Latest news with #IIT-R
Indian Express
3 days ago
- Politics
- Indian Express
IIT Roorkee data breach: A wake-up call for higher education institutions
By Paakhhi Garg and Nachiketa Mittal In an alarming data breach, the sensitive personal data of around 30,000 students and alumni of IIT Roorkee was reportedly found to have been compromised. The leaked database reportedly contains their mobile numbers, caste, financial status, email addresses, photographs and other data. IIT-R's administrative systems seem to have turned a blind eye to cyber safety standards. It could happen to any other higher education institution (HEI). In many cases, it may already have happened, with us remaining oblivious — exposing people to the threat of cybercrimes despite no negligence on their part. Lakhs of students, parents and employees share sensitive personal data with HEIs. However, do HEIs have cyber security standards and the requisite infrastructure, training and institutional accountability measures in place? The IIT-R episode must be a clarion call to all HEIs in the country to be steadfast in protecting data. This is no longer a choice as the Digital Personal Data Protection (DPDP) Act, 2023 has both the teeth and the legislative intent to penalise non-compliant institutions. Critical vulnerabilities have been allowed to grow because of the notion that academic prominence somehow correlates with digital security. The IIT-R breach was caused by a fundamental breakdown in data security. Our HEIs must take note of it. That's why a three-pronged strategy is required. First, legal safeguards. Strict compliance with legal standards must be the cornerstone of any effective cybersecurity plan. With laws like the Information Technology Act, 2000, Sensitive Personal Data or Information (SPDI) Rules, 2011 and now the DPDP Act, India has achieved significant progress. This legislation requires organisations, who are referred to as 'data fiduciaries' or 'bodies corporate' to employ 'reasonable security safeguards' to secure personal/sensitive data. This implies many things for HEIs, including that institutions must be transparent about the what, why and how of the data. All this information has to be shared in the form of a clear privacy notice and policy for external users and internal staff respectively. The HEIs must obtain explicit consent from all users whose data they are collecting and store only the data necessary for their purpose. Under the Information Technology Act, a breach must be reported to CERT-In within six hours. However, the IIT-Roorkee event shows a notable failure in this area, with a third party allegedly having found the vulnerability. Ideally, the law will hold the institution financially accountable for this 'breach' or 'contravention' in the absence of 'reasonable security practice', as stated in SPDI Rules and the IT Act respectively, with penalties. Second, technical a solid technological basis, legal compliance is pointless. The IIT-R event has exposed an essential digital hygiene breakdown. A practical approach must be much more than a firewall and antivirus program. All vital systems, such as student portals, administration databases and financial records, ought to require multi-factor authentication. To further reduce the possibility of internal data breaches, role-based access control should guarantee that employees only have access to the limited data. To monitor traffic and stop illicit activity, HEIs need to use advanced network security measures, such as modern firewalls and intrusion detection/prevention systems. Every device should have endpoint detection and response software installed to offer an extra line of defence against malware and zero-day attacks. All sensitive data, whether stored on servers ('at rest') or transmitted across networks ('in transit'), must be encrypted. This simple measure can render stolen data useless to attackers even if they manage to exfiltrate it. The practice of waiting for a breach to be discovered by an external party is a grave dereliction of duty. Institutions must conduct frequent, independent penetration testing to proactively find and address vulnerabilities. An incident response plan is a playbook for what to do before, during and after a cybersecurity incident. It should outline roles and responsibilities, communication strategies and technical steps to contain and recover from the breach. Finally, organisational safeguards. Even the most sophisticated technology can only be as effective as the people and procedures that use it. A robust organisational structure is possibly the most important component of the cybersecurity jigsaw. Every HEI must establish a clear governance structure for cybersecurity. A dedicated data protection officer (DPO) who reports directly to senior leadership needs to be part of the team. Institutions must create and implement transparent rules for handling data, managing passwords, granting remote access and responding to incidents. Effective communication and frequent updates are also required. The human element is often the weakest link. All students, faculty and staff must receive mandated and continuous cybersecurity training from HEIs. Phishing simulators may be a valuable tool for raising awareness and testing. A harsh lesson about the high cost of negligence may be learned from the IIT-R event. All Indian HEIs should take the time to reflect and acknowledge that they can no longer claim to be purely academic institutions creating knowledge — they collect the sensitive personal data of lakhs of individuals including minors, and hence are clearly responsible under the law for creating a digital infrastructure and security system for data protection. This law, the DPDP Act, will offer no immunity to HEIs when it comes to compliance. Chancellors, vice-chancellors, deans and institutional heads must act with urgency before we see a sequel. Garg is director, trainings, World Cyber Security Forum, and Mittal is registrar and professor of Law, NLU, Tripura
Time of India
05-05-2025
- General
- Time of India
In 3 decades, Guj improves its lake, reservoir areas by 577 sq km: Study
1 2 Ahmedabad: A recent study by IIT Roorkee indicated that Gujarat recorded a rise in lentic water bodies (LWB) by 577 sq km from 1990 to the 2020s. Water bodies with still water, such as ponds, lakes, and reservoirs, are identified as LWB, reports Parth Shastri. Based on satellite data analysis along with other parameters, researchers indicated Gujarat had 308 sq km area of LWB in 1990, which increased to 885 sq km, marking a rise of 187%. The study, 'Exploring the Intersection of Socioeconomic and Environmental Changes and Their Impact on India's Lentic Water Systems,' by Pooja Singh, Tanya Nema, Basant Yadav, Abhay Raj, and Ilhan Özgen from IIT-R and Germany-based Technical University of Braunschweig, is in preprint of Elsevier journal Environmental and Sustainability Indicators. The study considered four major states in four regions of India – Punjab in the north, Gujarat in the west, Kerala in the south, and West Bengal in the east. According to the study, Gujarat recorded the highest rise in LWBs among the four states. The study collected three decades of data for parameters such as social, economic, and meteorological data and their impact on LWBs. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like No dark spots, 10 years younger! Just take this from Watsons URUHIME MOMOKO Learn More Undo According to the study, LWBs in Punjab fluctuated from 21.2 sq km to 30.9 sq km over three decades, whereas in West Bengal, the range was 557.3 sq km to 459.8 sq km. The LWB area in Kerala grew from 44.5 sq km to 72.3 sq km over three decades, the second highest among the four states after Gujarat. More importantly, the study highlighted that the LWB trend can be attributed to the overall positive trend of total water - growing from 27,225.3 sq km to 36,231 sq km in three decades. 'Overall, the total water area exhibited differing trends throughout states, with Gujarat showing the most substantial positive growth and Punjab showing the highest drop, despite an ongoing rise in the number of LWB,' indicated the study. " Narmada water scheme in various regions earlier not part of the scheme is considered to be the biggest factor for the phenomenon where the waters are now reaching up to the Kutch region," said an Ahmedabad-based water resources expert. "Along with that, the sustained campaigns, especially in the Saurashtra region, have yielded results in the form of a rise in check dams and smaller reservoirs." Researchers also pointed to the state's rise in the share of water in the total surface area at about 3.7 percentage points in three decades. Three other states recorded a not-so-significant rise. 'Gujarat had a 3.7% rise in water area, a 0.93% gain in built-up area, and a 2.75% drop in barren land area, while agricultural land went up by 0.18%. LULC changes were constant across the study states, with built-up regions expanding, barren lands contracting, and agricultural and dense vegetation areas showing mixed patterns,' added researchers. It is notable that in 2024 the state govt mentioned in a report on water sources that the available water in Gujarat is 55,608 million cubic meters (MCM), out of which 38,100 MCM (68.5%) is surface water, and the rest is groundwater. Interestingly, 80% of the surface water is located in the south and central Gujarat regions.
