MoIC to un­veil na­tional cy­ber se­cu­rity strat­egy

Bhutan Times - - Home - Lhakpa Tsh­er­ing

The Min­istry of In­for­ma­tion and Com­mu­ni­ca­tion ( MoIC) will de­velop its first cy­ber se­cu­rity strat­egy to en­sure ser­vices of­fered by agen­cies are con­nected and pro­tected.

To cre­ate aware­ness among de­ci­sion mak­ers on cy­ber se­cu­rity, the Depart­ment of In­for­ma­tion Tech­nol­ogy and Tele­com, MoIC in col­lab­o­ra­tion with the In­ter­na­tional Telecom­mu­ni­ca­tion Union ( ITU) or­gan­ised a cy­ber se­cu­rity in­ci­dent sim­u­la­tion ex­er­cise on 27 Novem­ber in Thim­phu.

The heads of gov­ern­ment, pol­icy mak­ers and other de­ci­sion mak­ers will daft a na­tional cy­ber se­cu­rity strat­egy to en­sure it is ad­e­quately pre­pared to deal with po­ten­tial at­tacks while meet­ing the needs of the gov­ern­ment, busi­ness and cit­i­zens.

The aim of gov­ern­ment with the strat­egy will be a plan of ac­tions de­signed for in­ter­ven­tion poli­cies to en­sure a high­level ap­proach that can help strengthen a cy­ber safe in the coun­try.

The Di­rec­tor for Cy­ber­crime Re­search In­sti­tute and a con­sul­tant to ITU, Prof. Marco Ger­cke said that the strat­egy will show the world that Bhutan is tak­ing cy­ber se­cu­rity se­ri­ously and the plans to move for- ward with re­gard to risk that is very im­por­tant step.

Dr Marco Ger­cke said that Bhutan is vul­ner­a­ble to cy­ber se­cu­rity at­tack but there is no main­te­nance and up­dat­ing for the sys­tem. “Ev­ery day, we learn about vul­ner­a­bil­i­ties of the op­er­at­ing sys­tem,” he said. “Peo­ple are still try­ing to break the in­ter­net and re­al­ize that they are vul­ner­a­bil­i­ties.”

Cy­ber se­cu­rity is be­com­ing more of an is­sue glob­ally with data breaches, ex­tor­tion, ran­somware at­tacks, fi­nan­cial scams, state­spon­sored hack­ing in­ci­dents, so­cial en­gi­neer­ing, re­lease of in­ter­nal emails of po­lit­i­cal play­ers, at­tack against crit­i­cal in­fra­struc­ture, against elec­tions, pur­chas­ing data from illegal sources and fake news among oth­ers are all on the rise.

Dr Marco Ger­cke said there are also illegal data from gov­ern­ment that can be pro­duced if mea­sures are not taken to pro­tect in­for­ma­tion. The highly clas­si­fied doc­u­ments, he said were cab­i­net notes, diplo­matic ca­bles, hand read doc­u­ments, gmails and emails of the mem­bers of par­lia­ment and min­is­ters among oth­ers that are pro­tected and kept within the gov­ern­ment.

He said that there are data bases on­line of the doc­u­ments that are part of the in­ter­net which is fol­low­ing slightly dif­fer­ent roles. “It is very dif­fi­cult to trace back the peo­ple. It is more dif­fi­cult to iden­tify of­fend­ers,” he said. “It is not that easy to get ac­cess to this part of in­ter­net.”

The sim­u­la­tion ex­er­cise aims to en­sure Bhutan has the abil­ity to take of­fen­sive ac­tion if nec­es­sary, while also grow­ing an innovative cy­ber se­cu­rity in the coun­try.

In a key­note ad­dress on the open­ing day of ses­sions, MoIC min­is­ter Karma Don­nen Wangdi said that the min­istry is en­deav­or­ing to in­crease in­ter­net con­nec­tiv­ity and lever­age the ben­e­fits of ICTs, stim­u­late eco­nomic growth, im­prove ser­vice de­liv­ery and pro­mote good gov­er­nance.

With the in­tro­duc­tion of on­line ser­vices, the min­is­ter said many of the gov­ern­ment agen­cies are now trans­act­ing on­line than ever be­fore. He noted that there are now more than 120 Gov­ern­ment to Cit­i­zen ( G2C).

How­ever, he said that the trans­for­ma­tional power of ICTs and the in­ter­net as cat­a­lysts for eco­nomic growth and so­cial de­vel­op­ments needs to be un­der­stood. “While the reliance of our so­ci­ety on the dig­i­tal in­fra­struc­ture is grow­ing, cy­berspace re­mains in­her­ently vul­ner­a­ble.”

The rate of com­pro­mise is in­creas­ing and the meth­ods used by ma­li­cious ac­tors are rapidly evolv­ing, but the min­is­ter said Bhutan is not an ex­cep­tion for such at­tracts.

The move is ex­pected to see agen­cies tak­ing an in­te­grated ap­proach to pre­vent and re­spond to cy­ber threats as well as ef­forts to boost col­lab­o­ra­tion on in­for­ma­tion se­cu­rity across the coun­try.

The min­is­ter said that the gov­ern­ment, pri­vate sec­tor and cit­i­zen have vi­tal roles to play. He said, “While gov­ern­ment can take the lead in fa­cil­i­tat­ing in­no­va­tion and pro­vid­ing se­cu­rity, busi­ness need to en­sure their cy­ber se­cu­rity prac­tices is ro­bust and up to date.”

The in­ter­net of ev­ery­thing, in which ev­ery va­ri­ety of ob­jects can be con­nected on­line, made it eas­ier to con­duct at­tacks.

One of big­gest early suc­cesses of the Bhutan Com­puter In­ci­dent Re­sponse Team ( BtCIRT) for the past one year has han­dled and re­solved 250 com­put­ers in­ci­dents of which 83 per­cent were vul­ner­a­bil­i­ties found in the sys­tems, fol­lowed by 10 per­cent of sys­tems that were in­fected by ma­li­cious codes and six per­cent re­lated to phish­ing emails and sites, com­pro­mised sys­tems and in­tru­sion at­tempts.

BtCIRT was es­tab­lished in 2016 with a view to en­sure the se­cu­rity of on­line sys­tems and also act as a cen­tral point of con­tact re­gard­ing cy­ber se­cu­rity re­lated is­sues in the coun­try.

Cur­rently Bhutan faces lack of skills, knowl­edge and ex­pe­ri­ence among ICT pro­fes­sion­als in the area of cy­ber se­cu­rity. Dr. Marco Ger­cke will be in the coun­try for a week to dis­cuss and en­gage with var­i­ous stake­hold­ers to es­tab­lish the Bhutan cy­ber se­cu­rity strat­egy, dis­cuss on child on­line pro­tec­tion, pro­mote an im­proved in­sti­tu­tional cy­ber cul­ture and raise aware­ness of cy­ber prac­tice across gov­ern­ment and busi­ness.

The ex­er­cise was par­tic­u­larly to in­crease aware­ness on cy­ber se­cu­rity and pre­pared­ness to make crit­i­cal de­ci­sions in re­sponse to cy­ber at­tacks.

Cy­ber se­cu­rity is the pro­tec­tion of in­ter­net­con­nected sys­tems, in­clud­ing hard­ware, soft­ware and data, from cy­ber at­tacks.

The sim­u­la­tion ex­er­cise saw the cab­i­net min­is­ters, sec­re­taries, ex­ec­u­tive gov­ern­ment of­fi­cials, law en­force­ment rep­re­sen­ta­tives and heads of cor­po­ra­tions, pri­vate sec­tor or­ga­ni­za­tions and other in­sti­tu­tions with crit­i­cal in­for­ma­tion in­fra­struc­ture.

The sim­u­la­tion ex­er­cise aims to en­sure Bhutan has the abil­ity to take of­fen­sive ac­tion if nec­es­sary, while also grow­ing an innovative cy­ber se­cu­rity in the coun­try.

Newspapers in English

Newspapers from Bhutan

© PressReader. All rights reserved.