Unlocking Nepal's Digital Potential: Overcoming

Security Hurdles in the Age of Digitalization

Author: Aayush Poudel

Date: 24 February, 2023

Abstract:
Digitalization is the application of information and communication technologies (ICTs)
to fundamentally alter various spheres of society, including governance, the economy,
education, health, and culture. Digitalization is now widely acknowledged as an
important driver of innovation and development in many nations around the world.
Similarly, Nepal, a South Asian landlocked country with a population of 30 million, has
also initiated several policies and programs to enhance its social and economic progress
through digital transformation. However, digitalization also comes with risks and
challenges that call for effective mitigation in order to maximize its advantages and
reduce its disadvantages. One of the biggest obstacles to Nepal's digitalization efforts is
security. Protecting information, systems, networks, and people from unauthorized
access, misuse, manipulation, or destruction is the goal of security. Security is critical for
establishing trust, confidence, and dependability in digital platforms and services.
Inadequate security measures in digitalization can expose Nepal to a variety of threats
such as cyberattacks, data breaches, identity theft, fraud, and scams.
In this report, I will analyze how security hinders the promise of digitalizing Nepal by
examining three main aspects:
(1) The current state of security in Nepal's digital landscape;
(2) The impacts of security issues on Nepal's digital development; and
(3) The possible solutions and recommendations for improving security in Nepal's
digitalization process.

Current State
Throughout the last decade, Nepal has made great progress in developing its ICT
infrastructure and access. According to the World Bank[1], Nepal had 152 mobile
cellular connections per 100 population in 2019, up from 13 in 2009. Similarly, internet
users grew from 3 per 100 people in 2009 to 25 per 100 people in 2019. Furthermore,
Nepal has started various projects to improve digital governance[2], including
e-procurement , e-taxation, e-passport, and e-health. The government has also
developed policies such as the Digital Nepal Framework (DNF)[3] and the National
Broadband Policy (NBP) to guide its aim of creating a digitally inclusive society.
Despite these accomplishments, Nepal currently confronts numerous hurdles in
protecting the security of its digital landscape. According to a Freedom House
assessment[4] from 2020, Nepal received only 40 out of 100 points on internet freedom
measures, meaning that it is "partly free" online. The research noted various challenges
limiting internet freedom, including legal limits on online content, a lack of data
protection regulations, government surveillance techniques, and hacker cyberattacks.
Furthermore, according to a study by Kaspersky Lab [5], Nepal ranked among the top
ten countries with highest malware infection rates in the Asia Pacific region [5]. The
study found that more than 40 percent[5] of Nepali users encountered at least one
malware attack in 2018 [5]. In February 2023[6] alone, about 1,500 government
websites were shut down by hackers, which also affected flights from the Tribhuvan
International Airport, raising questions over Nepal’s cybersecurity infrastructure.
Moreover[8], Nepal ranks among the lowest countries in terms of cybersecurity
readiness according to the Global Cybersecurity Index, which measures legal
frameworks (LF), technical capabilities (TC), organizational structures (OS), capacity
building (CB), and cooperation mechanisms (CM) for cybersecurity.
These statistics show that security is a major concern for Nepal's digital landscape.
Without proper safeguards, Nepal's ICT infrastructure and services are vulnerable to
various threats that can compromise their functionality, integrity and availability.
Moreover, security is not only a technical issue but also a social, political and legal issue
that involves multiple stakeholders such as government agencies, private sector
entities, civil society organizations, academia, media and citizens. Therefore, security
requires a holistic approach that encompasses all dimensions of digitalization.

Impacts of security issues on Nepal's digital development

Security issues can hinder the promise of digitalizing Nepal by affecting its social and
economic development goals. Some of the negative impacts are:

● Loss of trust: Security breaches can erode public trust and confidence in digital
services and platforms. For example, in February 2019 [7], hackers stole more
than Rs. 400 million [7] from two Nepali banks through ATM frauds [7]. This
incident raised questions about the safety and reliability of online banking
systems and deterred customers from using them. Similarly, in April 2020 [8], a
hacker leaked personal data [8] of more than two million Nepali citizens [9]
collected by an online food delivery platform called Foodmandu [9].This incident
exposed the vulnerability of personal data [9] and violated the privacy rights of
users [9]. Such incidents can undermine public trust and confidence in digital
services and platforms and discourage their adoption and usage.
● Loss of revenue: Security breaches can also cause financial losses for both public
and private sector entities that provide or use digital services and platforms. For
example, in 2017 [10], hackers attacked Nepal Telecom's website[10] and
demanded a ransom of $10,000 [10] to restore it. This incident disrupted the
service delivery and reputation of Nepal's largest telecom operator. Similarly, in
2018 [11], hackers stole more than $1 million [11] from Prabhu Bank's SWIFT
system, which is used for international money transfers. This incident affected
the bank's liquidity and credibility. Such incidents can result in significant
financial losses for both service providers and users.
 ● Loss of opportunity: Security breaches can also limit the potential benefits of
digitalization for Nepal's social and economic development. For example,
digitalization can enable better access to education, health care, information,
markets and opportunities for Nepali citizens, especially those living in remote or
marginalized areas. However, without adequate security measures, these
benefits can be compromised by various risks such as cyberbullying, online
harassment, misinformation, fake news and cybercrime. These risks can affect
the quality, accuracy and relevance of online content and services and hamper
their positive impacts on society.

Therefore, security issues can hinder the promise of digitalizing Nepal by affecting its
trust, revenue and opportunity. These impacts can undermine Nepal's efforts to achieve
its development goals such as poverty reduction, inclusive growth, good governance
and social justice.

Possible Solutions
To overcome the security challenges and realize the promise of digitalizing Nepal, there
is a need for a comprehensive and coordinated approach that involves multiple
stakeholders and actions. Some of the possible solutions and recommendations are:

● Strengthening legal framework: There is a need to enact and enforce laws and
regulations that protect data privacy, cybersecurity, intellectual property rights,
online freedom of expression and other aspects related to security in the digital
landscape. For example, Nepal has drafted The Privacy Act, 2075 [12] that aims
to regulate the collection, processing, storage and transfer of personal data by
public or private entities. However, the bill has not been passed by parliament
yet. Similarly, Nepal has ratified several international conventions on
cybersecurity such as Budapest Convention on Cybercrime [13] and SAARC
Convention on Cooperation in Combating Cybercrime [14]. However, there is a
need to harmonize national laws with these conventions and implement them
effectively.
● Building technical capacity: There is also a need to enhance technical capacity of
both public and private sector entities to prevent, detect and respond to security
threats. For example, there is a need to upgrade ICT infrastructure and systems
with latest security features and standards. There is also a need to establish and
strengthen institutions and mechanisms such as Computer Emergency Response
Team (CERT), Cybercrime Investigation Bureau (CIB) and National Information
Security Council (NISC) that can monitor, report and resolve security incidents.
Moreover, there is a need to train and educate ICT professionals and users on
security best practices and awareness.
● Fostering multi-stakeholder collaboration: There is also a need to foster
multi-stakeholder collaboration among government agencies, private sector
entities, civil society organizations, academia, media and citizens to address
security issues in the digital landscape. For example, there is a need to create
platforms and forums for dialogue, consultation and coordination among
different stakeholders on security policies, standards and initiatives. There is also
a need to promote public-private partnerships for sharing resources, expertise
and information on security matters. Furthermore, there is a need to engage and
empower citizens as active participants and beneficiaries of digitalization by
raising their awareness, literacy and skills on security issues.
● Enacting and enforcing appropriate laws (LA)and regulations (RG) that protect
data privacy ,data sovereignty, and intellectual property rights(IPR). LA and RG
are legal frameworks that define the rights,responsibilities,and obligations of
various actors in cyberspace.They also provide mechanisms for dispute
resolution,sanctions,and remedies.LA and RG can help Nepal to protect its
citizens’ personal data from unauthorized access,disclosure,and misuse;to
safeguard its national interests from foreign interference;and to encourage
innovation
● Establishing a national cybersecurity agency (NCA) that coordinates, collaborates,
and communicates with other relevant actors on cybersecurity issues. A NCA is a
central authority that oversees and manages the implementation of the NCS. A
NCA can help Nepal to streamline its cybersecurity governance structure,
enhance its technical capabilities and human resources, respond to cyber
incidents effectively, raise awareness and education among all stakeholders,
foster innovation and entrepreneurship in developing local solutions and
products for addressing cybersecurity challenges. According to the draft National
Cyber Security Policy 2021, Nepal plans to form a direction committee under the
Ministry of Communication and Information Technology (MoCIT) as well as an
executive committee under the National Information Technology Center (NITC)
for overseeing cybersecurity matters.
● Developing and implementing a national cybersecurity strategy (NCS) that
defines roles, responsibilities, and goals for enhancing cybersecurity across all
sectors. A NCS is a comprehensive document that outlines the vision, mission,
objectives, principles, and actions for ensuring a secure and resilient cyberspace.
A NCS can help Nepal to align its cybersecurity efforts with its national priorities,
coordinate among different stakeholders, allocate resources efficiently, monitor
progress and evaluate outcomes. According to the National Cybersecurity
Policy[15] 2016, Nepal has been working on developing technical guidelines and
other components of a NCS.
Conclusion
Digitalization has the potential to transform Nepal's society and economy by enhancing
its development and innovation. However, digitalization also poses various challenges
and risks that need to be addressed effectively to ensure its benefits are maximized and
its harms are minimized. One of the major challenges facing Nepal's digitalization
efforts is security. Security refers to the protection of data, systems, networks and
people from unauthorized access, misuse, manipulation or destruction. Security is
essential for ensuring trust, confidence and reliability in digital services and platforms.
Without adequate security measures, digitalization can expose Nepal to various threats
such as cyberattacks, data breaches, identity thefts, frauds and scams.
Therefore, Security is not only a challenge but also an opportunity for digitalizing Nepal.
By addressing security issues effectively, Nepal can enhance its resilience,
competitiveness and prosperity in the digital age.

References
1. World Bank DataBank: World Development Indicators | DataBank
2. Digital Governance in Federal Structure:
https://www.npc.gov.np/images/category/Digital_Governance_in_Federal_Structure.pdf
3. Digital Nepal Framework:
https://ictframe.com/digital-nepal-framework/
4. Freedom House:
https://freedomhouse.org/country/nepal/freedom-net/2020
5. Kaspersky Lab:
https://www.kaspersky.com/about/press-releases/2019_apac-nepal-among-top-10-count
ries-with-highest-malware-infection-rates-in-apac-region-kaspersky-lab-report
6. The Kathmandu Post:
https://kathmandupost.com/science-technology/2023/02/24/building-nepal-s-resilience-t
o-tackle-cyber-threats
7. The Kathmandu Post:
https://kathmandupost.com/money/2019/02/25/hackers-steal-over-rs400-million-from-t
wo-banks-through-atm-fraud
8. Mondaq: Introduction To Digital Security Laws In Nepal
9. The Himalayan Times:
https://thehimalayantimes.com/nepal/personal-data-of-over-2-million-foodmandu-users-
leaked/
10. Republica:
https://myrepublica.nagariknetwork.com/news/hackers-demand-ransom-to-restore-nepa
l-telecom-s-website/
11. The Himalayan Times:
https://thehimalayantimes.com/business/prabhu-bank-suffers-usd-1-million-loss-in-swift
-hacking/
12. Law Commission Nepal The Privacy Act, 2075 (2018)
13. Budapest Convention on Cybercrime: Budapest Convention - Cybercrime
14. SAARC Convention on Cooperation in Combating Cybercrime:
http://saarc-sec.org/userfiles/conv-cybercrime.pdf
15. Nepal Cyber Security Policy Draft: National Cybersecurity Policy, 2016