Government of India
Ministry of Finance
Department of Revenue
Central Board of Excise & Customs
159-A, North Block,
New Delhi-110 001.
15th May, 2009.
Customs Instructions
To
All Chief Commissioners of Customs / Customs (Prev.).
All Chief Commissioners of Customs & Central Excise.
All Commissioners of Customs / Customs (Prev.).
All Commissioners of Customs & Central Excise.
Subject: Frauds resulting from failure to maintain password security - reg.
Sir / Madam,
On a number of occasions, there have been frauds reported in the various Customs
EDI locations involving compromise of password by officers. Such frauds have led
to revenue loss of crores of rupees.
- The Directorate of Systems has from time to time, issued detailed
instructions on password security. These instructions set out the basic steps
that should be followed by all the users to eliminate the possibility of
compromise of passwords. A list of important instructions is attached as
Annexure to this letter.
- However, despite such instructions being reiterated repeatedly, it is
dismaying to notice that instances of password compromise continue to recur with
unfailing regularity. It is evident that officers are not taking these
instructions seriously, and there is also a failure on part of supervisory
officers to effectively monitor the performance of their subordinates. You would
agree that the biggest threat to security of an electronic system comes from
password compromise and sharing of password. In effect, when an officer shares
his password with anybody, he has to, without doubt, be regarded as being in
collusion in the fraud that results. The fact that only a few officers have been
punished, and that too, not adequately, for password breach may be an important
reason why such breaches continue to recur. Central Excise and Service Tax,
Directorates and other formations would increasingly be required to work on
applications requiring conformity with password security guidelines.
- The Board would, therefore, like you to ensure that all the security related
instructions issued by the Directorate of Systems are complied with by all
officers including supervising officers, and those violating them are brought to
account without loss of time. Further, whenever any case of password compromise
comes to the notice, it has to be thoroughly investigated and proceedings for
inflicting exemplary punishment under Central Civil Services (Classification,
Control and Appeal) Rules, 1965 [CCS (CCA) Rules] should be undertaken and
concluded expeditiously. It should be made clear to all the officers that
maintenance of password security is the sole and individual responsibility of
each officer and any breach will make them liable to disciplinary action
resulting even in dismissal from the Government service.
Yours faithfully,
Sd./
(Kameswari Subramanian)
Joint Secretary to the Government of India
F.No.401/77/2009-Cus.III