Cybersecurity in E-Tendering: Safeguarding Digital Procurement in India

As India is growing with the fast-paced steps, the realm of procurement has also accompanied the growth. The dramatic shift from paper-based tendering to e-tendering has given efficiency and transparency in the procurement process. But this digitized world of tendering and procurement has set new challenges to counter, these are primarily the cybersecurity threats. In this article, we will explore the potential threats in the procurement ecosystem and measures to safeguard this aspect of governance. 

THE E-TENDERING LANDSCAPE 

While India is making significant strides in digital world, the tendering process and platforms like GeM (Government e-marketplace), CPPP (Central Public Procurement Portal), and various other state-initiated portals are devised to aid the government to manage the contracting and bidding processes. These platforms have widened the user base and increased the reach, improving transparency, and efficiency. 

But as the famous quote goes” with great power comes greater responsibility”. The e-tendering and procurement, while beneficial, has opened new avenues for cyber threats. As of 2021, cyber threats in the supply chain industry have reached up to the alarming high rate of 17% of all cyber-attacks, these statistics highlights  

UNDERSTANDING CYBERTHREATS IN E- TENDERING 

To safeguard the tendering and procurement system, it is important to understand the origin and nature of these cyber threats. When it comes to e-tendering, cyber threats can be defined as malicious acts committed to compromise the integrity and confidentiality of the procurement data or to interrupt the e-tendering process.   

These threats can arise from both internal and external sources. The external threats are from hackers, crime groups or people looking to exploit vulnerabilities in the e-tendering infrastructure or software. The internal threats stem from employees or through intentional malicious aims or unintentional errors. 

SOME COMMON CYBER THREATS IN E-TENDERING  

• Malware and ransomware: in this the malicious software is used to gain unauthorized access to the procurement data and documents and hold it for ransom. 

• Data breaches: unauthorized access to the data and documents of e-tendering databases can lead to the theft of information like strategic procurement plans, vendor information and bidding details. 

• Man-in-the-middle attacks: these involves altering and intercepting communication between procurement officials and vendors, which may lead to fraudulent awarding of contracts or any fraudulent payments. 

• Denial of Service Attacks: by bombarding the websites and portals with false requests, attackers could disrupt the bidding process. These can potentially cause delays or prevent legitimate bids from being submitted. 

• Phishing Attacks: the fraudsters pose as legitimate vendors or procurement officials and trick users to reveal sensitive information like login details and misuse it. 

VUNERABILITIES IN E-TENDERING ECOSYSTEM 

Intense security measures have been taken to compose the E- Tendering platforms of India but still there are vulnerabilities. Some are discussed below: 

•  Inadequate cyber hygiene: the basics of security are often overlooked, and such as not using strong passwords and not regularly updating the software, all these vulnerabilities create the gap for breach. 

• PDF vulnerabilities: innocuous PDF documents can be a vector for malware if not properly secured and can cause major destruction in the e- tendering process by spreading the malware in the system. 

• IoT integration: as it is most relevant in supply chain management it can introduce potential entry points for cyber-attacks. 

• Social Engineering: the weakest link in cyber security is the human element of it. The vendors and officials may fall prey to the tactics of social engineering. 

• Cloud security: Most of e-tendering websites use cloud-based storage, so it becomes very crucial to ensure the safety of the data stored and processed in the cloud. 

THE 7 STEP APPROACH TO SAFEGUARD THE INDIA’S E-TENDERING ECOSYSTEM 

To tackle the cyber threats in the e-tendering ecosystem, a comprehensive approach is needed for resilience. Let’s explore an approach that can be implemented: 

STEP 1- COMPREHENSIVE ASSESMENT APPROACH 

The very first step to secure the e-tendering ecosystem is to conduct a robust risk assessment. 

1. Analyse the security protocols of the vendors 

2. Assesses the employee privileges and the access points used by them.  

3. Conduct regular vulnerability assessments and penetration testing. 

STEP – 2 COLLABORATION OF IT and PROCUREMENT TEAMS 

In order to build a solid wall and ensure the e-tendering process is protected from cybersecurity threats collaboration between the IT professional and the internal procurement team is essential. 

1. Identify the potential risks in the software and create the necessary solution. 

2. Develop policies that are security conscious 

3. While taking decisions about e-procurement consider the security aspect of it. 

STEP – 3 IMPLEMENTATION OF STRICT ACCESS CONTROL 

By limiting access controls, sensitive procurement data can be protected. This can be achieved by: 

1. Implement role-based access control systems (RBAC) 

2. Regular updating and review of privileges 

3. Use of multi-factor authentication for secured access to e-tendering platforms 

4. Adding the features of least privilege where people can access only the data which are relevant to their roles. 

 STEP – 4 DATA ENCRYPTION  

Encryption of sensitive data is essential for both transit and rest. This includes: 

1. End-to-end encryption of all communications related to the sensitive data to be implemented. 

2. Ensure all the data like bid documents and vendor information is encrypted. 

3. Use secure protocols for all web-based e-tendering platforms. 

STEP – 5 CLEAR DATA OWNERSHIP AND STEWARDSHIP 

Establishing clear ownership and responsibility for data of the e-tendering ecosystem is crucial. This includes: 

Establishing clear ownership and responsibility for data within the e-tendering ecosystem is crucial. This involves: 

1. Appointment of stewards for maintaining the data integrity and security of procurement of data. 

2. The roles and responsibilities should be clearly defined. 

3. Implementation of data governance for consistent handling of data across the different departments of government and agencies. 

STEP- 6 DEVELOPING AN INCIDENT RESPONSE PLAN 

Despite all the efforts, some security incidents may occur. A well-defined incident response plan is very much needed. The plan may include: 

1. A clear set of procedures to identify the security incidents and reports 

2. Sanction a plan to mitigate the impact the security breach. 

3. Protocols for communication, for stakeholders, vendors and the public. 

STEP- 7 CONTINUOUS AWARNESS AND EDUCATION 

It is essential that all the stakeholders are well informed about the potential cyber threats and best practices to mitigate them. It can be done through 

1. Training the vendors and officials on cyber security 

2. Simulations to improve and test the capabilities 

3. Promotion of awareness against cybersecurity in the e- tendering ecosystem.   

THE CHALLENGES IN THE IMPLEMENTATION OF CYBERSECURITY SYSTEM 

There are several challenges in the implementation of cybersecurity that we need to address in the order to achieve total security against the threats: 

• BUDGET CONSTRAINTS: The cost of comprehensive cybersecurity can be huge and allocation of budget for such is limited. 

• LACK OF SKILL: there is a shortage of experts in the domain of e- tendering. 

• DIGITAL DIVIDE: The most evident challenge is the vast divide in in India when it comes to digital literacy. A huge number of small and medium enterprises, essentially in rural areas. Lack the technical knowledge and shortage of the resources needed to implement the robust cybersecurity measures 

• RAPID CHANGES IN TECHNOLOGY: Cybersecurity measures are constantly updated as technology changes, so keeping yourself is a regular and never-ending task. 

HOW TO BUILD A SECURE DIGITAL PROCUREMENT ECOSYSTEM 

With the essential digitization of the procurement and tendering systems, the security of the system is the main concern. Here are the key considerations for the future. 

• Developing a robust national cybersecurity framework to guide all the government departments in case of threats and contingencies to provide standardized guidelines. 

• The collaboration between the public-private partnerships sector can result in innovative security solutions and resolve the problem of limited budget.  

• To maintain the integrity of bid documents and prevent tampering blockchain integration can explored as it may enhance security and transparency. 

• Collaborating with international agencies can result in sharing best practices and addressing the global challenges in digital procurement. 

India needs to build a strong and reliable procurement system, to protect the data from any cybersecurity threats.  To transform the procurement process it is essential to address these issues and devise possible solutions.  By fully digitizing the procurement and tendering systems India has made the process of bidding and tendering very easy and transparent but the pros are followed by the cons, by tacking the cons we can make the process more secure and be free of threats. For India to be a powerhouse it is essential that it safeguards its sensitive data regarding the tendering process as it is a driving force for the development of nation. All the major and minor projects are completed by awarding contracts.