header banner
OPINION

Cyber Defense for Nepal: Do we need a specialized police force or national authority in Nepal?

As cybercrime becomes more organized and frequent across the world, Nepal too has seen a surge in hacking, frauds and digital extortion threatening our economic, social and security interests. However, our law enforcement capabilities to tackle cyber threats remain primitive.
By Bivek Chaudhary

As cybercrime becomes more organized and frequent across the world, Nepal too has seen a surge in hacking, frauds and digital extortion threatening our economic, social and security interests. However, our law enforcement capabilities to tackle cyber threats remain primitive.This has ignited debate on whether Nepal should set up a dedicated Cyber Security Police force or establish an empowered National Cybersecurity Authority to drive strategy, capability building and coordination between stakeholders. This article examines both models and their relevance for Nepal's specific needs and challenges.


The Case for a Specialized Cyber Police Force


Those arguing for a separate Cyber Security Police contend that cybercrime needs dedicated first responders focused on digital forensics and virtual jurisdiction. Just like economic offenses are handled by the Central Investigation Bureau (CIB), cybercrimes require technical expertise and procedures beyond regular police training. They point out that the Nepal Police's current Cyber Bureau with about 15-20 personnel is understaffed and underequipped. For a country with over 20 million internet users and thousands of cyber incidents annually, the handful of cybercrime investigators are overwhelmed. Modeled on India's 15,000+ strong Cyber Crime Coordination Centre, they propose a large centralized Cyber Police organization with regional cyber labs, dedicated courts and thousands of trained personnel.


The envisioned benefits of such specialized force include:


· Attracting talent with the right technical skills, coding knowledge and tools for investigating digital crimes. Training regular police officers on rapidly evolving technologies is difficult.


· Focused procedures and infrastructure like labs, dedicated servers and software tailored for cyber forensics, online monitoring, evidence storage/retrieval etc. Mainstream police stations lack these capabilities currently.


·Officers empowered to swiftly issue digital warrants, collect electronic evidence across private networks and take down unlawful content. Regulatory gaps impede this currently.


·Developing intelligence on dark web activities, child pornography circles, extremist forums etc by infiltrating online criminal ecosystems.


·Providing easy public access and grievance redressal through dedicated cybercrime reporting channels.


·Superior response time and expertise during major cyber incidents like national level ransomware attacks, website defacements etc.


·Collaborating with global entities like INTERPOL to combat Transborder cybercrime through joint investigations, legal assistance etc which regular police lack exposure to.


With the cyber threat landscape evolving rapidly, having a dedicated specialized force seems essential to avoid being continuously outpaced by tech-savvy adversaries.


Related story

Controlling cyber conflict


The Case for a National Cybersecurity Authority:


Those arguing against a separate Cyber Police argue that cybersecurity is a complex domain requiring multi-dimensional strategy and coordination beyond just law enforcement. Rather than reactive responses, they recommend establishing a Centralized National Cybersecurity Authority (NCA) under the PMO to drive policies and build collective capabilities.


Such central authority could drive several initiatives in a holistic manner:


·         Formulate a national cybersecurity strategy based on global best practices but tailored for Nepal's unique needs and constraints.


·         Maintain 24x7 situational awareness by monitoring known cyber threats across the Surface web, Dark web and adversary groups.


·         Issue advisories, alerts, and guidance for government and private sector organizations.


·         Drive large-scale awareness and training programs on cyber hygiene and safe practices for professionals and common citizens.


·         Develop information sharing protocols between banks, companies, agencies and CERT-NP for real-time cyber threat intelligence sharing.


·         Define security standards and compliance mechanisms for critical infrastructure sectors like energy, transportation, healthcare etc.


·         Provide expert guidance and incentives to improve cyber defenses across government systems.


·         Promote R&D on indigenous security solutions leveraging Nepal's IT talent rather than only importing solutions.


·         Enable global partnerships through INTERPOL to build collective capability against trans-border crimes.


·         Support law enforcement agencies with training, digital forensics, tech procurement and legal assistance for catching cyber criminals.


·         Rather than create a separate police organization, the NCA can integrate cybersecurity into the national security agenda and drive participation from all key stakeholders. This unified authority model under top-level leadership has proven effective in countries like the US, UK and India.


 Which Model Suits Nepal's Needs?


While both approaches have merits, for a country like Nepal with resource constraints and technology gaps, an empowered National Cybersecurity Authority seems the prudent first step. Here is how the NCA model aligns better to our specific context and needs:


·         Budget Constraints: Setting up a dedicated Cyber Police force like India requires massive investments. For Nepal, funding training, tools, infrastructure and thousands of personnel will be financially infeasible currently. An agile authority with select experts advising stakeholders would be cheaper to establish and operate.


·         Coordinated Response: With Nepal's nascent cybersecurity ecosystem, coordinated strategy is needed before individual capabilities. The NCA can balance perspectives of police, army, banks, private companies etc to drive joint priorities and protocols.


·         Beyond Enforcement: Issues like low public awareness, vulnerable critical infrastructure, limited emergency planning, insurance gaps etc require broad-based governance not just policing. NCA provides this oversight.


·         Prioritizing Basics: Before advanced monitoring or offensive capabilities, Nepal needs to focus on cyber hygiene, updated laws, securing government systems and public education which NCA is well positioned to drive nationally.


·         Multidimensional Skills: Effective policy making, technology analysis, legal analysis, risk assessment, global partnerships, public outreach etc requires diverse professionals not just police investigators. NCA provides this agility.


·Holistic Capacity Building: NCA can drive knowledge enhancement across management in companies, lawyers, judges, government officials and society along with frontline cyber police to tackle cyber risks systemically.


Of course, having an NCA does not preclude developing a dedicated Cyber Police force as the next stage of evolution. The NCA can lay the strategic foundations and then support targeted capability enhancement of an elite cybercrime investigation force. But currently, Nepal's nascent cybersecurity posture necessitates sound policies, public-private cooperation and basic awareness building first. An empowered National Cybersecurity Authority seems the most optimal single intervention to drive this mission nationally in a resource-efficient manner.


Challenges in Operationalizing NCA


While having a central authority can align multiple facets of cybersecurity, its success will depend greatly on structural aspects:


·         The NCA should be constituted by experts from domains like policy, technology, legal, academia, police and industry rather than treating it as a diplomatic post.


·         Private sector participation is crucial for awareness and embracing cybersecurity as a boardroom issue rather than just an IT issue.


·         Balancing autonomy and accountability will be vital through oversight boards including civil society/media representation. Clear metrics are needed.


·         Budget constraints, hiring delays and red tape should not curtail the agility, flexibility and acceleration needed in the cybersecurity domain.


·         Overlaps in roles with existing bodies like Nepal Police Cyber Bureau, telecom regulator and Nepal CERT will need streamlining through institutional adjustments.


·         Mitigating privacy and surveillance concerns through robust checks and balances against abuse.


·         Physical and data security considerations for the NCA itself as it will be a prime target for adversaries.


Conclusion


Nepal's exponential surge in cyber threats leaves us no choice but to prioritize long-term solutions. While a dedicated cybersecurity force seems intuitively appealing, building capabilities systemically through an overarching authority may be strategically wiser given current resource realities and the nascency of our cybersecurity posture. Of course, the success of any institutional model depends ultimately on continued political commitment, budgetary support, hiring domain expertise, legal backing, private sector participation and public vigilance. Cybersecurity needs to be integrated as a cornerstone of national security, digital economy and technology policy.With rising incidents like the recent hacking of NIC Asia systems, we have a small window of opportunity to act prudently. Building indigenous capacity backed by pragmatic policies and public awareness is key to securing our cyber future in the 21st century.

Related Stories
SOCIETY

Communications ministry issues 24-point advisory t...

Editorial

Cyber risk

SOCIETY

Youths more vulnerable to cyber crimes

SOCIETY

Cyber crimes on the rise in Valley

SOCIETY

Two analysis papers on cyber security published