Security 2.0

Published On: September 17, 2016 12:35 AM NPT By: Mahesh Singh Kathayat and Bimal Pratap Shah

The government’s commitment to increase FDI without prioritizing cyber security can be regarded as nothing but a toothless rhetoric
If anything is worse than losing money, it is losing a passport in a foreign country where we hardly know anybody. Losing a passport, however, need not be such a scary affair in the New Digital Age, if only nation-states let go of the passports designed for the last century and rethink passports for the 21st century. And, Australia, it seems, is doing just that.

In 2015, the Land Down Under initiated a virtual passport. The Department of Foreign Affairs and Trade is soon putting Australian citizen’s passport information in the cloud, alongside biometric identifiers so as to give Aussies the opportunity to travel without passports to New Zealand. This, they say, will remove the need for a physical document altogether, completely reducing the risk of passports getting lost.

In reality, the passport-free travel will only get worldwide traction when potential security issues are settled. While this radical idea is being explored, citizens have already expressed concern about security aspects of the facial biometrics database, forcing the Australian government to consider privacy implications. Many feel the vast amounts of data stored in the cloud are not safe from hackers. Imagine reaching an immigration check point just to be told that you are not who you claim to be, because the passport and biometric information has been tampered with illegally. Come to think of it, this would be worse than losing a machine readable passport. 

Australia, on the other hand, is in a position to experiment with passport-free travel, because they have already developed a biometric database and also made adequate preparation in the area of cyber security. Since fighting cyber crimes is unimaginable without a coordinated national response, the Australian government has devised a decisive plan they call “National Plan to Combat Cybercrime” representing a commitment from the Commonwealth, State, and Territory governments to work together to address the threat. The Plan identifies six key priority areas for action where governments can make critical contributions to strengthen national response to cybercrime.  

Out of the six priorities, improving the capacity and capability of government agencies, particularly law enforcement, to address cybercrime is something that should be every nation’s top-most priority. Australia has made substantial investment to enhance the capacity of the Australian Federal Police (AFP) to fight crimes in the cyberspace.

Australians know that if policing is to be effective in the digital environment, the capacity and capabilities of law enforcement agencies have to be upgraded to keep pace with technologies that are evolving at the speed of thought so that they are equipped to detect and investigate the use of technology in sophisticated criminal activities.

At home, there are no national level cyber security strategies in place, but Nepal Police, even with a very tight budget, not enough skilled manpower, and paucity of latest investigation equipment, has been working hard to tackle cybercrimes. They have installed dedicated Cyber Crime Cells, established C4 and Digital Forensic Lab at Police Headquarters, deployed Cyber Cops and established a network with Interpol. The police can do more only if there is enough budget for establishment of cybercrime cells across the country and especially in crime-prone districts. The government also needs to recruit qualified manpower in order to rapidly enhance the agency’s cyber security capabilities.

According to Nepal Police, ATM pin stealing, cloning of ATM Cards, hacking, financial fraud in internet banking, phishing and social networking related crimes are common in Nepal. This, they believe, is due to lack of a regulatory body and strategies needed to set standards, and to prevent and handle cyber security related issues. Research shows that lack of cyber security strategy creates an opportunity for serious attacks. For instance, if a cybercrime originates from a country whose regulation does not address the violated regulations of the country where the crime takes place, it can put law enforcement agencies in a difficult situation.  

Another area that needs serious government attention is a looming threat of cyber war that will be waged over computers instead of traditional combat zones. The United States is one country that is extremely serious about the threat of cyber war. Earlier this year, the US Defense Secretary Ashton B. Carter established the Defense Innovation Advisory Board, with Google parent company Alphabet chairman Eric Schmidt as its head and founder Jeff Bezos as one of the members. The board’s main role is to provide advisory services to the Department of Defense, but from a Silicon Valley point of view. 

Likewise,  as a part of the Obama administration’s US $19 billion “Cyber Security National Action Plan,” the White House earlier this month named retired Air Force Brigadier Gen. Gregory Touhill as the first ever federal chief information security officer to bolster the US government’s digital defenses. Grant Schneider, who is currently cyber security policy director on the White House’s National Security Council, has been appointed as Tuohill’s acting deputy information security chief.  

It seems India too is committed to combating cyber-attacks. The largest democracy in the world recently appointed its first chief information security officer, whose main role is to help the country develop the vision and policy to fight cybercrime and manage cyber-security more effectively. India is also working towards a national cyber-security architecture to provide a framework for designated agencies to monitor, certify and fortify India’s networks in accordance with the law. The fact that Microsoft recently joined China’s Cyber Security Council proves that China too is serious about working towards a safer cyberspace.

There is no denying that the world, both real and virtual, is increasingly becoming uncertain and insecure. So all it takes is one major breach to discourage the public to adopt technology that makes ideas like passport-free travel possible. If the government is not careful, convincing citizens to adopt e-governance, e-commerce, and e-health can prove impossible. In order to increase the trust in digital economy many advanced countries are already refining their cyber security abilities. 

Nepal cannot do without a national-level Cyber Security Strategy, if the country is to protect itself in cyberspace. The Cyber Security Strategy that aims to make Nepal one of the safest places in the world to do business, more resilient to cyber attacks, as well as one that helps shape an open, vibrant and stable cyberspace that supports open societies. There is also a need to establish a special Cyber Security Board and supporting agencies—as in the US, China and India—to empower law enforcement agencies to keep cyberspace safe from criminals.

More importantly, cyber security breaches will hurt the economy by decreasing investor confidence In the New Digital Economy. So Nepal government’s commitment to increasing foreign direct investment without prioritizing cyber security can be regarded as nothing but a toothless rhetoric. The Office of the Prime Minister and Council of Ministers and the Ministry of Home Affairs need to understand the threat and be serious about cyber security affairs. Cooperation in cyber-security is one area the Nepali Prime Minister needs to discuss with his Indian counterpart.

Kathayat is an Associate Professor of Computer Engineering at Kathmandu Engineering College, Tribhuwan University and Retired Deputy Inspector General of Nepal Police; Shah is the co-author of ‘Strategic IT Planning for Public Organizations: A Toolkit’ 
published by the UN in 2009.

Leave A Comment