Executive Summary:
In light of the growing concerns around threats within the digital landscape, Nepal Government recently declared the establishment of the National Cyber Security Centre (NCSC) on January 24 2024. This move marks a step towards bolstering the country’s cybersecurity framework and showcases a dedicated effort to combat the intricate issues presented by cyber threats. The NCSC is set to function as Nepal’s regulatory body responsible for overseeing, coordinating and resolving cybersecurity incidents throughout the nation. Nevertheless there are hurdles and milestones to overcome.
Context and Rationale:
There is a stream of cybersecurity issues making headlines worldwide. From breaches, to attacks on vital systems and sophisticated threats orchestrated by nation states, the security landscape is constantly evolving. Equipped tech companies and governments are not immune, to these incidents despite their significant cybersecurity capabilities and knowledge.
The very recent breaches reported by The Hacker News and Bleeping Computer on January 2014, involving prominent tech companies Microsoft and Hewlett Packard underscore how even the most vigilant organizations are not immune from infiltration by adept adversaries.
Additionally, the gravity of ransomware attacks, seen in the disruption of healthcare services in Romania and Kansas City, Missouri earlier this year, serve as further evidence of the crucial vulnerability in critical infrastructures and the potential scope of societal impact. With a 33% global increase in ransomware attacks, including a noteworthy 22% rise within the retail sector in 2023 according to Check Point Research, time is of the essence in advancing cybersecurity measures.
Challenges and Opportunities in Nepal:
Over the last few years, Nepal has seen a worrying trend of cyber-attacks against government bodies and prominent online services showcasing the nation's underlying cybersecurity posture. The NCSC alone might not be enough to cope with volume and breadth of cyber threats faced by the country. Past incidents such as the aforementioned breach on the Ministry of Foreign Affairs in 2017 as well as recent DDoS attacks on government servers earlier in the year illustrate the need for continual improvements to cyber hygiene and infrastructure resilience.
An examination of the cybersecurity measures in place within Nepal's healthcare sector, such as the insecure online patient data portal at Mediciti Hospital, further accentuates the critical need for governance, due diligence, and compliance standards. This necessitates a comprehensive approach to cyber security that transcends mere policy implementation and calls for actionable, enforceable measures.
Strategic Recommendations:
Efforts to combat the present day spectrum of dynamic cyber threats require that Nepal’s cybersecurity move beyond being reactive and evolve to be proactive. The immediate deployment of DDoS mitigation solutions, advanced Endpoint Detection and Response (EDR) systemsand meticulous patch management protocols are imperative.
Furthermore, the adoption of regular Vulnerability Assessment and Penetration Testing (VAPT) is essential to pre-emptively identify and rectify security vulnerabilities. This, coupled with ongoing security assessments and user awareness training should be integrated into the nation's cybersecurity strategy.
From day one, the NCSC must have the authority to investigate cyber incidents, ensure compliance and enforce accountability. Without rigorous security measures in place, and a fully trained staff to enforce best practice across the nation’s enterprises, both current and evolving cyber threats will continue to place Nepal at increasingly greater risk.
In Conclusion:
The establishment of the National Cyber Security Centre is a commendable first step in enhancing Nepal's cybersecurity capabilities. Anyone who is deeply invested in the field of cybersecurity is genuinely optimistic about the potential impact of the National Cyber Security Centre on Nepal's digital resilience.
There is hope that the NCSC will embody the quintessential attributes of a governing body, effectively safeguarding the nation's digital frontiers. As we continue to witness cyber-attacks and evolving threat landscapes, it is upon all stakeholders to introspect and ensure that due diligence and due care is exercised in our cybersecurity endeavours. Ultimately, the journey toward fortifying Nepal's cybersecurity posture requires collective commitment, proactive measures, and a steadfast resolve to mitigate the inevitable cyber threats that lie ahead.
