June 2, 2020
Centre for Legal Literacy, Advocacy, and Research (CLAR) hosted an online discussion on ‘Cyber Security: Are we protected enough?’ The webinar was successfully conducted today (June 2) on the Zoom video conferencing platform.
This session focused on emerging cyber-related issues in Nepal along with technical and legal aspects of cybersecurity.
The guest speakers, Mr. Babu Ram Aryal and Mr. Chiranjibi Adhikari presented their points on the concept of cybercrime, its mitigating measures, and opportunities for ethical hackers.
Click here to know more about the webinar and the guest speakers.
Discussions from the Webinar
Mr. Chiranjibi Adhikari, Founder President at NPCERT, believes that there are many cyber incidents that we are not aware of. Some hackers or threat actors choose to publicly share the information or data, and that’s how we come to know of an incident. In Nepal’s context, it is also seen that victims hide the fact that they have been hacked.
Reflecting on the roles of a CERT (Computer Emergency Response Team), he said that it handles cybersecurity incidents related to hacks, breaches, etc. He mentioned that a CERT has 4 pillars in international practice. And, NPCERT hasn’t operated as a fully functioning CERT. Also, it will still take time for NPCERT to build up infrastructure since most of the members hold full-time jobs in other companies and only volunteer in NPCERT as a social service.
Likewise, Mr. Adhikari presented his views on the recent cyber incidents and defacing of Nepali sites by Indian hackers. He said that we shouldn’t take it lightly as it may be a spark that starts a wildfire.
Adding to this discussion, Mr. Babu Ram Aryal, CEO at Delta Law Pvt Ltd, schooled the participants on cyber terminologies. “A cyberwar is when one or both parties are a state or, either of them is a state-sponsored party that attacks other country’s resources”, he said. “So, if any private groups or companies from the two countries cause cyberattacks, we can’t call it cyberwar.”
How can situations get better in Cybersecurity in the context of Nepal?
Mr. Adhikari proposes that the government needs to develop a national cybersecurity strategy and Multistakeholder approach. “We often operate outdated devices, applications, and software”, he said. Similarly, he spoke with experience as he mentioned top-level management has a mindset that cyber-related or issues don’t concern them.
Cybersecurity needs to occupy a significantly huge part of the company’s investment. Similarly, a company needs guidelines, frameworks, and policies regarding cybersecurity. Awareness and staff training are also equally necessary. Furthermore, frameworks and systems require certain customization based on compatibility since a system used by a small organization may not suit large-scale requirements.
“The first line of defense is awareness in this domain”, Mr. Adhikari said. “Organizations must secure 4P’s – People, Process, Product, and Partners. Similarly, vendor dependency has also increased cybersecurity risks in the context of Nepal.”
Meanwhile, Mr. Aryal reflected on the lack of data protection standards in Nepal. He said that this is the core reason why we haven’t been able to get any remedy to cyberattacks or data breaches. “Cybercrime has a cross-border jurisdiction as well,” he said. “Thus, cross-border collaboration is important but it is difficult at present.”
Views on Ethical Hackers
Mr. Aryal says hacking is not truly unlawful. If someone hacks without bad intention to help find vulnerabilities and suggest further measures, then it is whitehat hacking. And, it’s completely legal as long as there is no misuse of resources.
Likewise, Mr. Adhikari believes that blackhat hackers can also come in aid for strengthening national security. However, there are certain procedures to it. Ethical hackers should get more exposure from the government and private companies to find vulnerabilities. Moreover, they should be rewarded to find bugs and notify the concerned authorities. These are called bug bounties.
Watch The Full Video: Click Here