GSTN arming itself against potential cyber attacks

BENGALURU|NEW DELHI: In order to make the technology infrastructure of the country's largest tax reform completely fool proof against any cyber-attacks, the Goods and Services Tax Network (GSTN), the agency that is in charge of the technological infrastructure and services for the indirect tax regime, is in the process of setting up a separate cybersecurity entity that will monitor the platform on a 24/7 basis. The agency is currently in the process of roping in a third-party firm for the unit through a bidding process.


"While GSTN has basic security mechanism in place built by Infosys at the time of going live, security threats are continuously evolving and the agency needs to have a separate security set-up that will monitor the systems 247," said a source aware of the developments.

While Infosys, which is the Managed Service Provider (MSP) for GSTN under a five-year contract, will also take care of the security of the network, the third-party centre will make sure that no loopholes remain in the system which can be exploited by cybercriminals.

"The idea behind the independent centre is to make sure that nothing is left as far as ensuring the security of the system is concerned," said a GSTN official who did not wish to be identified. The person added that the project has been discussed with the Security Advisory Board of the government last week and the centre is expected to be operational in the next 2-3 months.

The new monitoring and analytics centre will analyse user data and even behavioural patterns to alert about discrepancies and fraud attempts. "Since all the data, even from GST Suvidha Providers (GSPs) and Application Service Providers (ASPs), flows through the GSTN portal, the monitoring will indirectly extend to them as well," the source mentioned above said.

The GSTN has shortlisted 34 companies to be GSPs and provide tax-filing platforms for businesses by developing on the GSTN's APIs. Over 60% of the 8-million taxpaying enterprises, who will migrate to the GSTN platform, have already created their accounts on the portal. The GST is now expected to roll out in the country from July 1.

Cybersecurity has become a major concern in recent times and several incidents of data hacking by groups such as Legion have forced authorities to bolster security mechanisms especially where sensitive data is concerned.