Securing Nepal’s digital future

Information technology has become one of the most rapidly developing fields, and every business organization, nation, and many other institutions are shifting toward digitalization. It has become a blessing for all, transforming the traditional approaches to business, bureaucracy and working culture into digital formats. There was a time when sensitive and confidential government information was kept in books and on paper, but now, from the central to the local level, government organizations are increasingly digitized. The government’s responsibility is to protect confidential and sensitive data, as well as important infrastructure, from cyberthreats.

Cybersecurity and cyber diplomacy have become major topics of discussion in public forums, yet concrete steps and a clear path have not been established by policymakers. These discussions should be prioritized by Nepal's think tanks, policymakers, parliament, cabinet, and bureaucracy. However, they have not yet become top agendas for these stakeholders. There is an increasing rate of cybercrime in Nepal, including financial theft, identity theft, phishing attacks, cyberbullying, data breaches and Denial of Service (DoS) attacks. According to records from 2022, Nepal ranked 94th on the global cybersecurity index, which measures four main criteria: Cybersecurity, economic safety, physical and infrastructure safety, and social safety.

In terms of cybersecurity and cyber diplomacy, Nepal faces challenges but also opportunities for improvement. Diplomatic agendas concerning global security diplomacy often revolve around protecting digital infrastructure, sensitive and confidential data, banks, defense systems and critical infrastructure from cyberthreats, both domestic and international. It’s crucial to recognize that safeguarding against cyberthreats isn’t solely about national sovereignty and security but also about societal well-being. The definition of protecting national sovereignty, defense, and security is evolving with technological advancements. To effectively address these challenges, Nepal needs a multi-faceted approach to cybersecurity policy. This approach should encompass technical measures, a robust policy framework, and international cooperation. By engaging with other nations and organizations, sharing best practices, and collaborating on cybersecurity initiatives, Nepal can strengthen its cybersecurity posture and better protect its digital assets and citizens.

Cybersecurity concerns are not limited to national issues; they have become global issues. Nepal should engage in diplomatic dialogue with other nations, focusing on cyber diplomacy, negotiations, and agreements to combat cyberthreats across borders. State-sponsored attacks have become increasingly common, frequently making headlines. These attacks originate from one country targeting another or from state-sponsored cyberthreat groups. Their objectives include espionage, the destruction of critical infrastructure such as nuclear power plants, transportation, electricity, dissemination of political messages and more.

We might have heard about the news of more than 1500 government websites going down due to a cyberthreat, which took over 3.5 hours to restore the servers. This incident marked one of the biggest cyberthreats for Nepal. It’s the responsibility of our government to protect our sensitive and confidential data. International agencies have ranked Nepal as one of the high-risk countries in terms of cyberthreats.

Nepal maintains diplomatic relations with over 100 countries and is a member of various international agencies such as the United Nations, World Bank, Asian Development Bank, SAARC, BIMSTEC, and the Belt and Road Initiative (BRI).

Nepal should raise cyber diplomatic agendas in international forums and with other countries to protect critical infrastructure and develop international cooperation to combat cyberthreats. Situated between two digital powerhouses, India and China, Nepal can serve as a bridge for cyber dialogue and collaboration between South and East Asia. By fostering positive relationships with neighboring nations and actively engaging in regional initiatives like the South Asian Association for Regional Cooperation (SAARC), Nepal can position itself as a key player in shaping the cybersecurity future of the region.

The government should prioritize the formulation of comprehensive cyber security strategies at all levels, including policymakers and think tanks. Although the Cabinet endorsed the National Cybersecurity Policy in 2023, it requires further refinement and updates to align with technological advancements. Additionally, the government should prioritize capacity-building for human resources and enhance threat intelligence sharing mechanisms. Cybersecurity and cyber diplomacy have become hot topics, and the government and its relevant departments need to take them more seriously. If we look at bureaucracy and the defense system, we are still following traditional approaches, and this agency plays a major role in cybersecurity. The government should take immediate action to amend policies, such as incorporating cybersecurity modules into the public commission examination system. Moreover, cybersecurity education should be made mandatory at the university level for all faculties, and there should be a dedicated cybersecurity examination module in the PSC examination.

Although Nepal Police has established a Cyber Bureau, there is a shortage of human resources for cyber defense. The government needs to take this matter seriously and focus on capacity-building within the Nepal Police Cyber Department and the army's defense sector. Alternatively, the government can explore public-private partnerships for cyber-defense, investigation, enforcement of cybersecurity standards, and establishing a cyber-defense task force. If these options are not feasible, the government should consider establishing a dedicated cyber-defense task force and recruiting highly skilled staff at the section officer level. Numerous well-established organizations, such as CryptoGen, Vairav Tech, Eminence Ways, Security Pall, Logpoint, and many freelancers are already engaged in similar work with international companies.

Nepal can initiate cybersecurity and cyber diplomatic agreements with SAARC nations and prioritize these agendas at the UN assembly. The objectives include exchanging cyberthreat intelligence, enhancing cyber incident response and mitigation capabilities, promoting research and development, building capacity, and pledging not to support state-sponsored attacks or target critical infrastructure systems of other nations.

Policy recommendations

• Think tank organizations such as PRI, Daayitwa, IIDS, and other stakeholders should establish dedicated departments and prioritize research and development related to cybersecurity and cyber diplomacy. They should actively advise the Nepal government on policy formation and maintain ongoing dialogue on these matters.
• The government should establish dedicated departments for cyber threat intelligence and cyber-defense, or enhance the capacity of the existing cyber bureau. It should make cybersecurity training mandatory for staff members of Nepal Police, Nepal Army, and the bureaucracy to promote awareness. Additionally, every department staff should be required to undergo security awareness training twice a year, as insider threats pose significant challenges to every office.
• Nepal government’s Department of Foreign Affairs should continue dialogue and delegations with countries that have diplomatic agreements for cyber dialogue. It should also engage in international forums to ensure compliance with global standards.
• Universities should prioritize the development of international standards and updated syllabus in the education system. They should focus on capacity-building for university students and make cybersecurity modules mandatory at the secondary and lower secondary levels.

The author is pursuing an MSc in Cybersecurity at Islington College and has over 4 years of working experience in the field of software development