. Sarthak later also met leader of the opposition Rahul Gandhi, who has seized on the issue to sharpen his attack on govt. “Stick to your principles, Sarthak,” Rahul said on X.