Plugging digital holesMitigating cybercrime risks is a shared responsibility that calls for collaboration with the private sector.
The incidents of cybercrimes are rising globally, and Nepal is no exception. The country has faced security breaches on government websites, on and off. The most recent cyber attack was on a Singha Durbar server. Before that, the Department of Passports was attacked in 2017 while 58 government sites were hacked in the same year, putting national security at risk. Further, the devices that people use and the websites they visit not only benefit them but also make them vulnerable to malicious cyber activities like phishing, one-time password fraud, violence, revenge porn, banking thefts and cyberbullying. Cyber attacks and crimes have vastly evolved and Nepal is grossly ill-prepared to deal with them.
The country has the Electronic Transaction Act, 2008 as its cyber law. But due to lack of necessary amendments, it fails to cover the ever-evolving cybercrimes or to add to the security of our online infrastructure. The government had drafted Cybercrime Act-2018, but it is yet to see the light of day. With weak laws on online security, our cyberspace has become a gold mine for innovative, complex attacks and hackers.
Cyberattacks, like the internet, know no boundaries. Recently, cyberspace has also been used for geo-political attacks. The recent kind of distributed denial of service (DDoS) attack on Nepal’s websites has mostly been used in geo-political conflicts, notably in the Russian-Ukraine war. Netscout, a US-based cybersecurity company, reported over 6 million DDoS attacks in the first half of 2022, most of which corresponded with national or regional tensions. DDoS attacks in Finland increased by 258 percent year-on-year in response to its announcement to apply for NATO membership. Even during Nancy Pelosi’s visit to Taiwan last year, the website of the presidential office of Taiwan faced DDoS attacks.
Nepal’s National Information Technology Centre (NITC) reported that no data was compromised in the recent attack but given the gravity of DDoS attacks, experts highlight the necessity of thorough digital forensic examinations. As per the Global Cybersecurity Index which measures the commitments of countries at a global level assessing legal, technical, and organisational measures, and capacity development and cooperation, Nepal moved up to the 94th position in 2020 from 106th in 2018. But the country’s overall score remains low at 44.99 (out of 100 points) among 182 countries indexed. This in turn calls for Nepal to do more to buttress its cybersecurity technologies and invest in robust defence mechanisms.
It is high time Nepal worked on cybercrimes-related prevention, detection and response mechanisms by enacting solid laws. The focus should be on creating opportunities for adept ethical hackers who can keep abreast of current evolutions in cybercrimes and help the government in this regard. It is also vital to raise awareness among internet subscribers in Nepal (36.99 million) on new forms of cybercrimes, to test and monitor online infrastructures regularly, and to update laws. Mitigating cybercrime risks is a shared responsibility that calls for collaboration with the private sector involved in cybersecurity. If we do not start working on these areas immediately, digital transformation will continue to be a chimaera. The country could also find itself at the end of increasingly sophisticated cyber attacks, leading to the leakage of sensitive personal data of millions of Nepalis and compromising national security.