Cyber Security Nepal
In Nepal citizens frequently hear about news and reports of cyber security breaches been broadcasted in the past by the Medias and Police department. For the country like Nepal, it is important to know that the information regarding issues and concerns on the existing cyber security policies in understanding the inability to ensure minimal risks of cyber security breach in Nepal, as reflected in the country’s sensitive risk of cybercrimes on the rise, despite their high concern for security and privacy.
In Nepal, public, private, and nonprofit entities are all in the process of introducing Information and Communication Technology (ICT - introduced in 2008) to improve their computing performance in effective service deliveries. The e-policy in Nepal targets the use of ICTs in program and services delivery as well as the use of information infrastructures to improve overall internal administrative processes and procedures. To support the e- policy initiative, several legal instruments have been crafted and the necessary
institutional mechanism has been created. However, the issue of digital divide at both the individual and institutional levels is obvious in Nepal. Still, even with these issues, Nepal is, in general, optimistic about the role that ICTs can play in overall economic improvement and poverty alleviation.
Covid 19 pandemic dramatically increased the dependence of economies, the society on digital technology and also increased the vulnerability. The roles of government should cover drawing out strategy covering the lessons from this pandemic, identify steps to prepare to better future including global response to cyber-attacks.
Covid Pandemic and Cyber Pandemic
Covid 19 pandemic has shaken our economies and societies to the core and it had shown us how vulnerable we all are to biological the threats. In the digital world similar risks are being overlooked right now. A cyber-attack with covid like characteristics would spread faster and further than any biological virus. Its reproductive rate would be around ten times greater than we have experienced with the corona virus. One of the fastest worms in history the 2003 Shammer worm doubled in size approximately every 8.5 seconds infecting about 75, 000 devices in ten minutes and almost 11 million in 24 hours fortunately at least cyber-attacks have not impacted our health. The pandemics have done economic damages and therefore the impact they have on our daily lives have been equal and sometimes even greater. The only way to stop the exponential propagation of the covid like cyber threats is to fully disconnect the millions of vulnerable devices from one another and from the internet. All of this in a matter of days a single day without the internet would cost our economic more than 50 billion US dollar and that is before considering the economic and societal damages. Should these devices be linked to essential services such as transport or health care?. As the digital realm is increasingly moves with our physical world the ripple effect is of cyber-attacks of on our safety just keep on expanding at a faster pace than what we are preparing for. Ccovid 19 was known as an anticipated risk so is the digital equivalent.
Covid 19 pandemic has accelerated digitalization. Technology has done wonders to keep us connected. Additionally during the lock down period the digital space is an enabler for all sorts of activities for example remote working e- commerce is becoming a new way of life. All of these have increased our reliance on digital infrastructures at an unprecedented scale and it also expanded our view on what essential services should consists of. super market delivery or food delivery services as essential services until we had a lock down. The digital domain and cyber space have become the life blood of our economic and social lives. The technology services have also increased exponentially. Our policies therefore have to change in order to keep in tandem with these developments. The pandemic is an issue in the physical world. Cyber pandemic is a crisis in the digital world. I see some similarities in these two of the type of pandemics. First in both situation there is a need for collective responsibilities in dealing with cyber threats. Different segments of the communities need to work together to engender and environment of security and trust in the digital domain. For instance, governments can have national strategies and initiatives to increase the broad level of cyber hygiene to internet users.
Singapore has legal authority to investigate cyber threat and to ensure that essential services are not disrupted in the event of cyber-attack. Singapore also launched safer cyber space master plan with the aim of protecting critical infrastructure and provide some basic level of cyber security for the whole of society. Beyond government doing the role also included the industry partners as well as enterprises and individual end users.
Government should encourage industry partners to prioritize the customer interest to secure by design practices in provision of digital products and services.
Enterprise and end users also need to have basic awareness of the types of cyber risks and the measure they need to take better protections. It is not just the technical issue. End user awareness is also essential Second hyper connectivity in digital principle also pose challenges to dealing with cyber public health pandemic respectively. This requires close cooperation between various stakeholders to deal with the pandemics.
In the case of cyber the level of the interdependence between organizations through the supply chain in the compromise of a single supplier would generate ripple effects. Even organization can be vulnerable to check unbound third-party vendors.
Given the challenges of hyper connectivity we need to work together and need a cross boundary international too. Threat in the cyber and public health rapidly evolving so responses have to be agile in the changing of threat. We hear about new variant in Covid. Similarly, in cyber, that is the changing nature evolving sophisticated and threat
We need to have mind set shift to engender from compliance to risk assessments. If we just have rigid compliance mindset it won’t work. First don’t trust anybody in the network without verification. Secondly, we need to monitor for suspicious activities. Cyber pandemic requires collective responsibilities Close cooperation is required between stakeholders and forward-looking mind sets.
International consortium
Consortium of India, USA, Japan and Australia under the banner Cortech network in Australia are focusing around several countries. They are working across all those on sensitive technology and have collaboration among several researchers and Think Tanks. They arms link conversation with government on sensitive issues on role of cyber security in critical technology. They are also working on common language on critical technology means something very rapidly evolving bringing important and role of cyber security critical technology as an enabler not just ensuring trust, assure availability in all these technologies focusing on important aspect of contact. Similarly, such collaborations are evolving and communities should analyze benefits expecting from such collaboration. Building different kinds of collaborations on cyber security system is also important. All of these will be sharing sensitive information among new technology. They should provide strategic advantage not just economic advantage It is hard to trust information circulating. People should analyze how information are being shared and find out who are sharing. Government and private sector and Public Private Partnership (PPP) is not enough and need broader collaboration with involvement of Think Tanks specifically for identified business world. It is important from collaborating point of view for the need of trusted market. This is not reviewing and upgrading the legacy system. It is also about how we deal with complexity of today on emerging critical technology to secure human’s involvement. Issue on no trust technology is increasing commonly discussed in the world
It should not be limited to policies only, how we implement norms of business against norms of policy making which will help us understand trusted market. How we use not only supply chain way but value chain way too encouraging better collaboration. Global citizens are living in cyber pandemic crisis. We don’t feel the same kind of pandemic in past 200 years around health-related pandemic attack. Massive attacks are happening in past 12 months across the world massively targeting on small and micro businesses including customer businesses.
Cyber pandemic is not like biological pandemic. Massive attacks happen from multiple sources. Attacks are from commercial, criminal and government trying to poke into our infrastructures. Dealing with biological pandemic, we have human, health systems infrastructure. For other types of threat, we have police defense forces. In cyber we have computer defending another computer. We do not have time; we do not have people to deal with for real time response. In cyber pandemic, the speed is such that human can’t react with it. Building right infrastructure, the system can adapt in real time. We call it fifth generation of attack. Very sophisticated polymorphic are emerging which are very hard to detect. In Corona every attack is new mutation. World still does not have the infrastructure to protect itself in real time. In case of Cyber pandemic, we need infrastructure for entire world for all attacks by inventing so that technology can respond to attack.
ASEAN manage to get some nations together. Cyber is key enabler of digital future. For Info sharing mechanism countries are coming together recognizing common threat. The Nepalese, as members of the Asian community, regard privacy with high importance; thus, more sophisticated security policies are expected. Security, as an important aspect of upholding privacy, is an important aspect that cyber users consider when performing online tasks
Informatic Pandemic
Informatic pandemic covers fake news, misinformation, synthetic data etc, How can government, private sector and communities collaborate to respond to these multiple challenges today we are confronting with. In USA 75% people are working online in insecure platforms from home whereas people are going back to work in physical spaces in Asian countries. Small businesses are not adequately prepared. Seniors are most vulnerable being exposed to fake news online scams. In 2021 cyber pandemic supply chain gap of talents is huge as per the report from information researchers. Worldwide majority work forces at higher hierarchy structure have aging workers who lack adequate IT skills on insecure cyber pandemic platform. There is a huge gap in availability of talent work force worldwide specially in under developed countries like Nepal. There is lot of vulnerabilities also due to lack of training on how to use IT in secure way. There are seniors and older populations using same IT system and are also vulnerable.
Lessons from last twelve months: we did badly. We did not work together; we could not get government to move on time. We could not share information. We could not collaborate and share resources.
.
Nepalese context
Security has been proven to be an important factor considered by computer and Internet users worldwide. Many cyber users are raising concern regarding cyber security. What trust means in digital world we trust the way being developed undermine citizen trust. Build faster infrastructure. Good collaboration needed with counties, Competitors, companies, economic forums, cyber. The world moved to internet during Covid pandemic crisis and internet survived.
The Nepal police department is working with the outdated Cyber Law Act of 2006/2007. Since the legislation (Electronic Media Act) was passed in 2006/2007, there has been no cyber law reform, which is crucial for staying up-to-date on information regarding changing technology. Laws on cyber-matter should be updated frequently and regularly.
According to the Central Investigation Bureau (CIB) Department, the government punishes individuals who commit cybercrimes, with consequences based on the level of the crime committed. The Cyber Law Act of 2006/2007 declared hacking, stealing data, pirating software, and posting defamatory information online as being criminal and civil offences. Under this law, the government can punish cyber-offenders with up to five years of imprisonment and/or a fine of up to $1,000 depending on the severity. According to CIB, the agency keeps systematic records of the reported crimes. Additionally, the existing Cyber Act of 2006/2007 should be reconsidered for reform.
A computer emergency response team (CERT) is an expert group that handles computer security incidents. The key stakeholders are Director General - Department of Information Technology, Office of Prime Minister and Council of Ministries, Ministry of Home Affairs , Ministry of Communication and Information Technology, Ministry of Law Justice and Parliamentary Affairs, Nepal Rastra Bank, Nepal Telecommunication Authority, Nepal Army, Nepal Police, Central Investigation Bureau, Office of Controller of Certification, Department of Information Technology, T, R&D Section -Department of Information Technology, T, R&D Section. Functions: This consortium should also include groups from professionals from THINK TANK groups from local and international institutions. This consortium handles cyber security threats like hacking and phishing, helps to identify and respond to cyber risks and limit their impact on operations and It also collaborates with security operations center teams to establish detection rules and coordinate responses.
This consortium publishes security alerts, performs Information security Audits and Assurance, conducts Cyber Security Awareness and Training, Analyses Forensic investigation of cyber incidents. response to cyber security incidents and coordinates with global and local agencies towards Cyber crime
The CERT proposed in Nepal by Department of Information Technology, Training, Research and Development Section as ITERT to provide the following 24x7 services:
The Department of Information Technology (DoIT), Training, Research and Development Section have recently formed CERT Committee under the supervision of Director General of DoIT for the design and implementation of Nepalese CERT.
The above CERT Committee are responsible for the addressing the legal mandates in upcoming IT Umbrella ACT of Nepal, and also responsible for identification of IT Infrastructure, Hardware and Software as well as the Security tools for the NPCERT.
Think tanks, academia and researchers
Content info pandemic side propelled the pandemic significantly. Covid misinformation, triggered. There is new breed of career technologists coming out and open-source researchers There are major social media and cyber companies working on cyber hygiene of internet challenging on critical infrastructures. Academia of Nepal should upgrade the curriculum in the universities accordingly
Think tanks, academia and researchers should be regularly asking following to government and private sectors following questions: What are the mitigation strategies for disasters like flood, Landslides, Earthquake, Biological pandemic, Cypher pandemic and Info pandemic in Nepal under federal government functioning structure.? Can concerned agencies from these sectors function efficiently and effectively in integrated manner sharing resources including digital institutional memories for optimization of operation costs? What is the kind of policies do you think we will require for the future and will policies keep pace with evolution of technology or will be late catchup? What is cyber pandemic from your perspective for you how similar is it to viral pandemic and how different is to which we experienced last year and importantly? What could we do about it. If it was last year response to the pandemic how did that change your work and you’re thinking in protecting especially critical infrastructure?