The government’s latest announcements to establish a new cyber unit and dissolve the existing body has drawn criticism from experts in the field.

Finance Minister Prakash Sharan Mahat, while unveiling the government’s annual budget last week, announced that a National Cyber Security Centre would be established to address the needs of the 21st century.

Point number 278 of the national budget for 2023-2024 states that the Centre will be developed as an authorised body for research and development on cyber security, its promotion, and digital forensic research.

Mahat in his budget speech also said that an arrangement will be made to audit the cyber security of the electronic systems of the Government of Nepal.

The government has also announced plans to scrap the National Information Technology Centre, which had been working to secure government data for the past two decades, as part of doing away with 20 unnecessary agencies to cut costs.

The ‘hasty business’ of making and unmaking government entities, instead of implementing right policies and strengthening the existing ones, has come under much criticism.

Experts stressed that instead of adding one more unit without a clear vision, the need is to strengthen units like the cyber bureau of Nepal Police with trained personnel and resources.

Rajib Subba, a former deputy inspector general of Nepal Police who is an information and security expert, said the announcement of opening Nepal Cyber Security Centre is problematic.

“Cyber bureau is responsible for tackling cyber crimes, but the problem is there is no proper law to define such crimes. The need of the hour is an independent entity that can formulate laws and carry out counselling and surveillance works independently,” Subba told the Post.

He said the government should focus on strengthening the cyber bureau with expertise and legal authority.

Also, the finance ministry’s decision to scrap the National Information Technology Centre (NITC) has drawn criticism, as it is allegedly dissolving the authentic government data centre without proper homework.

“Just imagine how much money and manpower was invested to develop the NITC as an institution. Now the government has announced to scrap it, even without giving a notice to the employees,” said cyber security expert Vivek Rana.

Experts’ allegations of a lack of clarity are reflected in the response of the government officials concerned.

The Ministry of Communication and Information Technology under which the new ‘security centre’ is going to be established is itself unaware how the new concept will be implemented and how the proposed centre will work with the cyber bureau, which is a wing of the Nepal Police.

“We are yet to decide on the modality of the National Cyber Security Centre as the finance minister has just unveiled the policies and programmes,” said Netra Prasad Subedi, spokesman for the Ministry of Information and Communication Technology.

Officials at the Bhotahity-based cyber bureau say they are reeling under a shortage of human resources specialising in cybercrimes. The number of cyber-related complaints registered with the bureau is rising while the unit is working with a lean workforce.

“We don’t have adequate trained manpower, and there is a dire need for awareness among the masses,” said Pashupati Kumar Ray, the bureau spokesperson.

He said the bureau is in need of at least 200 technically-trained people to handle the complaints it gets every day.

“Now, the bureau gets 150 cyber-related complaints on average every single day, while just two months ago, it got around 60-70 complaints a day,” said Ray.

According to officials, the number of complaints has increased sharply in the past couple of months after the bureau was entrusted with an additional responsibility of overseeing online banking frauds.

The bureau is formed to handle diverse cyber crimes such as digital identity theft, hacking, cyberstalking, cyberbullying, phishing and other forms of fraud online.

“If you look at our data, the number of cyber crimes has steadily gone up in the span of a month, but we have the same manpower we had three years ago,” said Ray.

Even though the cyber bureau is full of complaints, it has 84 personnel, and only 20 know how to crack the cases. The rest of the staff is engaged in administrative work.

Officials at the bureau say they are struggling to tackle complex cases of cybercrime without the aid of specialised technical analysis as well as certified experts.

“It’s good that the government has included this issue in the new budget plan,” said Nabinda Aryal, senior superintendent of Police, also chief of the bureau.

Officials at the bureau blamed the finance ministry for not taking the issue of cyber crimes seriously and overlooking the bureau’s increasing workload.

When the Post contacted Subedi, spokesperson for the ministry of communication, he had nothing to say about the cyber bureau that he said comes under the Ministry of Home Affairs.

The country faced its biggest cyberattack at the end of January this year, when around 1,500 government websites were shut down in attacks on the central data bank. The shutdown of immigration server even halted international travel.

The bureau’s data for the eight months till last April showed that IT-related financial frauds were the most common cybercrimes. At 955, financial frauds accounted for 20 percent of the total online crimes in the country, followed by 901 cases of revenge porn.

Financial crimes include phishing (attempting to acquire sensitive data such as bank account numbers under a guise), lottery scam including fraudulent offers of work from home and online shopping. Cases of fake profiles on social media come third, with 898 complaints registered. There were 799 complaints of online blackmailing, and 700 cases of online defamation aimed at assassinating the complainants’ character. In the same period, 648 cases of online harassment and 36 cases of online child sexual abuse were filed.

The country has the Electronic Transaction Act, 2008 as its cyber law. But due to lack of necessary amendments, it fails to cover the ever-evolving cyber crimes or to add to the security of a country’s online infrastructure.

“The government has always failed to make realistic cyber security plans even though it’s a growing concern,” said Rana, the cyber security expert.

Although a high-level panel was formed in the first week of March to draft a cyber security policy, it is yet to come into being.

Rana said the government was wrong in trying to execute the plan announced in the annual budget through the National Information Technology Centre, which does not have proper manpower to understand and handle the issue.

“We need proper plans and policies, but the government is focusing only on adding structures. Also, before it makes any policies it does not consult experts, and problems start from there,” Rana added.