Nepal has moved up to the 94th position in the Global Cybersecurity Index 2020 from the 106th slot in the 2018 edition, showing that its commitment to cybersecurity has increased, according to the International Telecommunication Union (ITU).
The Himalayan republic scored 44.99 out of 100 points among 182 countries. It was placed 17th among the 18 countries in Asia-Pacific region, said the ITU.
The ITU is the United Nations specialised agency for information and communication technologies, driving innovation in information and communications technology together with 193 member states and a membership of over 900 companies, universities and international and regional organisations.
The Global Cybersecurity Index is assessed on five pillars—legal measures, technical measures, organisational measures, capacity development and cooperation. For each pillar, the country’s commitment was assessed through a question-based online survey that allowed for collecting of supporting evidence.
Nepal secured 15.61 points in legal measures, 5.94 points in technical measures, 9.58 points in organisational measures, 9.60 in capacity development and 4.26 in cooperative measures. Legal measures were a relative strength for Nepal, and the country can gain potential growth through cooperative measures, the report said.
Bijay Kumar Roy, assistant director of the Nepal Telecommunications Authority, said that work had started according to the Cyber Security Bylaw 2020. “The organisation has started hiring human resources working in the cyber security sector, showing their readiness in investing in cyber security infrastructure,” he said.
“With the increasing use of digital transactions, there might be chances of exposure to threats so investing in cyber security infrastructure is vital,” Roy said. “We have inserted the provision in the bylaw that mobile applications can only be launched by conducting vulnerability assessment which can lead to safety.”
India reached the top 10 in the Global Cybersecurity Index scoring 97.5 points. Bangladesh secured the 53rd position with 81.27, Pakistan was 79th scoring 64.88 points, Bhutan came 134th scoring 18.34 percent, Sri Lanka was in the 83rd position with 58.65 points, and Maldives was ranked in the 177th position with 2.95 points.
Globally, the United States topped the chart scoring 100 points followed by the United Kingdom and Saudi Arabia with 99.54 points each. Estonia came third with 99.48 points.
The Ministry of Communication, Information and Technology has prepared a draft National Cyber Security Policy 2021 to control and minimise cyber attacks in information and technology and provide security from possible future attacks.
A separate cyber security policy has been prepared for increased safety of information and technology as new challenges in cyber security are emerging.
The new policy is expected to build an important base for the capacity enhancement of information systems operated by service providers to enhance the confidentiality, integrity, availability and authenticity of collected, processed and disseminated data and information systems.
Addressing the cyber risk of individuals, businesses and the government, the policy seeks to make lawful provisions to build a secure and resilient cyber space.
As digitisation grows in Nepal, it is inevitable that increasingly vast amounts of data across the public and private domains will be at risk.
Laws and standards will be built for secure, reliable and flexible cyberspace. To secure communication and information technology systems, institutional and organisational structures will be made on the basis of international practices. To strengthen cyber security, capable and safe technology, infrastructure and process will be provisioned.
The Nepal Telecommunications Authority with the technical support of the ITU has prepared a study report and recommended policy level suggestions to the government.
As of mid-May, 90.56 percent of the population in Nepal had access to the internet, according to the management and information report of the Nepal Telecommunications Authority. The number of internet users in the country currently stands at 27.37 million.
The Cyber Security Bylaw 2020 prepared by the Nepal Telecommunications Authority, which seeks to protect information and communication systems from cyber attacks and other associated risks, has come into implementation.
The bylaw requires telecommunications and internet service providers to make use of national and international cyber risk information sharing platforms to receive and share information regarding security issues, vulnerabilities and cyber threat intelligence.
The purpose of the platform is to establish a cyber security community in Nepal to facilitate the detection and prevention of cyber attacks by sharing cyber threat intelligence.
The Global Cybersecurity Index revealed that many countries lagged behind in key areas like cybersecurity skills training in micro, small and medium sized enterprises, and there were gaps in dedicated measures to close cybersecurity in finance, healthcare, energy and other key sectors.
ATM heists resulting from compromised switching systems, distributed fund transfers into legitimate user accounts, the hacking of the SWIFT system, and theft of individual data from online platforms like online shopping are the best known cases of data breaches in Nepal in the recent past.