GST – IT Infrastructure – Implementation, Revenue data and information handling, Cyber Security and related issues
Modi worries about Cyber security in the GST context[1]: Prime Minister Narendra Modi on 05-06-2017, Monday asked officials involved in rolling out the goods and service tax (GST) from 1 July 2017 to pay maximum attention to cyber security issues of the IT systems supporting the new indirect tax regime, an official statement said here in New Delhi. At a meeting here to review the preparedness of implementing GST from 1 July, Modi discussed with senior officials the IT and human resources readiness as well as the extent of training given to officers on query handling and monitoring. Finance minister Arun Jaitley was also present at the meeting. Officials informed the prime minister that[2] –
- the IT infrastructure,
- training of officials,
- integration with banks, and
- enrolment of existing taxpayers –
will be in readiness in time for the 1 July roll-out. The statement said quoting Modi that GST roll-out will be an unprecedented turning point for the economy, which will greatly benefit the common man. In a separate informal meeting on Monday 05-06-2017, Modi met all secretaries of government departments and urged them to identify concrete goals to be achieved by 2022 – the 75th anniversary of independence. Modi said top civil servants in the country have an opportunity to transform the lives of one-sixth of humanity and urged them to work beyond the silos of their respective ministries. Modi also called for a mission mode approach to develop 100 most backward districts in India. A Twitter handle, @askGst_GOI, has been started for real time answering of queries. An all-India toll-free phone, 1800-1200-232, has also been activated for this purpose[3]. The PM further told the officials that the creation of ‘One Nation, One Market, One Tax’ will greatly benefit the common man. Maximum attention should be paid to cyber security, he was quoted as saying by the release[4]. The GST Council, chaired by Jaitley and comprising his state counterparts, has already finalised tax rates on most items[5].
Tax rate, exemption and related issues to be resolved in the 14th GST Meeting: While the digital related issues are concerning implementation, there are other legal issues to be tackled. Items like salt, milk, gur, egg, curd, unpacked foodgrain and paneer, fresh vegetables, unbranded atta, maida, besan, honey, besides education and health services, have all been exempted from GST[6]. Tea, sugar, coffee beans, edible oil, packed paneer, milk powder, brooms, domestic LPG and kerosene have been put in the 5 per cent bracket[7]. However, the GST group will have to meet on June 11 to discuss some pending issues and take up tax rate for lottery and other pending rules of e-way bill and accounts and records. Also, the Council will review tax rates of items based on industry representations in case the fitment committee finds that there is a substantial increase from the present tax incidence. Jaitley has said the GST could add as much as 2 percentage points to economic growth[8]. Whatever claims made, assurances given and publicity made, when the goods and services reach commom men, then, only, the facts can be known.
Cyber threats to GSTN portal: When GST Network (GSTN), in charge of technological infrastructure for the new goods and services tax regime, opened its portal to taxpayer registration in November, 2016, it saw “Distributed Denial of Service (DDOS)” a cyber attack aimed at disrupting services and bringing down the host system[9]. With the impending GST rollout, there are several cyber threats to GSTN, which is preparing to ward them off. Concerns have heightened after the recent ransomware attack and Legion hacking of social media data a few months ago[10]. The attack and subsequent plans to build a cyber security unit were confirmed by two sources. “There were attempts from countries such as Pakistan and China to swarm the system with a DDOS attack and bring it down. GSTN was able to ensure the system was not disrupted,” said one source aware of the development. Another attack the GSTN system has seen is the “CrossSite Request Forgery (CSRF)”, an attack wherein a malware creates a Trojan, which can execute unwanted actions from the user’s end. The source cited above said GSTN has also put in place systems to prevent such malware attacks. The network did not respond to specific queries about cyber security threats. Experts feel GSTN can expect hacking attempts, given the importance of commercial data it will handle.
Will the common men really get the benefits of GST?: When crores of traders, shop-owners, small businessmen at one side and big industrialists, business giants and others at other side, all coming to GSTN portal, to get registered, by uploading their documents, after getting password for e-mail etc., how they are going to pay through e-mode, file two dozen formatted retuns online and perform other rituals make them thinking bewildrered. While, the latter groups have no problem, the former group has been plagued with all problems. Though less then Rs One crore turnover dealers need not get registered, if their buyers or end users want credit facility, then, such small players also might follow the suit facing digital mirage or heaven. In the value added accounting and tax adjustment, it is not known as to how many are actually willing to pass on the tax benefits to consumers or simply adjusted with their profit margins, as done earlier. Thus, how, the consumers are going to be made aware about the GST benefits etc.
CBEC, GSTN – one side and private operators at otherside: During the Congress / UPA regime, the GST e-work was entrusted to Nandan Nilakeni[11], and he started a GST portal operative till 2016 with a lot of details. As the present Government entrusted to Wipro and other handlers, that site was removed stage by stage. Now new players have appeared like LegalRaasta, obviously earlier associated with the connected companies. Thus, comments come from them. “It’s also important that companies offering GST solutions ensure SSL pinning (meant for encryption of data) to their GST applications to prevent MITM attacks,” said Akshat Jain of cybersecurity firm Cyware[12]. Himanshu Jain, the CEO of LegalRaasta[13] which is building a GST solution and has also applied to become a GST Suvidha Provider (GSP), said it has integrated SSL in both its website and app[14]. Cyware’s Jain said Clickjacking, wherein a user is tricked into clicking on a false link, may not be a major concern for GST. He said proper awareness by GSTN and GSPs about their correct website links could help prevent taxpayers from being misled into wrong URLs.
© Vedaprakash
10-06-2017
[1] livemint.com, Narendra Modi asks officials to focus on cyber security of GST infrastructure, Gireesh Chandra Prasad, Last Modified: Tue, Jun 06 2017. 01 28 AM IST
[2] http://www.livemint.com/Politics/JLcuWKAHjroEP5CwhNxxvJ/Narendra-Modi-asks-officials-to-focus-on-cyber-security-of-G.html
[3] The Hindu Businessline, PM reviews GST progress, says cyber security is critical, by K.R. Srivats, published on June 5, 2017
[4] http://www.thehindubusinessline.com/economy/policy/pm-modi-reviews-progress-towards-gst-implementation/article9720449.ece
[5] ndtv.com, Ahead Of GST Launch, PM Modi’s Review, And A Warning On Cyber Security, Edited by Anindita Sanyal | Updated: June 05, 2017 16:47 IST.
[6] Indian Express, PM Modi reviews GST preparedness, calls it ‘turning point’ for nation,
By: ENS Economic Bureau | New Delhi | Published:June 6, 2017 2:00 am
[7] http://indianexpress.com/article/business/economy/pm-modi-reviews-gst-preparedness-calls-it-turning-point-for-nation-4690745/
[8] http://www.ndtv.com/india-news/prime-minister-narendra-modi-reviews-progress-of-gst-ahead-of-its-july-1-launch-1708089
[9] Economic Times, GST Network strenthens security system, by Mugdha Variyar, ET Bureau, May 31, 2017, 11.22 AM IST.
[10] http://economictimes.indiatimes.com/tech/internet/gst-network-strengthens-its-cyber-security-system/articleshow/58923242.cms
[11] Nandan Nilekani (born 2 June 1955) is an Indian entrepreneur, bureaucrat and politician. He was the Chairman of the Unique Identification Authority of India (UIDAI). After a successful career at Infosys, he headed the Government of India’s technology committee, TAGUP. He is a member of Indian National Congress but not active in politics as of 2015. As chair of the UIDAI he is responsible for implementing the envisioned Multipurpose National Identity Card, or Unique Identity card (UID Card) project in India.
[12] tech.economictimes, GSTN strengthens walls to keep out cyber criminals, Mugdha Variyar | ET Bureau | May 30, 2017, 09:07 IST
[13] https://www.legalraasta.com/
[14] http://tech.economictimes.indiatimes.com/news/technology/gstn-strengthens-walls-to-keep-out-cyber-criminals/58904977