In recent years, Nepal has been hit by an alarming rise in devastating cyberattacks on critical infrastructure and data systems across the country. Just in the last few months, major hospitals like Bir Hospital and Grande International Hospital suffered data breaches, compromising sensitive patient information.
Banks like Nabil Bank and Nepal Mega Investment Bank were targeted by cybercriminals looking to steal funds. Telecom providers like Ncell and Nepal Telecom had their networks disrupted by DDoS (distributed denial of service) attacks.
These incidents highlight how woefully vulnerable Nepal’s cyber defences have become. As digital adoption grows exponentially across government, businesses and society, we are seeing increased frequencies and magnitudes of cyberattacks. Yet our national cybersecurity policies and strategies remain outdated and ineffective.
The challenges and the way forward
Nepal lacks a coordinated approach to shoring up cyber defences. Reactive measures taken after attacks have been too little, too late. Our cybersecurity laws and regulations were drafted over a decade ago and desperately need upgrading to address new threats.
Intra-governmental coordination on cybersecurity is poor, with unclear lines of responsibility. The result is valuable citizen data being compromised, services being disrupted, and millions lost to cyber thieves – while authorities scramble to identify the perpetrators.
What Nepal urgently requires is a forward-looking cybersecurity strategy centred around next-generation technologies like artificial intelligence (AI) and machine learning. AI-powered cybersecurity solutions can be deployed to monitor networks in real-time, instantly detect anomalies and attacks, and initiate automated responses.
By leveraging massive datasets and computational power, AI systems can identify threats much faster than human analysts and administrators. AI-based malware, intrusion detection, authentication and encryption technologies can secure systems proactively. With the ability to recognise patterns, context and behaviours, AI can preempt attacks before they occur.
Chatbots can engage with hackers to buy time and gather intelligence. Even more advanced AI techniques like adversarial learning can be used to model and counter evolving attacker tactics. Such AI-driven cybersecurity tools offer the predictive and preventive capabilities Nepal lacks currently.
But they have to be accompanied by upgraded laws and policies. Data privacy, digital rights and ethics will have to be balanced with national security imperatives. Clear protocols will be needed on issues like lawful data access, interception and surveillance. Standards for cybersecurity requirements and audits must be set for critical infrastructure operators as well as private companies handling citizen data.
Collaboration between government, industry and academia will be key to developing robust and contextualised AI cybersecurity solutions. Investments have to be made in training cybersecurity and AI experts.
Public awareness campaigns on cyber hygiene are equally important. With a pragmatic strategy leveraging AI, Nepal can secure itself for the digital 21st century against attacks threatening our national security and economy.
But continued delay and complacency will come at a high price. There is a need for increased public discourse that will create urgency among policymakers to treat cybersecurity with the seriousness it demands.
Act now or regret later
Recent cyberattacks that compromised major hospitals, banks and telecom operators are just the tip of the iceberg. Threat actors from criminal groups to state-sponsored hackers have Nepal firmly in their crosshairs. Our weak cyber defences make us an attractive target.
Experts have been warning for years that critical infrastructure like power grids, aviation systems and financial networks are vulnerable. A coordinated cyber assault could cripple essential services and deal a devastating blow. But cybersecurity remains chronically under-prioritised, with agencies working in silos lacking AI capabilities.
Meanwhile, countries like China, North Korea and Russia are weaponising AI for cyber warfare. From data poisoning to AI-generated social engineering attacks, to autonomous hacking bots – AI is supercharging the arsenal of state hackers.
Nepal cannot afford to be sitting ducks in an era of AI-enabled cyber conflicts. We need to realise that cybersecurity has implications beyond just IT failures. With the increasing integration of digital systems across sectors, the damage from cyberattacks can quickly cascade through our interlinked infrastructure.
As the recent US Colonial Pipeline ransomware attack demonstrated, even energy systems can be brought down by hacking. For too long, Nepal has equated digitalisation only with e-governance and innovation.
But integration comes with risks, if not built on secure foundations. From our smart city initiatives to government digitisation drives, cybersecurity has to be baked into every layer of our networked systems. On the policy front, we need better baseline laws, security frameworks, and public-private coordination modelled on initiatives like the US NIST cybersecurity framework.
Audits and continuity planning must be mandated for critical infrastructure operators. Information-sharing structures can help authorities respond better to threats. Nepal also needs more public discourse on the ethics of surveillance, privacy principles, and responsible use of cyber weapons.
With the right vision and collaboration, we can create a safe and resilient digital Nepal. But further delay in tackling the gaps will leave us paying a heavier price.
