Subhadra Yojana, launched by Prime Minister Narendra Modi on his birthday i.e. September 17, 2024, is a groundbreaking initiative by the Government of Odisha aimed at empowering over 1 crore women between the ages of 21 to 60. Named after Goddess Subhadra, this scheme provides financial assistance of ₹50,000 over a five-year period to eligible beneficiaries, with funds directly transferred to their bank accounts in bi-annual installments of ₹10,000.

Subhadra scheme is the largest, single women-centric scheme and is expected to cover more than 1 crore women. Under the scheme, all eligible beneficiaries between the age of 21-60 years would receive Rs. 50,000/- over a period of 5 years between 2024-25 to 2028-29

An amount of ₹10,000 per annum in two equal instalments will be credited directly to the bank accounts of the beneficiaries. As many as 76 lakh women have so far registered in the scheme.

During the programme, over ₹1,250 crore was transferred to the bank accounts of more than 25 lakh women beneficiaries under the Subhadra scheme.

The Subhadra Yojana, a flagship initiative of the newly formed BJP government in Odisha, is launched on September 17, 2024, coinciding with Prime Minister Narendra Modi’s birthday. With the BJP coming to power in Odisha after 24 years of BJD rule, the government aimed to roll out this transformative program within the first 100 days of governance. This ambitious timeline posed significant challenges in completing the full cybersecurity assessment, including Aadhar-based verification audits.

The project required the collection of applications through Jana Seba Kendra/Common Service Centres, where all submissions would be verified against government databases and through field enquiries as needed. Beneficiaries were required to complete e-KYC formalities, preferably through face-authentication via the SUBHADRA Mobile Application, using their Aadhaar numbers. They could also opt to pass on the benefits to fellow women in Odisha through the SUBHADRA Portal.

With the complexity of the applications and the Aadhaar-based e-KYC system, ensuring robust security and compliance under these tight deadlines was a monumental task. The integration of the Aadhaar system, involving sensitive biometric data and authentication, added another layer of urgency to the assessment. Despite these challenges, we successfully ensured that the data infrastructure for Subhadra Yojana met the highest standards of security and compliance, enabling the government to empower over 1 crore women across the state.

To meet the tight deadlines and extensive requirements of securing the Subhadra Yojana project, Threatsys, one of India’s leading cybersecurity firms, deployed a specialized team of experts. The team comprised eight security researchers, a Project and Delivery Manager, and a Chief Auditor for CERT-IN Cyber Security Testing and Audit. Additionally, three dedicated auditors were assigned to ensure UIDAI KUA and AUA Compliance.

Before initiating any security testing, the team thoroughly analyzed the workflow of the four critical modules within the Subhadra Yojana application, ensuring a deep understanding of the system architecture and data flow.

Security testing was conducted on a dedicated staging server to mirror real-world conditions without affecting the live environment. The use of diverse commercial cybersecurity tools, including Burp Suite, IBM App Scan, WhiteHat DAST, Veracode, Acunetix, Netsparker, HCL Appscan, Qualys Web Apps Scanner, OWASP Zap, SAINT, and Tenable, allowed for a comprehensive assessment of vulnerabilities in the web and mobile applications, as well as API security.

Threatsys followed the OWASP, CERT IN, NIST, SANS testing guide and ISECOM’s Open-Source Security Testing Methodology Manual (OSSTMM). This approach simulated potential external attacks as well as actions taken by authenticated users, identifying several critical, high, medium, and low-level bugs. Threatsys team  closely collaborated with the development team to address and patch security issues in the mobile and web applications, as well as at the API level.

For the UIDAI KUA and AUA audit, Threatsys conducted a GAP Assessment, gathering essential evidence in line with the  UIDAI Audit Checklist 3.0. After completing the necessary testing and verifications, comprehensive reports were prepared, detailing findings and ensuring compliance. The Audit Certificate for the Aadhaar compliance was issued after all proper audits, evidence gathering, and documentation were completed.

Following thorough assessments, CERT-IN Certificates were issued to the Department for both the Subhadra Mobile Application and the Web Application, marking the completion of all required cybersecurity audits. These certifications confirm that both platforms are secure and compliant with Indian cybersecurity standards, further reinforcing the integrity of the Subhadra Yojana initiative.

Through a meticulous and well-coordinated approach, Threatsys successfully delivered and Secured Data for 1 Crore Women:

By implementing advanced cybersecurity measures, Threatsys ensured the safe handling of sensitive data for over 1 crore women beneficiaries in Odisha, safeguarding personal information and preventing unauthorized access.

Threatsys successfully completed the UIDAI KUA and AUA Audits, ensuring full compliance with Aadhaar-related security and privacy requirements. The issuance of the Audit Certificate confirmed that all security measures aligned with UIDAI’s stringent guidelines.

Both the Subhadra Mobile Application and Web Application received CERT-IN Certificates, validating that the platforms met national cybersecurity standards and were safe for large-scale use.

Despite the tight deadline set by the newly formed Odisha government, Threatsys completed the full cybersecurity assessment, Aadhar audits, and necessary documentation within the required timeframe, supporting the successful launch of the Subhadra Yojana. The secure integration of Aadhaar-based e-KYC through face-authentication on the Subhadra Mobile Application ensured smooth onboarding for beneficiaries, enhancing user experience while maintaining robust security.

These results not only supported the successful launch of Subhadra Yojana but also set a benchmark for secure implementation of large-scale government initiatives, ensuring both data integrity and compliance with regulatory standards.

Food, Supplies and Consumer Welfare Department is a composite Department with the status of both Secretariat and Directorate. Hon’ble Minister, F.S. & C.W. is Minister in charge of the Department. Food, Supplies and Consumer Welfare Department, Government of Odisha created the 4 pillar systems i.e PDS System, Directorate of Legal Metrology, Grievance Redressal System, Food Odisha Portal.

PDS ( Public Distribution System ) Welfare Scheme, The system identifies & categories the weaker section of the population as targeted beneficiaries under various schemes. They receive ration cards from the government to claim their entitlements in the form of specific quantities of essential commodities from the retail outlets every month. The significance of PDS lies in its effort to distribute food grains equitably, & at a fairly low price to the poor of the society. Rice, Levy Sugar and APL Wheat are distributed through public distribution system

Directorate of Legal Metrology, The Legal Metrology wing of the state of Odisha is functioning at the Directorate of Legal Metrology under the Food, supplies & Consumer Welfare Department of Government Headed by a senior most administrative officer designated as Controller of Legal Metrology. All the consumers generally purchase the goods either in Weight or in volume or in length or in numbers etc and the responsibility has been cast upon this organization to ensure that the consumer gets the correct quantity whether it is in Weight, in volume, in length or in numbers for which he has paid the money to the consumer. The Department is engaged in regulating use of correct weighing and measuring instruments in production, trade and commerce to ensure that exact weight, measure and number of any commodity is provided to any customer as contracted for, or paid for by him. It also safeguards consumers’ interest by ensuring mandatory declarations on packaged commodities.

Grievance Redressal System, primarily covers the receipt and processing of complaints from citizens and consumers, a wider definition includes actions taken on any issue raised by them to avail services more effectively for Ration Card under Food, Supplies and Consumer Welfare Department.

Food Odisha Portal, that consists of Transparency Portal with PDS Depots and FPS Delaer and Procurement Societies and Registration. One Portal that managed all Ration Card Management with Farmer Registration, Verified Famer, Procurement Status under PPAS, Farmerwise Payment Status, Societies Engaged, Dealer List, Stock Management, Dealer List and all.

The Food Supplies and Consumer Welfare (FSCW) Department of the Government of Odisha is responsible for managing critical information related to food supplies and consumer welfare, including the Public Distribution System (PDS) welfare scheme, which benefits a large number of citizens. The PDS scheme deals with sensitive information that pertains to the management of ration cards for 2.5 crore citizens under the One Nation One Card initiative. Given the high level of sensitivity of this information, accessing and testing it can be challenging, as it requires the maintenance of strict confidentiality measures.

To address this challenge, the FSCW Odisha has developed four major applications, including the Directorate of Legal Metrology, Grievance Redressal System, Ration Card Management System, and the FSCW PDS Application, each of which must be tested separately to ensure that they meet the necessary security requirements by Threatsys Technologies, The Leading Cyber Security Testing Service Provider in Odisha, India. The primary objective of this testing is to perform a penetration testing and cybersecurity audit on all modules, in accordance with the CERT-in Security Guidelines and other security frameworks such as the OWASP Top 10 and SANS Top 25 Vulnerabilities.

The primary focus of this web application security testing is to ensure the integrity and confidentiality of the data and application, enabling all online citizen services provided by the Government of Odisha to be securely managed throughout the state. Given that the portal deals with different levels of privileges, it is crucial to thoroughly check the permission-based access controls within different user access controls for each of the applications. By doing so, the FSCW Odisha can ensure that its applications are secure, safeguarding sensitive information, and providing reliable and secure services to the citizens of Odisha.

Threatsys, the well-known CERT-IN Cyber Security company of India, has appointed eight security researchers under the Project and Delivery Manager. In order to gain a better understanding of the application, the team thoroughly studied the workflow of the four modules before conducting any security testing. The testing was carried out on a host that was hosted on the staging server, using a variety of commercial cyber security tools, including Burp Suite, IBM App Scan, WhiteHat DAST, Veracode, Acunetix, Intruder, Netsparker, HCL Appscan, Qualsys Web Apps Scanner, OWASP Zap, SAINT, and Tenable.

During the manual testing phase, the team engaged in both black box and white box testing and identified significant security issues in the four applications managed by the Food Supplies and Consumer Welfare (FSCW) Department of the Government of Odisha. One of the applications was found to be vulnerable to Account Takeover due to a misconfiguration, which enabled the team to tamper with the victim’s email and redirect the reset link to the attacker’s email address. To remedy this issue, the team recommended implementing server-side validation of emails sent in response to a request, in order to verify whether they belonged to the requested user or not. With the coordination of the development team, this issue was resolved by adding server-side validation and removing the email parameter from the request.

The team also discovered multiple privilege escalation issues due to the lack of access controls in API requests. As a result, low-end users were able to access admin functionalities, compromising the system’s security. In addition, several other bugs were discovered and reported to the developers with detailed reports on their impact, evidence, and remediation strategies. The team worked closely with the developers to ensure they had a clear understanding of the issues and could address them promptly.

Overall, the team identified more than 35 bugs across all the portals of FSCW, including six critical and 13 high-level vulnerabilities. All projects were delivered and retested within the set deadline, with the development team taking three weeks to fix all the raised security gaps. Threatsys remains committed to ensuring the integrity and confidentiality of the data and applications it works on, helping to safeguard sensitive information and online citizen services managed by the Government of Odisha.

Threatsys has successfully completed the cyber security testing and CERT-IN Security audit project with the utmost diligence and professionalism. The company provided Initial Version 1 and Final Version 2 Reports with the appropriate support on time, and according to the proper security implementation, which has helped to issue the CERT-In VAPT certificate for all four modules of the Food, Supplies and Consumer Welfare Department, Odisha Government

All the modules of Food, Supplies and Consumer Welfare Departments are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that citizens of Odisha can now use the Ration Card Management, PDS System, and Grievance System applications securely. These applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the No.1 Cyber Security Testing Company in bhubaneshwar that protects the data of all the citizens of Odisha and responsible for their security, integrity and privacy.

Biju Swasthya Kalyan Yojana (BSKY) is a health insurance scheme that the Government of Odisha launched in India in 2018. The scheme aims to provide affordable and accessible healthcare to the people of Odisha, especially to those who are economically disadvantaged or belong to vulnerable sections of society. Under the BSKY scheme, eligible beneficiaries can avail of cashless treatment at empanelled hospitals for various medical conditions, including hospitalisation, surgery, and pre and post-hospitalisation expenses. The scheme also covers the cost of diagnostic tests, medicines, and other medical supplies.

BSKY provides health insurance coverage for medical expenses (up to Rs. 5 lakhs for families and up to Rs. 10 lakhs for women) incurred for treatment in hospitals and health centres across the state of Odisha. Around 4,036 medical treatments and 255 surgical procedures are covered under this scheme.

Insights of BSKY Project under Department of Health and Family Welfare, Goverenment of Odisha. Beneficiary 4.79 Cr. Total Households 119.5 Lakhs, Card Holders 3.34 Cr., Households Covered 96.42 Lakhs (81%), Hospitals 9,324, where as Govt. 8,530 Private 794 No. of Treatments Done 1.19 Cr., Govt 1.17 Cr., Private 2,76,240. 2023 Reimbursement (Pvt) 628.02 Cr.

Biju Swasthya Kalyan Yojana Projects consists of several Modules like BSKY Portal, Hospital Empanelment Portal, BSKY Citizen Dashboard, Grievance Portal, BSKYTMS Portal, BSKY Mitra Assistance AI Platform, BSKY Mobile Application and more.

BSKY Healthcare data is highly sensitive, and there is a significant risk of data breaches, which can lead to identity theft and other serious consequences of each Biju Swashthya Kalyan Card Holders. Threatsys is ensuring that data privacy is maintained and that sensitive information is adequately secured.

BSKY Portals and applications are the prime target for cybercriminals due to the vast amount of sensitive data they store. All the Web and Mobile Applications are heavily regulated, and compliance with regulations such as HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) is crucial. Threatsys needs to complete the whole project of 10+ Applications within 1 month of timeline.

Threatsys, the well-known Cyber Security Firm of Bhubaneswar, Odisha, has appointed ten security researchers under the Project and Delivery Manager. In order to gain a better understanding of the application, the team thoroughly studied the workflow of the four modules before conducting any security testing. The testing was carried out on a host that was hosted on the staging server, using a variety of commercial cyber security tools, including Burp Suite, IBM App Scan, WhiteHat DAST, Veracode, Acunetix, Intruder, Netsparker, HCL Appscan, Qualsys Web Apps Scanner, OWASP Zap, SAINT, and Tenable.

Threatsys used a combination of the Open Web Application Security Project (OWASP) testing guide and ISECOM’s Open-Source Security Testing Methodology Manual (OSSTMM) for conducting penetration test of the server and applications. The testing was done to simulate as closely as possible the viewpoint of completely external attacker and Application user.

the threatsys team identified more than 50+ bugs across all the portals i.e BSKY Portal, Hospital Empanelment Portal for both Government Hospitals and Private Hospitals, BSKY Citizen Dashboard for all Odisha People, Grievance Portal for all BSKY Card Holders, BSKYTMS Portal, BSKY Mitra Assistance AI Platform, BSKY Mobile Application, including 15+ critical and 23 high-level vulnerabilities. All projects were delivered and retested within the set deadline, with the development team taking three weeks to fix all the raised security gaps. Threatsys remains committed to ensuring the integrity and confidentiality of the data and applications it works on, helping to safeguard sensitive BSKY Card holders information and online citizen services managed by the Government of Odisha.

Threatsys has successfully completed the cyber security testing and CERT-IN Security audit project with the utmost diligence and professionalism. Threatsys provided Initial Version 1 and Final Version 2 Reports with the appropriate support on time for 10+ Applications, and according to the proper security implementation, which has helped to issue the CERT-In VAPT certificate for all four modules of the Biju Swasthya Kalyan Yojana(BSKY), Odisha Government

All the modules of Department of Health and Family Welfare Departments that is BSKY applications are hosted in the state data centre, ensuring the highest level of security and reliability. The successful completion of the project means that citizens of Odisha can now use the BSKY Portal, Hospital Empanelment Portal for both Government Hospitals and Private Hospitals, BSKY Citizen Dashboard for all Odisha People, Grievance Portal for all BSKY Card Holders, BSKYTMS Portal, BSKY Mitra Assistance AI Platform, BSKY Mobile Application and more. These web and mobile applications are now well-protected against external threats, and the highly sensitive data they process, store, and fetch are done so flawlessly. Threatsys is the Best Cyber Security Service Provider that protects the data of all the BSKY Card Holders Data of Odisha and responsible for their security, integrity and privacy.

As a global player in the telecoms industry, Vodafone’s reputation thrives on their ability to innovate and adapt to market trends. To that end, the Marketing Academy in Vodafone was seeking a relevant, in-depth and effective professional education course to sharpen the digital skills of their workforce.

As Head of Global and Commercial Learning and Development at Vodafone, Mohsin Ghafoor’s task was to raise standards in digital marketing, across the group.

“Our aim was that every marketer at Vodafone reaches what we would describe as a minimum acceptable standard of digital marketing skills, knowledge, and capability, and be able to apply that to their day job and have an impact on our customers.”

But not only does Vodafone have a very large workforce, it is also spread all over the world. Natasha Brookes is a Learning and Development Specialist at Vodafone. For her, it was clear that a digital marketing course needed an online solution.

“Vodafone is a large global organization. In order to reach all of the marketers within the different markets, what better way to do it than having one place where marketers can come and learn? And it will be a consistent learning approach.”

The Digital Marketing Institute realized early on that Vodafone is a company that wants to set the pace, not just keep up with it. They didn’t just want a foundation to their digital marketing, they also wanted to train their staff to be up-to-date and current in their knowledge and skills, so they could anticipate what their customers would want.

“I had the greatest degree of confidence in the Digital Marketing Institute, both in terms of quality of content and their global certification standard, which we could apply across all of our markets,” stated Ghafoor

Fortunately, the Vodafone Marketing Academy had a learning management system, or e-learning system, already set up. Having a learning management system meant that their staff already knew the benefits of learning online. The next step was to find the right partner, to provide the content the company needed.

To get Vodafone started, The Digital Marketing Institute began by carefully picking topics and courses that were most relevant to Vodafone and their staff. They then agreed a global user license that gave Vodafone’s staff access to 15 of the DMI modules. Their staff could choose from modules in both the Professional Diploma in Digital Marketing and from the Specialist Diplomas.

The Digital Marketing Institute team then worked with Vodafone to integrate core modules and content into their e-learning system to make it easy for their global workforce to train together, wherever they were, and whenever it suited. The video-based learning content is now used by Vodafone Marketing Academy staff all over the world.

A launch was also successfully supported by with a range of creative promotions – from e-flyers to newsletters and helped generate awareness and enthusiasm for the courses through internal campaigns. Today, The Digital Marketing Institute continues to work with Vodafone to certify their workforce, and help the company realize their full digital potential.

“I found the relationship to be a really positive one. One that was constructive. It certainly felt to me that what I was saying about Vodafone’s needs and requirements in this space was being listened to,” concluded Mohsin.