3rd September 2020, Kathmandu
Nepal Telecommunications Authority (NTA) has issued Cyber Security ByeLaw 2077, requiring service providers to conduct mandatory security audits.
The new regulations make mobile and internet service providers responsible for cybersecurity. Experts have praised the efforts of NTA to issue the regulations, especially when cyber threats are on an increasing trend.
The ByeLaw provides that service providers must protect customers’ data. Likewise, they should inform the NTA in case of a cyberattack and prevent it.
Moreover, the regulations make it mandatory for service providers to undergo a security audit every 3 months. The service providers have to submit the security audit report to the Telecommunication Authority every six months.
Director of NTA, Min Prasad Aryal says that these regulations help to tackle the increasing cyber threats resulted due to the rise in online usage. “Schools, businesses, and other activities have already shifted online and with the increase in internet usage, we can’t ignore the possibilities of misuse. Therefore, NTA issued this ByeLaw to prevent misuse, criminal, and fraudulent activities,” says Director Aryal.
He further adds that the ByeLaw will assist all the mobile and internet service providers licensed by the NTA to make proper policies, manage the workforce and business plans.
Moreover, the bye-law contains items to be checked in an IS Audit, which the service providers will have to report to the NTA.
The Cyber Security ByeLaw covers General Security Standards and Practice, Data Security and Privacy, Information Systems Audit, Cloud Security, Infrastructure and Network Security, Core Security Systems, Application Security, Incident Response, In-House Security Issues including Capacity Building.
“The primary objective of these regulations is to protect consumers’ privacy in compliance with international standards and practice. Also, we hope that it will strengthen the system architecture preventing any unwanted breach of data,” adds Director Aryal.
Furthermore, he said that action would be taken against the companies that did not implement the new regulations as per the Telecommunications Act.
The new bye-law clearly points towards NTA’s growing concern for security. We hope that these regulations strengthen the situation of cybersecurity in Nepal.
What do you think about the new cybersecurity regulations?
Have your say!