Cyber-security threats to harm the new tax network?

By Raunak Haldipur

The GST Network (GSTN) is a non-profit entity established to provide information technology infrastructure for the implementation of the Goods and Services Tax (GST) law. When GSTN opened it’s portal for taxpayers to register in November last year, it faced a Distributed Denial of Service Attack (DDOS). A DDOS attack is a cyber-attack wherein multiple viruses are used to target and choke up a single system.

However, GSTN was able to ensure that the system was not disrupted. Since then, the firm has been taking strict measures to tackle cyber threats.

What does the GST Network portal do?

The GST Network will provide core services of registration, return filing and payments, which will all be automated. All the data sharing between the GST Network and the tax administrators will be in real-time. There will be integration with a large number of stakeholder systems so as to reduce data entry and enable quicker validation. A few unique features of GST Network include real-time sharing of taxpayer uploaded data to the tax authorities, a comprehensive taxpayer dashboard and GST compliance rating for taxpayers to be published on a portal.

Concerns with security

There have been enough concerns about the security of citizen information. Companies are interested in knowing how Application Service Providers (ASPs) and GST Suvidha Providers (GSPs) will ensure data security while using ERP systems to extract transaction records. All interactions happen through two layers of third-party service providers, namely, ASPs and GSPs. At all process stages, data upload from the taxpayers to the GST Network is encrypted with 256-bit encryption.

Securing the GSTN

GSTN’s CEO, Mr Prakash Kumar, said that the GST infrastructure will not be affected by the WannaCry ransomware. He explained that the GSTN operates on Linux, which is immune to viruses and will not be affected by the virus attack. Only software’s that run on Windows operating systems will be affected. Mr Kumar also stated that data uploaded by taxpayers on the GSTN portal are stored in encrypted form and are only accessible to the taxpayer and the assessing officer. In order to prevent cyber-attacks, the GST Network does not receive any emails directly. All emails have to go through a help desk.

The system also has sophisticated backup facilities to ensure that the data is secure. Mr Kumar said that the GSTN portal’s beta testing was successful and the system is running smoothly. The portal is capable of handling 3 billion invoices every month. With the registration of over 56 lakh assessees and training of about 60,000 tax officers, the GST Network is set to rollout on 1 July 2017.

Featured Image Source: Visual Hunt