Cybersecurity Roadmap Nepal 2025: Chiranjibi Adhikari Presents BFI Framework To NRB Governor Poudel
20th June 2025, Kathmandu
In a landmark move towards fortifying Nepal’s digital economy, a critical cybersecurity roadmap for Financial Institutions (BFIs) has been officially handed over to the newly appointed Governor of Nepal Rastra Bank (NRB), Biswonath Poudel.
Cybersecurity Roadmap Nepal 2025
This comprehensive framework, conceptualized by Chiranjibi Adhikari, a renowned Cybersecurity Policy Expert, Senior Vice President of the Federation of Computer Association Nepal (CAN Federation), and CEO of leading cybersecurity firm One Cover Private Limited, aims to establish a robust defense against escalating cyber threats.
The initiative underscores a concerted effort from key stakeholders in Nepal’s ICT and security landscape. Dr. Shaligram Parajuli, MoCIT ICT Expert and President of the Center for Cybersecurity Research and Innovation (CSRI), along with General Secretary Dr. Bhojraj Ghimire and Secretary Bandana Sharma, emphasized CSRI’s vital role in minimizing cybercrime through dedicated Research and Development (R&D). Similarly, Mr. ChandraBilash Bhurtel, General Secretary of CAN Federation, and Mona Nyachhoyon, Cybersecurity Committee Coordinator, highlighted CAN Federation’s commitment to strengthening cybersecurity nationwide.
Suman Sharma, Vice President of Information Security Response Team Nepal (npCERT) and CEO of Insight Technology, underscored npCERT’s crucial role in the upcoming FinCERT and the collaborative handling of cybersecurity incidents across Nepal. Rojina Dangi, a Board Member of npCERT, stressed the importance of widespread cybersecurity awareness and education campaigns targeting the youth to foster a nationwide shift in perspective.
This ambitious roadmap, aligning with Nepal’s National Cybersecurity Policy 2080, the Electronic Transactions Act 2063 (2008), the Cyber Security Bylaw 2077 (2020), and NRB’s Cyber Resilience Guidelines (2023), serves as a blueprint for a secure and resilient financial ecosystem.
Key Pillars of the Cybersecurity Roadmap:
Robust Governance and Leadership:
The policy mandates the appointment of a Chief Information Security Officer (CISO) in NRB and all BFIs, establishing clear lines of accountability. A Board-Level IT Risk Committee will oversee cybersecurity strategy, while a high-level Cybersecurity Committee, chaired by the NRB Governor or Deputy Governor, will guide policy implementation. This multi-layered governance structure ensures that cybersecurity is a top-down priority, with clear roles and responsibilities for all stakeholders, from CISOs enforcing policies to employees adhering to protocols. The policy will undergo annual reviews or post-incident updates to remain agile against evolving threats.
Establishment of FinCERT-Nepal: A Unified Front
A cornerstone of this roadmap is the creation of FinCERT-Nepal (Financial Sector Computer Emergency Response Team). Operating under NRB’s oversight and in collaboration with CAN Federation and CSRI Nepal, FinCERT-Nepal will be instrumental in:
• Coordinating cyber incident response across all BFIs.
• Conducting proactive risk assessments.
• Facilitating critical threat intelligence sharing among financial institutions. FinCERT-Nepal will also work closely with the Nepal Police Cyber Bureau and npCERT for comprehensive national-level incident management, creating a truly unified defense.
Seamless Integration with npCERT
All BFIs will be mandated to integrate with npCERT, ensuring real-time threat alerts, coordinated incident response, and robust cyber intelligence collaboration. NRB will establish secure communication channels for seamless information exchange, bolstering sectoral resilience.
Strategic Partnership with CSRI & CAN Federation: Driving R&D and Capacity Building
Mandatory collaboration with the Center for Cybersecurity Research and Innovation Nepal (CSRI Nepal) and CAN Federation is a critical component. This partnership will fuel:
• Research: Focused studies on financial sector-specific cyber threats.
• Training: Specialized programs for BFI staff, enhancing their defensive capabilities.
• Simulation Exercises: Realistic cyberattack simulations to rigorously test and improve resilience. NRB’s commitment to funding joint initiatives with CSRI will significantly strengthen Nepal’s national cyber defense capabilities through innovation.
Proactive Risk Management and Strong Controls
The roadmap emphasizes ongoing risk assessments, conducted quarterly, to identify vulnerabilities in core banking systems, payment platforms, and customer data. A zero-trust security model, multi-factor authentication (MFA) for critical systems, least privilege access, and regular auditing of user logs are mandated. Data encryption (AES-256 or equivalent), Data Loss Prevention (DLP) tools, and compliance with the Individual Privacy Act 2018 are prioritized. Network segmentation, regular vulnerability assessments, penetration testing, and mandatory antivirus/EDR solutions will further harden defenses.
Enhanced Digital Payment Security
Recognizing the growing reliance on digital transactions, the policy outlines stringent security guidelines for mobile banking, internet banking, and digital wallets. This includes MFA, robust encryption, and DDoS protection, with regular vulnerability testing of all digital platforms.
Comprehensive Incident Detection and Response
A 24/7 Security Operations Center (SOC) for NRB and BFIs, coupled with SIEM and EDR tools, will ensure real-time anomaly detection. BFIs must maintain comprehensive Cybersecurity Incident Response Plans (CIRPs) covering identification, containment, eradication, recovery, and communication. Critical incidents must be reported to NRB within 24 hours, with detailed follow-up reports. Secure, off-site backups and robust business continuity/disaster recovery plans are also mandatory.
Third-Party and Cloud Security Compliance
Due diligence, periodic security audits, and adherence to ISO 27001 or equivalent standards are mandated for all third-party vendors and cloud service providers.
Capacity Building and Awareness: A Nation-Wide Imperative
Annual mandatory cybersecurity training for NRB and BFI staff, public awareness campaigns with Nepal Telecommunications Authority (NTA), and industry collaborations for simulations are central to fostering a cybersecurity-aware culture across the nation.
Cybersecurity Scholarship Fund & Innovation Promotion
A significant step is the mandate for BFIs to allocate funds for cybersecurity scholarships at Nepali universities, overseen by NRB. This initiative, coupled with encouragement for industry-academic collaboration with CSRI and universities for research in areas like fraud detection, blockchain security, AI-based threat analysis, and digital forensics, will cultivate a skilled workforce and drive innovation.
Periodic Audits and Compliance Monitoring:
Regular internal and external audits, quarterly compliance reports from BFIs to NRB, and strict penalties for non-compliance, including fines or license suspension, ensure rigorous enforcement.
Compliance and Enforcement:
The policy firmly aligns with existing national laws and international standards, emphasizing corrective actions and license suspension for repeated non-compliance posing systemic risks.
Delivering a Secure Digital Future:
The roadmap outlines clear deliverables:
• Immediate: Appointment of CISOs, establishment of IT Risk Committees, and launch of FinCERT-Nepal.
• Short-term: Completion of initial risk assessments, npCERT integration, and SIEM/EDR tool deployment.
• Mid-term: Establishment of SOC, finalization of CIRPs, and initiation of CSRI partnerships.
• Long-term: Launch of the scholarship fund and initial compliance audits.
• Ongoing: Continuous monitoring, review, and updates to the policy to adapt to the dynamic threat landscape.
This comprehensive cybersecurity roadmap, driven by the foresight of experts like Chiranjibi Adhikari and the collaborative spirit of organizations like CAN Federation, CSRI, and npCERT, marks a pivotal moment for Nepal’s financial sector. It lays a strong foundation for a secure, resilient, and trusted digital economy, safeguarding the financial well-being of the nation.
For more:- Cybersecurity Roadmap Nepal 2025
