Your search keywords:

Safeguarding cyberspace: Nepal’s journey in addressing cybersecurity challenges

Safeguarding cyberspace: Nepal’s journey in addressing cybersecurity challenges

In the age of Information and Communication Technology (ICT), the world has witnessed remarkable advancements, offering opportunities and conveniences to individuals, businesses, and governments alike. However, with these technological leaps, the specter of cybercrimes and threats looms large, necessitating the formulation and enforcement of robust cybersecurity laws. In the absence of traditional policies addressing the vast realm of cyberspace, criminals have exploited ICT advancements, demanding international collaboration to combat the borderless nature of cybercrime.

Law, often described as a system of rules with binding legal force, plays a pivotal role in maintaining societal peace and order. In the context of cyberspace, it gives rise to what is commonly referred to as Cyber Law or the Law of the Internet. This evolving field within international law aims to address a myriad of illegal activities in cyberspace, including cyber-bullying, piracy, hacking, and more.

Nepal, recognizing the importance of safeguarding its cyberspace, has put in place a comprehensive legal framework. The Constitution of Nepal, adopted in 2015, guarantees fundamental rights related to cyber activities, including the Right to Information, Right to Communication, and Right to Privacy. The Electronic Transactions Act (ETA) of 2063, Nepal’s first cyber law, legalizes electronic communication and transactions, covering electronic records, digital signatures, computer networks, and offenses related to cybercrimes.

In the realm of cybersecurity, Nepal has embraced various legal instruments, acts, policies, and guidelines to govern cyber activities. These include the Online Child Safety Guidelines issued by the National Telecommunication Authority (NTA) to prevent child abuse through ICT, and the Copyright Act of 2059, which protects copyright, including computer programs. The Individual Privacy Act of 2018 safeguards the right to privacy in Nepal, prohibiting the transfer of personal data without the owner’s consent.

Nepal has also been proactive in addressing the challenges posed by the rapid growth of technology. The Information Technology Bill of 2075, currently in the finalization process, aims to replace the Electronic Transactions Act as the primary law for cyberspace. However, concerns have been raised about potential limitations on freedom of expression, violation of data privacy, and increased surveillance.

To bolster cybersecurity, Nepal introduced the Cyber Security Byelaw in 2077, framed by the NTA under the Telecommunications Act. This byelaw aims to implement cybersecurity standards, protecting ICT infrastructure and information systems from malicious attacks. It mandates regular security audits for Telecommunication and Internet Service Providers, promoting a robust cybersecurity ecosystem.

The National Security Policy of 2075, issued by the Ministry of Defense, recognizes the misuse of science, technology, and modern equipment as factors influencing national security. It identifies the abuse of modern technology in crimes as challenges and threats related to law and order. In line with the Digital Nepal vision, the National Information and Communication Technology Policy of 2015 addresses cybersecurity and law issues, proposing the establishment of an IT Tribunal system, a Computer Emergency Response Team (CERT), and a cyber-security cell.

The National Cybersecurity Policy of 2016, drafted by the Ministry of Information and Communications Technology, aims to govern and address global challenges in cyberspace. It proposes the establishment of the National Cyber Security Strategy Working Group and the National CERT of Nepal, responsible for providing cybersecurity services to various entities, including the government, law enforcement agencies, businesses, and the public.

Institutional mechanisms in Nepal play a crucial role in enforcing and implementing cybersecurity measures. The Office of the Controller of Certifying Authority, established in 2007, licenses Certifying Authorities (CAs) under the Electronic Transactions Act, creating a secure environment for internet, email, and online transactions. The National Information Technology Center (NITC), established in 2001, serves as a data bank, assists in computerizing governmental records, and implements e-services.

The Cyber Bureau Nepal, a part of the Nepali Police, is tasked with investigating cybercrimes, coordinating and cooperating on cybersecurity, preparing police manpower for cybercrimes, and exchanging information nationally and internationally. Accessibility for reporting cybercrime complaints is enhanced through email communication at [email protected].

Collaboration with non-governmental organizations and industry associations is essential for a holistic approach to cybersecurity. The Internet Service Providers' Association of Nepal (ISPAN), established in 1998, works closely with the NTA, Nepal Telecom, and the Ministry of Information and Communications to address issues affecting ISP projects. The Information Security Response Team Nepal (NPCERT), established in 2016, acts as the nation’s flagship cyber defense, incident response, and operational integration center.

Non-profit organizations like the Internet Society Nepal (ISOC, Nepal) and initiatives like the Cyber Security Research and Innovation (CSRI) contribute significantly to raising awareness and fostering innovation in cybersecurity. ISOC, Nepal focuses on the concept of a ‘safe internet for all’, following international standards and addressing relevant topics. CSRI, established as part of the cybersecurity domain Research Program, plays a crucial role in delivering impactful industry-focused cybersecurity analysis findings and innovative solutions.

Challenges

Limited awareness and education

One of the significant hurdles Nepal faces is the limited awareness and education regarding cybersecurity. Many individuals and businesses are unaware of potential threats and lack the knowledge to protect themselves effectively. This knowledge gap creates a breeding ground for cybercriminals to exploit vulnerabilities.

Inadequate infrastructure

The country is grappling with inadequate technological infrastructure, hindering the implementation of robust cybersecurity measures. Insufficient internet penetration and outdated systems make it challenging to establish a secure digital environment. 

Lack of regulatory framework

Nepal’s regulatory framework for cybersecurity is still evolving. The absence of comprehensive and up-to-date laws and regulations leaves gaps that cybercriminals can exploit. A clear and enforceable legal framework is essential to deter cybercrimes and provide a basis for prosecution.

Insufficient collaboration

Cyber threats are borderless, and effective cybersecurity requires collaboration across sectors and borders. In Nepal, there is a need for improved collaboration between government agencies, private businesses, and international organizations. Siloed efforts hinder the ability to share threat intelligence and respond promptly to emerging cyber threats.

Shortage of skilled professionals

The shortage of skilled cybersecurity professionals is a global challenge, and Nepal is no exception. The demand for experts

in this field far exceeds the supply. This scarcity hampers the country's ability to develop and implement advanced cybersecurity strategies.

Suggestions

Educational initiatives

To address the awareness and education gap, Nepal should invest in comprehensive educational initiatives. These could include cybersecurity awareness campaigns, training programs for individuals and businesses, and the integration of cybersecurity education into the formal curriculum at all levels.

Infrastructure development

Prioritizing the development of technological infrastructure is crucial. Nepal should invest in upgrading its internet connectivity, supporting the adoption of secure communication protocols, and encouraging businesses to invest in modern and secure IT systems.

Strengthening regulatory framework

The government should expedite the development and implementation of a robust regulatory framework for cybersecurity. This includes legislation that defines cybercrimes, prescribes penalties, and establishes mechanisms for reporting and responding to incidents. Regular updates to the legal framework are essential to keep pace with evolving cyber threats.

Enhanced collaboration

Nepal should foster collaboration between government agencies, private sector entities, and international partners. Establishing a national cybersecurity coordination center can facilitate information sharing, incident response, and joint efforts to combat cyber threats. Cross-border collaboration is equally vital to address threats that transcend national boundaries.

Investment in skill development

Initiatives to bridge the skills gap should be a priority. The government, in collaboration with private sector partners, can establish training programs, cybersecurity academies, and scholarship opportunities to encourage individuals to pursue careers in cybersecurity. 

 

The author is pursuing BA LLB at Kathmandu School of Law

Comments