In the age of Information and Communication Technology (ICT), the world has witnessed remarkable advancements, offering opportunities and conveniences to individuals, businesses, and governments alike.
However, with these technological leaps, the spectre of cybercrimes and threats looms large, necessitating the formulation and enforcement of robust cybersecurity laws.
In the absence of traditional policies addressing the vast realm of cyberspace, criminals have exploited ICT advancements, demanding international collaboration to combat the borderless nature of cybercrime.
Law, often described as a system of rules with binding legal force, plays a pivotal role in maintaining societal peace and order. In the context of cyberspace, it gives rise to what is commonly referred to as cyber law or the law of the internet. This evolving field within international law aims to address a myriad of illegal activities in cyberspace, including cyber-bullying, piracy, hacking, and more.
Nepal, recognising the importance of safeguarding its cyberspace, has put in place a comprehensive legal framework. The constitution of Nepal, adopted in 2015, guarantees fundamental rights related to cyber activities, including the right to information, the right to communication, and the right to privacy.
The Electronic Transactions Act (ETA) of 2008, Nepal’s first cyber law, legalises electronic communication and transactions, covering electronic records, digital signatures, computer networks, and offences related to cybercrimes.
In the realm of cybersecurity, Nepal has embraced various legal instruments, acts, policies, and guidelines to govern cyber activities. These include the Online Child Safety Guidelines issued by the National Telecommunication Authority (NTA) to prevent child abuse through ICT, and the Copyright Act of 2002, which protects copyright, including computer programmes. The Individual Privacy Act of 2018 safeguards the right to privacy in Nepal, prohibiting the transfer of personal data without the owner’s consent.
Nepal has also been proactive in addressing the challenges posed by the rapid growth of technology. The Information Technology Bill of 2019, currently in the finalisation process, aims to replace the Electronic Transactions Act as the primary law for cyberspace. However, concerns have been raised about potential limitations on freedom of expression, violation of data privacy, and increased surveillance.
To bolster cybersecurity, Nepal introduced the Cyber Security Byelaw in 2020, framed by the NTA under the Telecommunications Act. This byelaw aims to implement cybersecurity standards, protecting ICT infrastructure and information systems from malicious attacks. It mandates regular security audits for Telecommunication and Internet Service Providers, promoting a robust cybersecurity ecosystem.
The National Security Policy of 2016, issued by the Ministry of Defense, recognises the misuse of science, technology, and modern equipment as factors influencing national security. It identifies the abuse of modern technology in crimes as challenges and threats related to law and order.
In line with the Digital Nepal vision, the National Information and Communication Technology Policy of 2015 addresses cybersecurity and law issues, proposing the establishment of an IT Tribunal system, a Computer Emergency Response Team (CERT), and a cyber-security cell.
The National Cybersecurity Policy of 2016, drafted by the Ministry of Information and Communications Technology, aims to govern and address global challenges in cyberspace. It proposes the establishment of the National Cyber Security Strategy Working Group and the National CERT of Nepal, responsible for providing cybersecurity services to various entities, including the government, law enforcement agencies, businesses, and the public.
Institutional mechanisms in Nepal play a crucial role in enforcing and implementing cybersecurity measures. The Office of the Controller of Certifying Authority, established in 2007, licenses Certifying Authorities (CAs) under the Electronic Transactions Act, creating a secure environment for internet, email, and online transactions. The National Information Technology Center (NITC), established in 2001, serves as a data bank, assists in computerising governmental records, and implements e-services.
The Cyber Bureau Nepal, a part of the Nepali Police, is tasked with investigating cybercrimes, coordinating and cooperating on cybersecurity, preparing police manpower for cybercrimes, and exchanging information nationally and internationally. Accessibility for reporting cybercrime complaints is enhanced through email communication at [email protected].
Collaboration with non-governmental organisations and industry associations is essential for a holistic approach to cybersecurity. The Internet Service Providers’ Association of Nepal (ISPAN), established in 1998, works closely with the NTA, Nepal Telecom, and the Ministry of Information and Communications to address issues affecting ISP projects. The Information Security Response Team Nepal (NPCERT), established in 2016, acts as the nation’s flagship cyber defence, incident response, and operational integration centre.
Non-profit organisations like the Internet Society Nepal (ISOC, Nepal) and initiatives like the Cyber Security Research and Innovation (CSRI) contribute significantly to raising awareness and fostering innovation in cybersecurity.
ISOC, Nepal focuses on the concept of a “safe internet for all,” following international standards and addressing relevant topics. CSRI, established as part of the cybersecurity domain Research Program, plays a crucial role in delivering impactful industry-focused cybersecurity analysis findings and innovative solutions.
Challenges
Here are the challenges for safeguarding cyberspace:
- Limited awareness and education: One of the significant hurdles Nepal faces is the limited awareness and education regarding cybersecurity. Many individuals and businesses are unaware of potential threats and lack the knowledge to protect themselves effectively. This knowledge gap creates a breeding ground for cybercriminals to exploit vulnerabilities.
- Inadequate infrastructure: The country is grappling with inadequate technological infrastructure, hindering the implementation of robust cybersecurity measures. Insufficient internet penetration and outdated systems make it challenging to establish a secure digital environment.
- Lack of regulatory framework: Nepal’s regulatory framework for cybersecurity is still evolving. The absence of comprehensive and up-to-date laws and regulations leaves gaps that cybercriminals can exploit. A clear and enforceable legal framework is essential to deter cybercrimes and provide a basis for prosecution.
- Insufficient collaboration: Cyber threats are borderless, and effective cybersecurity requires collaboration across sectors and borders. In Nepal, there is a need for improved collaboration between government agencies, private businesses, and international organisations. Siloed efforts hinder the ability to share threat intelligence and respond promptly to emerging cyber threats.
- Shortage of skilled professionals: The shortage of skilled cybersecurity professionals is a global challenge, and Nepal is no exception. The demand for experts in this field far exceeds the supply. This scarcity hampers the country’s ability to develop and implement advanced cybersecurity strategies.
Suggestions
Here is a list of things to do for better cyberspace:
- Educational initiatives: To address the awareness and education gap, Nepal should invest in comprehensive educational initiatives. These could include cybersecurity awareness campaigns, training programmes for individuals and businesses, and the integration of cybersecurity education into the formal curriculum at all levels.
- Infrastructure development: Prioritising the development of technological infrastructure is crucial. Nepal should invest in upgrading its internet connectivity, supporting the adoption of secure communication protocols, and encouraging businesses to invest in modern and secure IT systems.
- Strengthening regulatory framework: The government should expedite the development and implementation of a robust regulatory framework for cybersecurity. This includes legislation that defines cybercrimes, prescribes penalties, and establishes mechanisms for reporting and responding to incidents. Regular updates to the legal framework are essential to keep pace with evolving cyber threats.
- Enhanced collaboration: Nepal should foster collaboration between government agencies, private sector entities, and international partners. Establishing a national cybersecurity coordination centre can facilitate information sharing, incident response, and joint efforts to combat cyber threats. Cross-border collaboration is equally vital to address threats that transcend national boundaries.
- Investment in skill development: Initiatives to bridge the skills gap should be a priority. The government, in collaboration with private sector partners, can establish training programs, cybersecurity academies, and scholarship opportunities to encourage individuals to pursue careers in cybersecurity.
In conclusion, Nepal has made significant progress in tackling cybersecurity issues through a strong legislative framework and institutional processes. The Constitution, as well as statutes such as the Electronic Transactions Act, indicate the country’s commitment to cybersecurity.
However, obstacles remain, such as low awareness, insufficient infrastructure, and the need for more collaboration. To solve these challenges, Nepal should prioritise educational activities, improve technology infrastructure, reinforce the regulatory framework, foster collaboration, and invest in talent development.
These steps will enable individuals, organisations, and the government to safely traverse the digital world, establishing a robust cybersecurity ecosystem to support the nation’s growth and security.