KATHMANDU, April 9: The Ministry of Information and Communication (MoIC) has formed a seven-member Nepal Computer Emergency Response Team (NCERT) to deal with 'computer related incidents'.
Purushottam Prasad Tiwari, Joint Secretary at MoIC, is the coordinator of the recently formed NCERT, which comprises two MoIC undersecretaries -- one each from the frequency management division and the legal section. The team will also include an undersecretary each from the Ministry of Science and Technology (MoST) and the Ministry of Home Affairs (MoHA), a director from NTA and Rajan Raj Panta as an expert representative.
Computer Emergency Response Team (CERT) is a collective of experts brought together to handle potential future computer security-related incidents. Providing emergency response is a highly technical job which includes preventive activities such as providing early warning of any possible threats; reactive work to recover data in case of any incident; and coordination with multiple national and international CERTs.
"We have established a CERT and our team will now make recommendations on the formulation of acts and policies required for the operation of NCERT," Tiwari said.
MoIC formed the CERT based on the recommendation of a study carried out by the International Telecommunication Union (ITU) in partnership with International Multilateral Partnership Against Cyber Threats (IMPACT). The study report, published in 2012, had recommended establishing of a national Computer Incident Response Team (CIRT) to identify, defend, respond and manage cyber threats and enhance cyberspace security.
The study said it was crucial to set up a national CIRT as a focal point in managing incidents and a coordination center to manage all information-sharing and information flow for cyber security.
Different ministries have been operating their own emergency response teams duo to the lack of a national CIRT.
At present, MoST, has an Information Technology Emergency Response Team (ITERT) under the Department of Information and Technology (DoIT) while the Home Ministry has its own CERT.
"Every organization has felt the need for a CERT and has formed on its own. At present there is lack of coordination among these CERTs but we will soon form a national-level CERT combining all the CERTs," Subash Dhakal, director of DoIT, said.
Tiwari said that different CERTs under different ministries have different Terms of Reference (ToR) and worked in different sectors. However, he said the government was working to form a national CERT.
According to Dhakal, the ITERT has not been able to work properly due to lack of regulatory framework. "In other countries, emergency response teams are guided by acts and policies but we do not have such acts. The umbrella IT policy will have the act to govern the emergency response teams," Dhakal said.
Due to lack of a regulatory framework, it is difficult for any emergency response team to carry out its works as it has to get access to data of other organizations -- which may be confidential.
"As we do not have regulatory framework, ITERT has just been carrying out preventive service such as vulnerability analysis and penetration testing of different organizations on request," he said.