Overview

Subhadra Yojana, launched by Prime Minister Narendra Modi on his birthday i.e. September 17, 2024, is a groundbreaking initiative by the Government of Odisha aimed at empowering over 1 crore women between the ages of 21 to 60. Named after Goddess Subhadra, this scheme provides financial assistance of ₹50,000 over a five-year period to eligible beneficiaries, with funds directly transferred to their bank accounts in bi-annual installments of ₹10,000.

Subhadra scheme is the largest, single women-centric scheme and is expected to cover more than 1 crore women. Under the scheme, all eligible beneficiaries between the age of 21-60 years would receive Rs. 50,000/- over a period of 5 years between 2024-25 to 2028-29

An amount of ₹10,000 per annum in two equal instalments will be credited directly to the bank accounts of the beneficiaries. As many as 76 lakh women have so far registered in the scheme.

During the programme, over ₹1,250 crore was transferred to the bank accounts of more than 25 lakh women beneficiaries under the Subhadra scheme.

Client:
Subhadra Yojana
Department:
Department of Women and Child Development, Govt of Odisha
Industry:
Government, Woman and Child Development
Services:
Cyber Security Testing, VAPT, CERT-in Audit, Mobile Apps Penetration Testing, Web Application Security Audit, API Security Testing, AADHAR UIDAI AUA&KAU Audit
Development Company:
E Square System & Technologies Private Limited

Challenge

The Subhadra Yojana, a flagship initiative of the newly formed BJP government in Odisha, is launched on September 17, 2024, coinciding with Prime Minister Narendra Modi’s birthday. With the BJP coming to power in Odisha after 24 years of BJD rule, the government aimed to roll out this transformative program within the first 100 days of governance. This ambitious timeline posed significant challenges in completing the full cybersecurity assessment, including Aadhar-based verification audits.

The project required the collection of applications through Jana Seba Kendra/Common Service Centres, where all submissions would be verified against government databases and through field enquiries as needed. Beneficiaries were required to complete e-KYC formalities, preferably through face-authentication via the SUBHADRA Mobile Application, using their Aadhaar numbers. They could also opt to pass on the benefits to fellow women in Odisha through the SUBHADRA Portal.

With the complexity of the applications and the Aadhaar-based e-KYC system, ensuring robust security and compliance under these tight deadlines was a monumental task. The integration of the Aadhaar system, involving sensitive biometric data and authentication, added another layer of urgency to the assessment. Despite these challenges, we successfully ensured that the data infrastructure for Subhadra Yojana met the highest standards of security and compliance, enabling the government to empower over 1 crore women across the state.

Solution

To meet the tight deadlines and extensive requirements of securing the Subhadra Yojana project, Threatsys, one of India’s leading cybersecurity firms, deployed a specialized team of experts. The team comprised eight security researchers, a Project and Delivery Manager, and a Chief Auditor for CERT-IN Cyber Security Testing and Audit. Additionally, three dedicated auditors were assigned to ensure UIDAI KUA and AUA Compliance.

Before initiating any security testing, the team thoroughly analyzed the workflow of the four critical modules within the Subhadra Yojana application, ensuring a deep understanding of the system architecture and data flow.

Security testing was conducted on a dedicated staging server to mirror real-world conditions without affecting the live environment. The use of diverse commercial cybersecurity tools, including Burp Suite, IBM App Scan, WhiteHat DAST, Veracode, Acunetix, Netsparker, HCL Appscan, Qualys Web Apps Scanner, OWASP Zap, SAINT, and Tenable, allowed for a comprehensive assessment of vulnerabilities in the web and mobile applications, as well as API security.

Threatsys followed the OWASP, CERT IN, NIST, SANS testing guide and ISECOM’s Open-Source Security Testing Methodology Manual (OSSTMM). This approach simulated potential external attacks as well as actions taken by authenticated users, identifying several critical, high, medium, and low-level bugs. Threatsys team  closely collaborated with the development team to address and patch security issues in the mobile and web applications, as well as at the API level.

For the UIDAI KUA and AUA audit, Threatsys conducted a GAP Assessment, gathering essential evidence in line with the  UIDAI Audit Checklist 3.0. After completing the necessary testing and verifications, comprehensive reports were prepared, detailing findings and ensuring compliance. The Audit Certificate for the Aadhaar compliance was issued after all proper audits, evidence gathering, and documentation were completed.

Following thorough assessments, CERT-IN Certificates were issued to the Department for both the Subhadra Mobile Application and the Web Application, marking the completion of all required cybersecurity audits. These certifications confirm that both platforms are secure and compliant with Indian cybersecurity standards, further reinforcing the integrity of the Subhadra Yojana initiative.

Results

Through a meticulous and well-coordinated approach, Threatsys successfully delivered and Secured Data for 1 Crore Women:

By implementing advanced cybersecurity measures, Threatsys ensured the safe handling of sensitive data for over 1 crore women beneficiaries in Odisha, safeguarding personal information and preventing unauthorized access.

Threatsys successfully completed the UIDAI KUA and AUA Audits, ensuring full compliance with Aadhaar-related security and privacy requirements. The issuance of the Audit Certificate confirmed that all security measures aligned with UIDAI’s stringent guidelines.

Both the Subhadra Mobile Application and Web Application received CERT-IN Certificates, validating that the platforms met national cybersecurity standards and were safe for large-scale use.

Despite the tight deadline set by the newly formed Odisha government, Threatsys completed the full cybersecurity assessment, Aadhar audits, and necessary documentation within the required timeframe, supporting the successful launch of the Subhadra Yojana. The secure integration of Aadhaar-based e-KYC through face-authentication on the Subhadra Mobile Application ensured smooth onboarding for beneficiaries, enhancing user experience while maintaining robust security.

These results not only supported the successful launch of Subhadra Yojana but also set a benchmark for secure implementation of large-scale government initiatives, ensuring both data integrity and compliance with regulatory standards.