As hackers get better of government sites, officials say full safety infeasibleThe website of Tribhuvan International Airport was compromised on Friday by a hacker who claimed to be operating from Indonesia.
The website of Tribhuvan International Airport was compromised on Friday by a hacker who claimed to be operating from Indonesia.
The site belonging to the country’s only international airport remained out of commission for more than two-days before it was restored on Sunday noon.
The hacker had used social networking platforms to announce the breach in the website.
“Tribhuvan International Airport Hacked!” read a status that also had a weblink to the airport attached through an account named Typical Idiot Security at 1:32 PM.
The account of Public Service Commission was also reportedly hacked last week.
These incidents of cyber attack have raised the question of security of government websites that were upgraded after 58 government-run websites were hacked in July 2017.
The incident had prompted the government to form a three-member panel to make necessary recommendations to prevent cyber breach.
But the latest attacks on government websites suggest that the panel did not do enough to safeguard the websites of government agencies.
Laxmi Prasad Yadav, the director general at the Department of Information and Technology, does not agree.
“It is not that we have not done anything to safeguard the digital presence of the government. The challenge in the field of information and technology, however, is so severe that one cannot guarantee 100 percent safety,” he told the Post.
Following the 2017 cyber attacks, a circular was issued to all government agencies to get their safety audits done from the department and all government websites were brought under the Government Integrated Data Centre to safeguard the data possessed by these websites.
Though Yadav claimed that the incident of hacking has gone down with the government taking necessary steps to ensure cyber security, an official at the department claimed that not all government agencies have complied with its circular.
“There are certain agencies whose digital presence are regularly monitored and some others who do not feel necessary to comply with the circular,” the official said, adding that only a handful government-run websites undergo safety and security audits in three different phases - before implementation, after implementation and during implementation.
Cyber security expert Rajan Raj Panta says the government should make safety audit of websites mandatory and issue audit reports on a periodic basis.
“Like financial audit, security audit of websites too needs to be considered seriously. The government should make necessary arrangements to look at server side threat, security status of web content as well as the hosting agency,” he said.
Panta added that the challenges in the IT field are changing, which is why there needs to be analysis of hacking trend and update it constantly.