KU ‘Data Breach’: VC seeks probe by central agency CERT-In
Stake-holders demand shifting of IT head to pave way for fair inquiry
Srinagar: The authorities of the Kashmir University (KU) have asked for a third party evaluation of all its IT operations/systems and software to get to the bottom of the recent data breach incident, days after ‘Kashmir Vision’ reported about the issue that has brought bad name to the University at the national level.
Reliable sources told ‘Kashmir Vision’ that the committee which was constituted by the KU Vice Chancellor Dr Neelofar Khan to have the alleged data breach inquired into recommended to the VC that the issue needs “threadbare evaluation by a third party” to “reach at some definite conclusions”.
Following submission of the committee’s report, sources said the Vice Chancellor ordered that the University must write to the Indian Computer Emergency Response Team (CERT-In), a national nodal agency which works under Union Ministry of Information Technology (MeitY) to respond to incidents of computer security.
Sources said the KU committee had Dean Research Dr Irshad Ahmad as chairman and its members were Dr. A H Moon from Islamic University, Dr. Manzoor Ahmad from Computer Science Department of KU and Dr Dawood Ahmad, Assistant Professor, North Campus, KU.
The committee was completely unsatisfied with the “technically-unsubstantiated” media response given by the In-Charge IT Head of KU Maroof Qadri who claimed that there has been no data breach.
“The Committee was of the view that officials of Directorate of IT, which is under probe in the data breach issue, cannot exonerate itself on its own by giving a clean chit to itself on the serious issue. The Committee members therefore resolved that the matter should be investigated by the central agency CERT-In which is the national nodal agency specializing in the field of data security so that real picture comes to the surface,” the sources said, adding that Committee members also expressed displeasure at IT officials trying to “deviate attention” from the basic issue and blame “someone else despite being the custodian of all IT operations, data center and server.”
The CERT-In will be asked to investigate the entire issue including protocols, firewalls and other precautionary measures in place, apart from recommending future requirements to make the University’s IT operations foolproof and watertight.
It may be noted here that the University’s IT operations have come under scanner after CERT-In reported to the University the incident of alleged breach of data of 1 million students.
“The Committee also noted with concern that since the log that was put to sale on Dark Web included logs related to recruitments, teaching departments and financial transactions, it would be preposterous and misleading on part of IT officials of KU to conclude that the log was related to already-available student data,” the sources said.
It has been reliably learnt that the University is also contemplating action against IT official to pave way for a totally transparent inquiry by the CERT-In team when they visit the KU.
Many stakeholders have already demanded from the Vice Chancellor the rotation of IT head of KU, which is holding the position in violation of three-year rotation policy for university heads and directors, so that there are no doubts raised over fairness of the inquiry into the sensitive incident which has dented Kashmir University’s image in public.
“It would be prudent on part of VC to effect the change to avoid any misgivings and speculations about the transparency of the inquiry,” stakeholders have demanded, alleging that one particular University administrator was trying to exert pressure on VC to save IT officials from being axed.
“We once demand LG’s intervention in the matter so that VC acts against officials in the spirit of fair probe,” the stakeholders said.