The government has decided to establish a National Cybersecurity Center. The meeting of the Council of Ministers on January 24 endorsed the organisational structure of the National Cybersecurity Center on the recommendation of the Ministry of Federal Affairs and General Administration. The National Cybersecurity Center will act as a regulatory body for the agencies related to cybersecurity.
According to the Joint Secretary of the Ministry of Communication and Information Technology, Baburam Bhandari, the centre will effectively carry out work related to monitoring, preparedness, prevention, identification and response to cybersecurity incidents as per National Cybersecurity Policy, 2023.
According to Bhandari, the Cybersecurity Center will be run by the joint secretary of the Ministry of Communication and Information Technology. However, the under-secretary of the ministry will head the administration of the central office.
The government had put forward the concept of establishing a cybersecurity centre by creating a national cybersecurity policy because of the number of cyber attacks on the electronic systems of governmental and non-governmental organisations. National Information Technology Center, which is the government’s data centre has been the victim of cyber attacks repeatedly creating inconvenience to the service users.
With that in mind, the government has considered setting up a cybersecurity centre which will act as a defence mechanism for the protection of various important and confidential data of the government and to prevent cyber attacks.
Center’s area of work
The National Cybersecurity Center is being established to eliminate the risk of cyber attacks on digital systems of public and private organisations while providing service to the public. Eventually, it will work to build a reliable and safe cyberspace.
According to the Ministry of Communication and Information Technology, the centre is being established due to the risk of cyber attacks on communication technology systems and for the security of information on technology systems, including personal and institutional details and data. The centre will work to build a reliable and safe cyberspace.
Currently, Nepal’s score on the global cybersecurity index is 44.99 per cent. The government aims to reach 60 per cent within the next five years, 70 per cent within 10 years and 80 per cent within 15 years.
The centre will work to make legal and institutional arrangements for creating a safe cyberspace. It will also work to protect sensitive national infrastructure and minimise the risk of cyber attacks. Also produces human resources in the cybersecurity field to strengthen cyberspace and enhance the capacity of working human resources. Then it will work for the coordination at the bilateral, regional and international levels to reduce the risks related to cyber security. Moreover, the centre will work to share experience and support.
The National Cybersecurity Center will create and implement plans to assess and reduce risks to important infrastructures. It will also prepare and execute action plans for cybersecurity, including protecting, identifying, responding to, and recovering from incidents. Additionally, it will develop guidance for the national cybersecurity strategy and ensure high-quality software, hardware, and network devices. The centre will also establish standards for building, importing, and using these technologies.
Through the centre, there are plans to make the software developers responsible for ensuring the quality and security of the software to make the software suppliers responsible for ensuring the quality and security of the software they supply.
The National Cybersecurity Center will also implement a policy to create minimum technical standards based on international practices related to cybersecurity, determine cybersecurity test standards and examiner qualifications, and encourage the use of open standards to facilitate interoperability and data exchange between different products or services.
The centre will also be in charge of research and development related to cybersecurity, promotion of cybersecurity and creating public awareness. The centre will also conduct digital forensic investigations to act as a liaison body for cybersecurity preparedness, prevention, identification, response and recovery.
The National Cybersecurity Center will also work to expand the jurisdiction of the Information Technology Department by regulating the information technology sector. Developing and regulating the information technology system required for government agencies and enhancing the capacity of existing organisations related to cybersecurity and cybercrime investigation. The centre will develop digital infrastructure and prepare a national contingency plan to share cyber attack information.
The centre will work to make provisions related to the protection of citizens’ online identity and data security, making it mandatory to publicise information related to cyber attacks and user data loss, damage, and theft in organisations that collect, process, use, and store personal or institutional data, and build and upgrade cybersecurity infrastructure.
Creation, testing and verification of cybersecurity development indicators and security maturity measurement policy will also be implemented through the centre.
For regulations too
The National Cybersecurity Center aims to ensure electronic services safe and reliable by requiring electronic signatures on government applications and emails. The centre will also secure data electronically and regularly test hardware, software, and networks used by public agencies. Additionally, it will promote the use of locally produced technological products.
The centre will work on the plan to encourage ethical hacking, coordinate the inclusion of cybersecurity subjects in the school-level curriculum, and organise a cybersecurity finishing school in collaboration with organisations working in the field of cybersecurity to produce skilled human resources.
In collaboration with national and international universities, it will train skilled professionals in cybersecurity. It will encourage universities to focus on cybersecurity studies, research, and development.
Additionally, the National Cybersecurity Center will provide training to public sector workers according to international standards to enhance their cybersecurity skills. It will also establish a dedicated cybersecurity group within the public service. The centre will oversee these efforts to ensure a supply of skilled cybersecurity professionals to meet the needs of relevant agencies.
The government has also taken a policy to spread awareness among the public about cybersecurity. The plan will include organising a national cyber drill annually to include sensitive service providers, conducting awareness-raising programmes at the community level to avoid cyber insecurity, etc, through the centre.
According to the concept of public-private partnership, the National Cybersecurity Center will work to take policies including developing cybersecurity infrastructures, collaborating with the private sector to minimise cyber risks, encouraging organisations working on cybersecurity, coordinating the regulation of organisations working in the field of cybersecurity and designating a single contact point for international cooperation.
The National Cybersecurity Center will play a role in controlling the transmission of misleading and inappropriate information on the internet and social networks, regulating and controlling the transmission of spam messages including online harassment and cyberbullying.
