Monday, June 1, 2009

PASSWORD BREACH AT CUSTOMS LEADS TO HUGE REVENUE LOSS

Chennai: Theft/unauthorised third-party use of customs officials' password for accessing the computer network (Customs Electronic Data Interchange or EDI) used by both the customs staff and the merchant community is causing loss of revenue, says an internal communication circulated to the offices at the Central Board of Excise and Customs (CBEC).

On a number of occasions there have been frauds reported in the various Customs EDI locations involving "compromise of password by officers. Such frauds have led to revenue loss of crores of rupees", the communication said.

The Directorate of Systems has repeatedly issued detailed instructions on password security. These instructions set out the basic steps that should be followed by all the users to eliminate the possibility of 'compromise of passwords'.

Dismaying factor

"However, despite such instructions being reiterated repeatedly it is dismaying to notice that instances of password compromise continue to recur with unfailing regularity. It is evident that officers are not taking these instructions seriously and there is also a failure on the part of supervisory officers to effectively monitor the performance of their subordinates," it says.

"The biggest threat to security of an electronic system comes from password compromise and sharing of password. In effect, when an officer shares his password with anybody, he has to, without doubt, be regarded as being in collusion in the fraud that results," it says.

Important reason


Enquiries with the customs officials revealed that a typical instance of an unauthorised access of officer's password is that of the information about a particular case being investigated by the department being leaked to the concerned importer/exporter.

It could also lead to the information being revealed to some other establishment resorting to a similar trade practice that has come to their notice.

The merchant establishment could rearrange its affairs to escape levy of penalty, besides prosecution. The fact that only a few officers have been punished and that too, not adequately for password breach may be an important reason why such breaches continue to recur, sources in the department said.

The Central Excise and Service Tax, Directorates and other formations will increasingly be required to work on applications requiring conformity with password security guidelines. The board would like to ensure that all the security-related instructions issued by the Directorate of Systems are complied with by all officers, including supervising officers, and those violating them are brought to account without loss of time.

Further, whenever any case of 'password compromise' comes to the notice, it has to be thoroughly investigated and proceedings for inflicting exemplary punishment should be undertaken and concluded expeditiously.

It should be made clear to all the officers that maintenance of password security is the sole and individual responsibility of each officer and any breach will make them liable to disciplinary action resulting even in dismissal from the Government service, the CBEC has said.

No comments: