The inquiry committee formed by the Information and Communication Technology (ICT) Division informed that the personal information of citizens was leaked due to technical vulnerabilities. In addition, the investigation committee has recommended 6 points for the protection of information.
The State Minister for Information and Communication Technology Zunaid Ahmed Palak informed the ICT Division will submit this report to Prime Minister Sheikh Hasina on Monday.
The investigation report of the committee formed by the ICT Division has recommended 6 points in the case of information leakage. The committee submitted this report to the information and communication technology department last Thursday.
According to the investigation report, there are two reasons for the disclosure of personal information. The main reason is the technical weakness of the web application of the concerned organization. Apart from this, due to manpower with less technical knowledge, web applications are not properly monitored and thus, information was leaked.
As per the report, citizens’ personal information was leaked from the website of the Registrar General of Births and Deaths. However, the amount of information leaked is not 5 crores.
The inquiry report includes recommendations for the concerned organizations: The recommendations are to take necessary steps to rectify all the deficiencies subject to receipt of the complete VAPT report of the web application. The software architecture of the existing web application needs to be tested by Bangladesh Computer Council (BCC) Software Quality Testing and Certification Center (SQTC) and BNDA members of BCC. It is recommended to increase the overall technical capacity along with increasing the number of technical team members of the concerned institutions. It is recommended to ensure cyber security by establishing CIRT, SOC and NOC as per Digital Security Agency guidelines as Critical Information Infrastructure (CII). It is recommended to report any signs of cyber security breach to Digital Security Agency following CII guidelines.
Recommendations given by the inquiry committee to avoid recurrence of similar incidents in any office in future include: It is recommended to prepare any type of system/software/web application following Bangladesh National Digital Architecture (BNDA) guidelines and related standards and guidelines. Also, it is recommended to review and Architectural Review of important ICT based systems/software/web applications used in various departments with respect to BNDA framework. It is recommended to get report from Software Quality Testing and Certification (SQTC) Center of BCC after preparation of software/web application. Regular IT audits are requested to take action as per recommendations.
Also, any kind of change/enhancement/modification in the source code of the software/web application will be checked by the concerned organization on its own initiative and it must be VAPT by BCC’s SQTC center and N-CIRT (BGD e-GOV CIRT). Critical Information Infrastructures (CIIs) are recommended to ensure cyber security by establishing CIRT, SOC and NOC as per Digital Security Agency guidelines. Recruitment of skilled manpower with ICT knowledge in other institutions of government including critical information infrastructure is recommended and regular training measures are recommended.
Secretary of Information and Communication Technology Division Md. Samsul Arefin, Director General of Digital Security Agency Abu Saeed Md. Kamruzzaman, Director General of ICT Directorate Md. Mostafa Kamal, Project Director of BGD e-GOV CIRT Engineer Mohammad Saiful Alam Khan and officials of related ministries, departments and organizations were present at the meeting.