12th September 2020, Kathmandu
Recently, Nepal Telecommunications Authority (NTA) issued the Cyber Security Byelaw, 2077 (2020). The objective of this byelaw was to meet cybersecurity standards and show best practices to protect IT infrastructure from various malicious attacks and threats.
Similarly, this document is expected to build trust and confidence of users towards using ICT technology and services of NTA.
On 11th September 2020, the Information Security Response Team Nepal (npCert) and Center For Cyber Security Research and Innovation (CSRI) jointly hosted an open discussion on the topic “Multi Stakeholders Discussion on NTA Cyber Security Byelaw, 2077.
Suresh Bhandari, Program Coordinator and Director at npCERT welcomed panelists and participants with his opening remarks.
The panelists for the discussion were:
- Bijay Kumar Roy – Director at Monitoring Division, NTA
- Shubha Kayastha – Co-founder/Executive Director at Body & Data
- Binay Bohora – MD at Vianet
- Binita Shrestha – Manager at NTC
- Yasmine Bhattarai – Unit Head at Ncell
The panel discussion was moderated by Chiranjibi Adhikari, President of npCERT.
Discussions, Questions, and Way Forward
Bijay Kumar Roy thanked npCERT for taking the initiation of conducting a discussion on the recently issued byelaw since it is important to clear any confusion.
He went on to explain the role of NTA to bridge the gap due to the digital divide in the country.
Vivek Rana, npCERT advisor and keynote speaker for the discussion gave an insight into the byelaw and its importance through a presentation.
One of the takeaways from his presentation was the need to keep IT and security separate. Since IT creates value and cybersecurity protects value, Vivek Rana suggests not merging these terms.
“Defending is attacking in reverse,” he finished his presentation by reflecting on the importance of defense.
Subha Kayastha was the first to raise a question regarding the byelaw. She asked what will govern other service providers if the byelaw is only for licensees.
Picking on a point from the byelaw, she said that anonymizing data is not enough, it can still be used against the person making it a potential threat.
On the other hand, Panelist Binay Bohra feels that the byelaw has become a bit granular. Moreover, he said that It should’ve defined a perimeter and allowed ISPs to carry out its operations based on that.
Compliance requires time
Panelist Binita Shrestha said that NTC will be working to meet these compliances by breaking them down in phases. “However, we will need some time and prerequisites by coordinating with NTA”, she said.
Likewise, Yasmine Bhattarai explained that it took aggressive meetings and discussions with stakeholders to prepare this document. She also agrees that this byelaw needs more time and work to achieve full compliance. She stressed on building a road map by studying the organization structure to comply quickly and effectively.
Panelist Bijay Kumar Roy seemed ecstatic about how fast this byelaw is gaining momentum and support from the service providers. Since he is a leading person behind this byelaw, he said that discussing and debating the points will only help to improve it.
“I urge everyone to try and comply with it so that we can gradually make revisions if needed”, he said.
In case you missed the discussion, follow this link.