4th, June 2020
Information Security Response Team Nepal (npCert) in association with the Center For Cyber Security Research and Innovation (CSRI) hosted an open discussion on “Role of Ethical Hackers For National Security“. Participants in the Role of Ethical Hackers For National Security included the likes of Joint Secretary of Ministry of Communication & IT, DIG at Nepal Police Dr. Rajib Subba, CEO at Baburam Aryal, Information Security Officer at Siddhartha Bank Limited Saroj Kafle, Founder Board Member at Information Security Response Team Nepal (npCert) Dr. Dilli Prasad Sharma, Deputy Director at Nepal Telecommunications Authority (Vice President at Center For Cyber Security Research and Innovation) Roja Kiran Basukala and IT Assitant Director at Nepal Information Technology Center Ramesh Pokharel.
Cybersecurity Experts suggested some points addressing the recent hacks and defacing of Nepali government websites by Indian hackers. Some Nepali hacker(s) also tried to hack Indian websites in response. This started after Nepal unveiled a new political map and Indian hackers began to protest by defacing Nepali websites.
Moreover, Nepal has faced a lot of cyberattacks in the past including ATM hacks, and data breaches of Foodmandu, Vianet. It was also found that Indians used the photos of Nepali celebrities as obscene material using deep fakes.
In the Role of Ethical Hackers For National Security, speakers reflected on Nepal’s preparedness in the Cyber Defense domain and the way forward. Experts suggested that cyber defense preparation for the country should progress with the cooperation of all parties. This is achievable by strengthening the security system of websites, web applications, systems, and banking systems.
Discussions from ‘Nepal’s preparedness in Cyber Defense’
Anil Kumar Dutta, Joint Secretary at the MoCIT, said the government has given priority to cybersecurity in this year’s budget. Dutta said that the ministry would coordinate towards developing a cyber-infrastructure and setting up a security center along with a forensic lab.
Dutta also said that he would move ahead with the implementation by arranging various CERTS in coordination with security experts and government agencies. Furthermore, he admitted to the lack of preparation for cybersecurity and defense in Nepal. However, he said that they will now move forward with the necessary cooperation and coordination.
Similarly, Mr. Ramesh Pokharel, Assistant Director at National Information Technology Center (NITC) gave his input on Nepal’s readiness for cyber defense.
Suggestions to Prepare for Cyber Defense in Nepal
Several participants with backgrounds in Cybersecurity, pentester engineers, ethical hackers, experts, professionals presented their views and suggestions. To be clear, cyber defense is not the same as cybersecurity. Cybersecurity is related to the state of being free from threats or cyberattacks while cyber defense refers to the state of defending from or resisting attacks. Here we present some crucial suggestions from the discussion.
The government should invest in cybersecurity by expanding the necessary infrastructure, labs, security centers, and forensic labs. Similarly, collaboration among experts is necessary to prepare thousands of skilled manpower every year. The government should prioritize related courses in colleges and universities for this purpose.
The formation and management of CERTS or cybersecurity response team in different areas under the supervision of a high-level committee should be a priority. At the same time, an effective implementation should be emphasized by introducing necessary policies, rules, and guidelines. The nation needs to be ready with task forces keeping in view the possibility of a cyberwar.
The government should motivate the experts and contributors in cybersecurity by rewarding them. In contrast, it should bring threat actors to justice using appropriate laws and penalties.
Audit of government websites, web applications, and systems of financial institutions is a must. To move forward with the Digital Nepal Framework, a tripartite balance of security, data privacy, and innovation is necessary.
In the discussion, digital literacy is something that came in the limelight. Experts suggested that digital literacy should be run as a campaign to make users more aware and conscious. Likewise, the government should move forward as cybersecurity governance.