As cybercrime surges worldwide, Nepal faces increasing threats from hacking, fraud, and digital extortion, impacting our economy, society, and security. Yet, our capacity to combat these cyber threats is underdeveloped.
There is a need to evaluate the suitability of two approaches: establishing a dedicated Cyber Security Police force or creating a robust National Cybersecurity Authority to address Nepal’s specific needs and challenges.
Advocating for a dedicated Cyber Police Force
Those arguing for a separate Cyber Security Police contend that cybercrime needs dedicated first responders focused on digital forensics and virtual jurisdiction. Just like economic offences are handled by the Central Investigation Bureau (CIB), cybercrimes require technical expertise and procedures beyond regular police training.
They point out that the Nepal Police’s current Cyber Bureau with about 15-20 personnel is understaffed and underequipped. For a country with over 20 million internet users and thousands of cyber incidents annually, a handful of cybercrime investigators are overwhelmed.
Modelled on India’s strong Cyber Crime Coordination Centre which has more than 15,000 workforce, they propose a large centralised Cyber Police organisation with regional cyber labs, dedicated courts and thousands of trained personnel.
The envisioned benefits of such a specialised force include:
- Attracting talent with the right technical skills, coding knowledge and tools for investigating digital crimes. Training regular police officers on rapidly evolving technologies is difficult.
- Focused procedures and infrastructure like labs, dedicated servers and software tailored for cyber forensics, online monitoring, evidence storage/retrieval etc. Mainstream police stations lack these capabilities currently.
- Officers are empowered to swiftly issue digital warrants, collect electronic evidence across private networks and take down unlawful content. Regulatory gaps impede this currently.
- Developing intelligence on dark web activities, child pornography circles, extremist forums etc. by infiltrating online criminal ecosystems.
- Providing easy public access and grievance redressed through dedicated cybercrime reporting channels.
- Superior response time and expertise during major cyber incidents like national-level ransomware attacks, website defacements etc.
- Collaborating with global entities like INTERPOL to combat Trans border cybercrime through joint investigations, legal assistance etc. which regular police lack exposure to.
With the cyber threat landscape evolving rapidly, having a dedicated specialised force seems essential to avoid being continuously outpaced by tech-savvy adversaries.
Those arguing against a separate Cyber Police posit that cyber security is a complex domain requiring multi-dimensional strategy and coordination beyond just law enforcement. Rather than siloed reactive responses, they recommend establishing a centralised National Cyber Security Authority (NCA) under the PMO to drive policies and build collective capabilities.
The establishment of a central cyber security authority in Nepal holds the promise of spearheading a holistic and tailored approach to various cyber security initiatives. This authority would start by formulating a national cyber security strategy, leveraging global best practices while adapting them to Nepal’s specific needs and constraints.
By doing so, it can create a roadmap that aligns with the country’s unique cyber security challenges, ensuring a more effective response to emerging threats. One of the key functions of this central authority would be to maintain 24×7 situational awareness.
This means actively monitoring cyber threats across various domains, including the surface web, dark web, and adversary groups. This real-time monitoring is crucial because it enables the authority to detect and respond promptly to cyber incidents, minimising potential damage and loss.
In addition to monitoring, the central authority would play a pivotal role in disseminating critical information. It would issue advisories, alerts, and guidance to both government and private sector organisations. This proactive communication can help raise awareness and readiness levels, fostering a safer digital environment for everyone.
Time to act
For a country like Nepal, grappling with resource constraints and technology gaps, the establishment of an empowered National Cyber Security Authority (NCA) emerges as the prudent initial step. This approach aligns better with Nepal’s specific context and requirements in several key ways: Firstly, the financial aspect is crucial.
Setting up a dedicated Cyber Police force akin to India’s would demand substantial investments, encompassing training, tools, infrastructure, and a considerable workforce, a burden Nepal cannot presently bear. In contrast, an agile NCA, comprising select experts advising stakeholders, offers a more financially feasible option for establishment and operation. Secondly, considering Nepal’s fledgling cyber security ecosystem, a coordinated strategy should take precedence over individual capabilities.
The NCA can serve as a platform to harmonise perspectives from various sectors, including law enforcement, the military, banks, private companies, and more, thus facilitating the formulation of joint priorities and protocols.
Of course, having an NCA does not preclude developing a dedicated Cyber Police force as the next stage of evolution. The NCA can lay the strategic foundations and then support the targeted capability enhancement of an elite cybercrime investigation force. But currently, Nepal’s nascent cyber security posture necessitates sound policies, public-private cooperation and basic awareness building first. An empowered National Cyber Security Authority seems the most optimal single intervention to drive this mission nationally in a resource-efficient manner.
Nepal has become more reliant on digital technologies, so it is important to have a robust cyber security framework in place to protect the country from cyber threats. The NCA plays a central role in developing and implementing this framework. In 2019, Nepal experienced a major cyber attack that targeted government agencies and private sector organizations. The attack was carried out by a group of hackers known as Lazarus Group.
Lazarus Group is a North Korean-linked hacking group that has been linked to a number of high-profile cyber attacks around the world. The attack in Nepal was successful in compromising the systems of a number of government agencies and private sector organisations. The hackers were able to steal sensitive data, including personal information about Nepali citizens and financial information about Nepali businesses.
Nepal’s exponential surge in cyber threats leaves us no choice but to prioritize long-term solutions. While a dedicated cyber security force seems intuitively appealing, building capabilities systemically through an overarching authority may be strategically wiser given current resource realities and the nascence of our cyber security posture. Building indigenous capacity backed by pragmatic policies and public awareness is key to securing our cyber future in the 21st century.