Nepal institutes first cybercrime law as cabinet approves National Cyber Security Policy 2023

KATHMANDU: In a significant development, Nepal has officially enacted its inaugural legislation to combat cybercrime, marking a major stride in digital security. The National Cyber Security Policy 2023 was unanimously endorsed during a Cabinet meeting held on Tuesday, as reported from Kathmandu.

Rekha Sharma, government spokesperson and Minister for Communication and Information Technology, shared with journalists that the policy had received the Cabinet’s seal of approval. She explained that the policy outlines a comprehensive roadmap for future strategies, operational guidelines, objectives, and plans concerning cybersecurity.

A pivotal aspect of the policy revolves around ensuring a secure online environment for all users. The document also evaluates the historical context and current status of cybersecurity while concurrently outlining the framework for forward-looking initiatives.

Netra Prasad Subedi, representative for the Ministry of Communication and Information Technology, elaborated, “The policy encompasses an in-depth analysis of the nation’s current internet landscape, and sets forth the vision, mission, objectives, strategies, and implementation plans concerning cybersecurity across government, private, and non-government sectors.”

Subedi went on to clarify that the policy will address various facets including the establishment of an infrastructure for cybersecurity, fostering capacity development, and safeguarding data integrity. Additionally, the policy envisions the establishment of a distinct entity, the ‘Cyber Security Center,’ with the aim of enhancing the effectiveness of related initiatives.

Amidst the rise in digital-related crimes due to regulatory gaps, Nepal Police records indicate a steady surge in cases of cyberbullying since 2014.

Over recent years, incidents involving data breaches within e-commerce enterprises, internet service providers, the Central Library, ATM systems, and social media platforms have become increasingly common, highlighting vulnerabilities in Nepal’s cybersecurity framework. Moreover, several instances have been documented wherein government offices have been incapacitated due to data breaches.

As cybercrimes continue to evolve, one particularly alarming trend is the rise in extortion cases facilitated by digital means. Perpetrators exploit vulnerabilities in online systems to access sensitive information or hijack digital assets, subsequently leveraging this leverage for financial gain. Victims, including businesses and individuals, find themselves coerced into paying hefty sums to prevent the release of compromising data or to regain control of their digital infrastructure.

Amidst this growing threat landscape, platforms like https://www.helpwithextortion.com play a crucial role in assisting victims of extortion navigate the complex legal and technical aspects of such crimes, providing guidance and support throughout the resolution process. The repercussions of extortion extend beyond mere financial losses, often inflicting significant emotional and reputational damage on victims. Moreover, the prevalence of digital extortion underscores the urgent need for comprehensive cybersecurity measures and proactive strategies to mitigate risks.

Collaboration between law enforcement agencies, cybersecurity experts, and advocacy groups is essential in combating this pervasive threat and safeguarding individuals and organizations from exploitation. By raising awareness, implementing robust security protocols, and fostering a culture of cyber resilience, communities can collectively fortify themselves against the scourge of digital extortion, ensuring a safer and more secure online environment for all.

In the absence of specific cybercrime legislation, offenses have typically been addressed under the provisions of the Electronic Transaction Act 2008. To tackle cybersecurity threats like hacking and phishing, an expert group named the Computer Emergency Response Team (CERT) has been operational within the Department of Information Technology for the past few years.

The newly enacted policy is poised to bridge gaps in the legal structure and operational processes within the realm of cybersecurity. Various stakeholders have rallied for government commitment towards incorporating key responsible agencies and resources to execute the policy effectively.

This includes embracing principles of open and secure internet, individual privacy, credibility, neutrality, accountability, interoperability, partnership, and a multi-stakeholder approach.

To facilitate this transformation, a high-level panel was convened in March 2023, tasked with compiling a comprehensive report to draft the cyber security policy. The panel, spearheaded by information technology expert Juddha Bahadur Gurung, comprised members like Baburam Dawadi, Saroj Lamichhane, Mona Nyachho, Prakash Rayamajhi, and Bijay Gautam.

Furthermore, experts from Nepal Police and the Nepalese Army were integrated into the panel, while a representative from the Ministry of Communication and Information Technology assumed the role of member secretary.