Frauds resulting from failure to maintain password security - reg. - Customs - F.No.401/77/2009-Cus.III

Customs Instructions F.No.401/77/2009-Cus.III Government of India Ministry of Finance Department of Revenue Central Board of Excise Customs 159-A, North Block, New Delhi-110 001. 15th May, 2009 . To All Chief Commissioners of Customs / Customs (Prev.). All Chief Commissioners of Customs Central Excise. All Commissioners of Customs / Customs (Prev.). All Commissioners of Customs Central Excise. Subject: Frauds resulting from failure to maintain password security - reg. *** Sir/Madam, On a number of occasions, there have been frauds reported in the various Customs EDI locations involving compromise of password by officers. Such frauds have led to revenue loss of crores of rupees. 2. The Directorate of Systems has from time to time, issued detailed instructions on password security. These instructions set out the basic steps that should be followed by all the users to eliminate the possibility of compromise of passwords. A list of important instructions is attached as Annexure to this letter. 3. However, despite such instructions being reiterated repeatedly, it is dismaying to notice that instances of password compromise continue to recur with unfailing regularity. It is evident that officers are not taking these instructions seriously, and there is also a failure on part of supervisory officers to effectively monitor the performance of their subordinates. You would agree that the biggest threat to security of an electronic system comes from password compromise and sharing of password. In effect, when an officer shares his password with anybody, he has to, without doubt, be regarded as being in collusion in the fraud that results. The fact that only a few officers have been punished, and that too, not adequately, for password breach may be an important reason why such breaches continue to recur. Central Excise and Service Tax, Directorates and other formations would increasingly be required to work on applications requiring conformity with password security guidelines. 4. The Board would, therefore, like you to ensure that all the security related instructions issued by the Directorate of Systems are complied with by all officers including supervising officers, and those violating them are brought to account without loss of time. Further, whenever any case of password compromise comes to the notice, it has to be thoroughly investigated and proceedings for inflicting exemplary punishment under Central Civil Services (Classification, Control and Appeal) Rules, 1965 [CCS (CCA) Rules] should be undertaken and concluded expeditiously. It should be made clear to all the officers that maintenance of password security is the sole and individual responsibility of each officer and any breach will make them liable to disciplinary action resulting even in dismissal from the Government service. Yours faithfully, Sd. /- (Kameswari Subramanian) Joint Secretary to the Government of India