The Election Commission will keep 171 subsidiary organisations, which take the server services of its National Identity Card Registration Wing (NIDW), under surveillance.
The commission came up with the decision in a meeting with experts and technicians concerned at the Election Commission building in Agargaon of the capital on Thursday (13 July).
NID Director General (DG) AKM Humayun Kabir said, "I sat with officials from universities and technical experts, and heard their opinion and recommendations. We will talk to 171 partners to implement the decisions."
He said that the VC of Bangabandhu Sheikh Mujibur Rahman Digital University recommended conducting periodic audits and increasing the physical and technical securities.
Read: NID server is secure: DG
The technical experts told Kabir that no mistake was found in their end regarding the data leak.
He said the Information and Communication Technology Division formed a technical probe committee over the incident.
"I have asked our people to cooperate with the committee so that we can take preventive measures. Cyberattacks are intensifying. If our skills are not improved, we will always be vulnerable."
Kabir said there are no loopholes in the Election Commission's server securities.
Read: Cyber teams working on leaked NID info: Home Minister
"Still, we need to strengthen our system more so that we can do a periodic audit. The technical committee can sit down from time to time to see if there are any threats. They suggested that we can monitor our partners."
The NIDW director general said when the EC signs an agreement with an organisation regarding NID data, they look into the organisation's security arrangement.
"Then they need to obtain a certificate from the ICT Division. Now we will make it mandatory for them to obtain the ICT Division to be eligible for the contract. However, we will have to increase periodic audits – in gaps of three to six months– after the deal is signed." “The technicians recommended us to sit with them.”
Actions will be taken if the partner organisations break the agreement, Kabir warned.
Stating that the experts recommended setting up a Disaster Recovery System (DRS), he said.
Read: Cabinet clears draft bill to shift NID registration from EC to Home Ministry
“We signed an agreement with the Bangladesh Computer Council [BCC] on Wednesday. From next month, our data will go to the DRS in Kaliakoir for preservation. If there is any disaster, we can recover from it. We will also form a technical committee and take action according to their suggestions,” he said.
Mentioning that there is no vulnerability in the NID server, he said, "Even banks can ask for NID numbers as it's not something secret. You have to provide the NID number to apply for a passport or get your salary. It's not something that cannot be obtained."
IDEA (Smartcard) Project Director Abul Hasnat Mohammad Sayem said, “We all have limitations in our knowledge about cyber security…universities across the world have cyber security as an undergraduate subject, but we don’t. So, in general we have low cyber security awareness here.”
“We are trying to increase awareness and knowledge on cyber security”, he added.
Mosaddek Hossain Kamal, professor of Computer Science and Engineering, University of Dhaka; Professor Muhammad Mahfuzul Islam, vice chancellor of Bangabandhu Sheikh Mujibur Rahman Digital University; and representatives from the ICT Division, Bangladesh Police, RAB, Tiger IT, BUET and Ahsanullah University of Science and Technology and senior officials of the EC were also present at the meeting.