EC to tighten cyber monitoring to protect NID data

In a recent meeting held at the Election Commission building in Agargaon, the Election Commission has decided to monitor 171 affiliated organisations that utilize the server services of its National Identity Card Registration Wing (NIDW), UNB reports.

During the meeting, experts and technicians involved in the matter discussed and deliberated on the issue, leading to the commission's decision to implement surveillance measures on these subsidiary organisations.

AKM Humayun Kabir, director general of the NID Registration Wing of EC, said, “I met officials from universities and technical experts, and heard their opinion and recommendations. We will talk to 171 partners to implement the decisions.”

During the discussion, the Vice-Chancellor of Bangabandhu Sheikh Mujibur Rahman Digital University proposed conducting regular audits and enhancing both physical and technical security measures.

In response, technical experts assured Kabir that no errors or faults were identified on their end regarding the data leak issue.

He said the Information and Communication Technology Division formed a technical probe committee over the incident.

“I have asked our people to cooperate with the committee so that we can take preventive measures. Cyberattacks are intensifying. If our skills are not improved, we will always be vulnerable.”

Kabir said there are no loopholes in the Election Commission’s server securities.

“Still, we need to strengthen our system more so that we can do a periodic audit. The technical committee can sit down from time to time to see if there are any threats. They suggested that we can monitor our partners.”

The NIDW director general said when the EC signs an agreement with an organisation regarding NID data, they look into the organisation’s security arrangement.

“Then they need to obtain a certificate from the ICT Division. Now we will make it mandatory for them to obtain the ICT Division to be eligible for the contract. However, we will have to increase regular audits – in gaps of three to six months– after the deal is signed.” “The technicians recommended us to sit with them.”

Actions will be taken if the partner organisations break the agreement, Kabir warned.

Stating that the experts recommended setting up a Disaster Recovery System (DRS), he said.

“We signed an agreement with the Bangladesh Computer Council [BCC] on Wednesday. From next month, our data will go to the DRS in Kaliakoir for preservation. If there is any disaster, we can recover from it. We will also form a technical committee and take action according to their suggestions,” he said.

Mentioning that there is no vulnerability in the NID server, he said, “Even banks can ask for NID numbers as it’s not something secret. You have to provide the NID number to apply for a passport or get your salary. It’s not something that cannot be obtained.”

IDEA (Smartcard) Project Director Abul Hasnat Mohammad Sayem said, “We all have limitations in our knowledge about cyber security…universities across the world have cyber security as an undergraduate subject, but we don’t. So, in general we have low cyber security awareness here.”

“We are trying to increase awareness and knowledge on cyber security”, he added.

Mosaddek Hossain Kamal, professor of Computer Science and Engineering, University of Dhaka; Professor Muhammad Mahfuzul Islam, vice chancellor of Bangabandhu Sheikh Mujibur Rahman Digital University; and representatives from the ICT Division, Bangladesh Police, RAB, Tiger IT, BUET and Ahsanullah University of Science and Technology and senior officials of the EC were also present at the meeting.