Cyber security risks on the rise

The online system at Tribhuvan International Airport malfunctioned on Monday afternoon, causing disruptions to international flights for about an hour and a half. This is not the first time such an incident has occurred, as the airport experienced a similar problem on January 28, when flights were halted for more than five hours. On that day, many government websites also went offline. It remains unclear who was responsible for this and with what motive. In April 2018, more than 60 government websites, including the Ministry of Home Affairs and Public Service Commission, were hacked, with the hacker claiming responsibility on social media. These incidents of cyber attacks highlight the weaknesses in our cyber security. Recently, Communication and Information Technology Minister Rekha Sharma commented in a program that "the key is not with the government." It appears that the government is not taking the issue of cyber security seriously. There is currently no strong legal framework or regulatory body in place to address these threats, and the system of keeping data backups in government offices is proving to be ineffective. Furthermore, the trend of unauthorized access to government websites is increasing, and while data may not always be stolen, it still exposes our system to potential risks.

Experts have warned that as long as our data is stored with foreign vendors, there is a risk of data insecurity, theft, and potential sharing of information with foreign agencies. It is crucial to take caution to ensure our data is not misused, as one expert emphasized.

Despite the concerns, information technology expert Suresh Karna believes that government agencies are not giving enough attention to cyber security. Karna highlighted that discussions have taken place, but responsible bodies and individuals have not taken enough action to address the issue. Instead of blaming others, Karna suggested that the focus should be on making our system more robust. Foreign attacks on government websites have occurred periodically, and it is becoming increasingly clear that even if data theft does not occur immediately after an attack, the risk remains high. According to Dipesh Bista, CEO of the e-Governance Commission, attacks can also be done for "testing" purposes or to express dissatisfaction with the government or organization. It is essential to take proactive steps to address these threats and safeguard our data. Experts have pointed out that there may be issues with servers, backups, and management in government agencies that could contribute to cyber security risks. However, Bista argues that some agencies may label such incidents as attacks to hide their weaknesses. He believes that a robust system can help avoid such risks. Karna noted that neglecting security due to cost considerations is a dangerous approach. He emphasized the importance of giving equal attention to both software and hardware security. Furthermore, it is crucial to secure the computers to which users connect to government websites. Karna advised users to be careful and avoid creating any weak points that attackers can exploit. "Computer users connected to the server should be vigilant and avoid opening anything they please," he said. Karna also warned that clicking on unsafe links can activate a code that compromises the computer and the system. He emphasized the need for better regulation of important government websites and noted that the challenges in cyber security are increasing. It is crucial to address these issues promptly to safeguard our data and systems. Madhav Bhattarai, former vice-chairman of the High-Level Commission on Information Technology, believes that the entire cyber security policy needs to be reviewed. He emphasized the need for special measures to ensure the safety of government websites and data. Bhattarai noted that no matter how hard one tries, security remains a challenge, and we must be careful. Despite various ministries focusing on information technology, integration issues have led to problems. Bhattarai called for national security standards and strict monitoring of government agency practices to enhance cyber security. Experts agree that a monitoring mechanism is necessary as the current structure is inadequate to provide cyber security. Bhattarai warned that failing to take action would only increase the risk. He emphasized the need for a concerted effort to improve IT equipment systems and security, with coordination between government agencies and the private sector to provide effective services. Binod Dhakal, former President of Computer Association Nepal Federation (CAN Federation), believes that the lack of infrastructure is a major challenge in addressing cyber threats in Nepal. Although the government has allocated a budget for information technology and security, Dhakal argues that the weak spending and utilization practices of government agencies have made the government website vulnerable to attacks. "The banking system is strong, but government websites are running into problems more frequently," Dhakal said. According to Karna, the absence of a monitoring body is another issue. He suggests that a body should be established to watch, monitor, and respond to cyber threats. "If this happens, the risk can be avoided," he added. Ramesh Pokharel, assistant director at the National Information Technology Center, points out that the January 28 attack could have been prevented by using security devices. While small attacks are happening from time to time, Pokharel believes that security should always be a priority in building websites and apps. "We should always be prepared because attacks can happen anytime," he said. Sanjay Pudasaini, an assistant professor at Kathmandu University, believes that although security cannot be 100 percent, it should be accessible. "Prioritizing traditional security measures isn't going to help. We need to have updated measures," Pudasaini said, adding that risks have increased due to carelessness and negligence. He also highlighted the failure of Nepal to implement the digital Nepal framework and the lack of a national policy on cyber security. Although measures for handling cyber attacks have been put in place, the implementation has been ineffective. Pudasaini argues that there should be a policy to update laws related to cyber security every two years. Pudasaini stressed the need for regular security assessments by both government and corporate entities. He also suggested the implementation of proactive laws and increasing awareness to protect data.