On Saturday, Magh 14, 2079, more than 400 government websites were abruptly shut down for nearly five hours. The department of immigration and passports' online services were unavailable when the website was shut down. Thousands of international flights were canceled on that day, and 11 airline aircraft were impacted. The National Information Technology Center served as the host for all of the closed government websites.
It was once reported that a cyberattack on the data center by numerous different websites had caused the government websites to fall offline. Although the National Information Technology Center (NITC) has stated that a DDOS (Distributed Denial of Service) assault is to blame for the server being down, a thorough investigation and research report have not yet been published.
The center's executive director, Pradeep Sharma Paudel, claims that since issues began to arise on the official website, the National Information Technology Center has increased its vigilance and is carrying out the appropriate investigations.
Many issues began when the nation's federal data center itself went offline. Some believed it to be a cyber attack, while others thought the lack of “dual internet access” was to blame (two or more options for internet connection).
Who is attacking and why from where, according to NITC Deputy Director and Information Officer Ramesh Pokharel, “is under investigation.” He claims that on Saturday, January 14, due to the absence of an engineer in the office, the websites were shut down for a considerable amount of time due to a cyber attack (DDOS attack).
He replied that the government website had been shut down because of simultaneous attacks from several sites and a lack of personnel to stop them. He asserts that since current monitoring has been carried out with adequate staff, resources, and equipment, the risk of going down has been diminished.
Anybody wants to criticize the government, in his opinion. He thinks that some hackers are able to pull this off because they have this delusion that by attacking a government website, they would gain popularity. He claimed that other strategies are being developed to stop similar issues from happening again. He said he was seeking for a substitute for cyberattacks, particularly during data migration.
The website of the Tribhuvan International Airport's immigration department, which is regarded as vital in the nation, fell down about 23 days later, or on February 8. There was an issue with issuing the visa during the server outage, which lasted for around an hour and a half. When the immigration office's system went down, at least six international planes with at least 1,000 people on board were impacted.
Although the department workers completed the tasks “manually” for the Indian and Nepalese passengers, the tasks for the foreign nationals could only be completed using software, therefore they had to wait an additional three hours at the airport. Even a month after the downtime of the aforementioned server, no report has been released. According to the initial assessment, the server is down because there is no “dual internet” capability.
The immigration office's information officer, Ganesh Acharya, stated that since there are numerous sub-systems inside the immigration division, it is unclear which one was affected by the server's issue. A cyber attack event is allegedly being investigated at the admissions department.
These are merely illustrative instances. These cyberattack instances occur often. But how many reveal themselves, and how many do not.
With the numerous attacks on government websites, curiosity and worry about the security of data centers that house crucial data and information for all residents and government departments started to spread across the country.
The current government's spokeswoman and Minister of Communication and Information Technology, Rekha Sharma, has been speaking about it and expressing more interest in the situation where the majority of the government's websites are down. Not just Minister Sharma, but a number of MPs have voiced worry over this during the House of Representatives meeting.
But, Pradeep Sharma Paudel, the director of the National Information Technology Center, insists that the information held by the Nepali government is secure. According to Paudel, the head of NITC, the data center has effective physical security because it is a part of the Singhdarbar complex. Access control, biometric security, access record management, round-the-clock CCTV monitoring, and staff management have all been established to regulate access.
Why wasn't the report released?
Despite the fact that it was a significant cyberattack, it has taken months for government officials to identify its core cause. Experts in cyber security have argued that government
According to Vivek Rana, a cyber security specialist, there is no foundation for determining whether or not the system is down owing to a cyberattack. He claims, “Whether the site is actually down or not, there is no investigation into how it went down, why it went down, and there is no proof that government sites are down as a result of cyber attacks. It is assumed that this disease has been contracted directly. Drugs are being bought and consumed in a hurry. There is a lot of business going on here with symptomatic drugs.
Another cyber security specialist, Vijay Limbu, agrees with Rana that the government withheld the study because it served the interests of some government officials.
Limbu clarifies this further by saying, “Nobody has had the chance to thoroughly research the causes of Nepal's cyberattacks. Because the Nepali government covers up every cyberattack, regardless of how many there have been. They don't divulge information to the public. What sort of assault? when it originated, from which IP address, what the goal of the cyberattack was, and whether it has to be reported. That still hasn't been given.”
By comparing the cyber attack incidence with other mishaps, Limbu believes that the study should be made public. “Just like when a plane crashes, it is analyzed in detail and reviewed by an inquiry committee,” he says “that reduces the likelihood of further accidents. The report, however, never appears when a nation's important data center or website is attacked.”
“Even not publishing the report is inappropriate in their eyes. More than a month has passed since then. The report hasn't been out yet, though. Such reports can be studied to learn more about what actually occurred. To prevent such attacks, other agencies can be informed. But they haven't turned in the report “He continues.
The report has not been released or has not reached the persons who are waiting for it, according to Paudel, head of NITC.
“The preliminary inquiry report has been delivered to the ministry of Communications. He continued, “We have sent the report to the Prime Minister's Office and the Ministry of Communications. The inquiry committee and task force established for this purpose will prepare a report after further investigation. They lack aptitude. They are still being investigated for how much. They are so private and sensitive. Thus, there is no method to extract them.”
After a preliminary inquiry, according to Paudel, the Nepal police, Nepali Army, senior government officials, and other specialists acknowledged that the cyberattack was a DDOS attack “The Ministry of Communications and the Prime Minister's Office have both received the report they generated. The event was a DDOS attack, it has been established. The task force is engaged in that mission because it will take a substantial amount of time to investigate to determine who did it, why, and where “said he.
According to him, the government's inability to effectively address these issues is due to a lack of funding, resources, and other resources that prevented the development of a robust cyber security system.
“It has taken some time to manage the necessary resources, equipment, and other stuff,” he stated, “because the demand for the digital system has rapidly surged during the past two or three years.”
What are some potential reasons why cyberattacks happen?
Cyber attackers plan their attacks for a very long time, according to Rana, a cyber expert, and prepare for them by determining when the attack will have the most impact or whether their goal will be achieved. Rana says that the issue of the frequent occurrence of cyber attacks on the country's major servers should not be taken lightly.
Learn first. Those who are new to the subject of cyber assaults, they carry out such attacks to gauge their interest and expertise, while the other two groups of participants are those who have experience with the attacks.
In the second group, there are also professional cybercriminals who plan and execute their cyberattacks with the express purpose of extorting money, obtaining the data from government websites, disrupting the service, or damaging the site's functionality.
Similarly, the list's last section includes “State Supported Attackers,” which refers to the categories of cybercriminals that operate from any nation.
Weak security systems
Many tests by Rana and Limbu have demonstrated that it is feasible for hackers to attack and bring down the server due to weaknesses in the system. specialists claim that the site will not be brought down if the system is dependable, regardless of the cyber attack.
The security architecture in IT is the comprehensive system used to defend an organization's IT infrastructure from cyber threats. Based on their study, they claim that the function of data center security architecture is significant for cyber attack risk.
It contains all standards, practices, and standard operating procedures used to prevent, investigate, and detect risks and specifies how IT professionals should apply security protocols.
Rana clarifies that “no matter how much cutting-edge technology is implemented, if the security architecture is poor, there is a risk of cyber attack” while discussing the government's security architecture in Nepal.
Absence of essential resources
Yet, the security analysis shows that the server is down when the resources needed to run it are not available.
Limbu claims: “Due to a lack of dual internet access, it occasionally goes down. Since there is only one internet option, and that internet stops working, the website goes down. There have been occurrences of sites falling offline even when there is no power supply because of poor power management. The internet connectivity is good based on some recent events. If not, it can be presumed that the server is down as a result of a lack of resources for the server, a lack of resources for the network architecture, or an improper planning strategy.”
Many contend that regardless of what the experts predict, the truth won't be known until the government issues a report on the subject.
How common are DDOS attacks and how effective are they?
DDoS Attack, which stands for “Distributed Denial of Service Attack,” was the primary cause of the government server going down during the initial probe, according to NITC chairman Paudel.
For instance, a DDoS attack can use thousands of computers infected with malware to send fake requests to a website, causing the site to load slowly or not at all. In this type of cyber attack, the general traffic of the target server, service, or network is affected by collecting internet traffic from many sources and affecting such sites and services.
What should be done to stop DDOS attacks?
To decrease the frequency of DDOS attacks, security expert Limbu advises the government to adhere to the three fundamental principles of cyber and information security, which are “Confidentiality,” “Integrity,” and “Availability.”
Confidentiality refers to attempting to access data illegally, availability refers to interfering with digital activities, and integrity refers to not tampering with data.
Cyber attacks typically try to gain illegal access to a system to steal sensitive or secret data, change or delete data and misuse it, demand user ransom, or interfere with daily operations.
If these three indicators can be controlled, in Limbu's opinion, cyberattacks can be decreased.
“A strategy is all these things need,” claims Limbo “It's crucial to implement a plan that prioritizes availability, secrecy, and integrity. An effective cyber security plan is necessary for this.”
In addition, Rana believes that the government ought to focus more on security architecture “Even with an iron door on the outside, a weak wall, or a weak inside system, “criminals” can still get inside. We had to pay attention to the architecture because of this “Added he.
The effective use of “people,” “process,” and “technology.”
Similar to this, Limbu said that PPT—people, process, and technology—should be the three pillars of cyber security “You should select individuals with experience in not just one area of cyber security, but in a number of areas, when hiring staff for security. Who can safeguard that data center? “asked he.
“We then require a procedure. Our Nepali government is way behind in June. They don't have any relevant policies. say, how to maintain the protective layer. A “cyber prevention” policy was then required. Both an incident response policy and a detection policy are required. The assault keeps going. In that situation, a strategy for reducing the onslaught is required. They had to remove the maturity of the team's internal capabilities after such policies. They claim that the government of Nepal's data center is secure. What evidence do they have for that claim? What age would you consider them to be? He continued, “Maturity level certificates can be obtained according to the effectiveness.
According to Limbu, there isn't enough policy in place to ensure the security of the cyber security system.
Technology is only required once something is completed. Does the government require a defense layer that includes an intrusive detection system? Are perimeter firewalls necessary? Do you need antivirus software? Are web application firewalls necessary? Does the protection of SIM and data require the DLP system? He said that the only way we can proceed is by developing a precise plan.
Since the report has not been released, new concerns about cyber security have been raised because it is unclear in this case whether the government has conducted an investigation into the cyber attack.
With outrage, Limbu says, “The type of attack and what is occurring should be documented, and after a thorough investigation, the report should be made public to alert other agencies and lessen potential threats while the nation's server is down.
By doing this, reports can be used to inform people who work in the field of cyber security as well as the general public.
Experts recommend directing the nation's manpower by developing criteria for what kind of knowledge cyber security professionals should have for protecting government data centers rather than relying entirely on foreign manpower to avoid assaults on these facilities.
Three cyber security firms from Nepal, Bhairav Technology, Cryptogen Nepal, and Green Tick Nepal, were chosen in 2022 as part of the top 250 cyber security firms in the world.
The risk of cyber security can be decreased if we move forward by working with the country's cyber security organization, according to Limbu, who claims that it can give all the software, tools, and testing divisions necessary for government sites.
What steps will be made to stop Nepali cyberattackers?
Sections 45 and 46 of the Electronic Transactions Act 2063 appear to be of interest to those who carry out cyberattacks.
According to Article 45 of the Act, “If a person uses the computer with the intention of gaining access to any program, information, or data contained in a computer, or even in the case of obtaining authorization, gaining access to any program, information, or data other than what is authorized,” he will be punished with a fine of up to two lakh rupees or imprisonment for up to two years.
In a similar vein, Article 46 “A fine of up to two lakh rupees or a term of up to three years in prison, or both, may be imposed on anyone found guilty of willfully destroying, damaging, deleting, altering, rendering unusable, reducing the value and use of, or inciting another person to commit, any of the aforementioned acts with the intent to wrongfully harm any organization.
Santosh Sigdel, an attorney and the founding president of Digital Rights Nepal, claims that these arrangements are ineffective because cybercriminals are not necessarily nationals of the country.
He clarifies, saying, “Foreign Jurisdiction has been arranged in Nepal under the Electronic Transactions Act, which means that even if there is a cyber attack from anywhere in the world, the attacked computer, computer system, or computer network system is located in Nepal, if the cyber attack person is according to Nepali law, it means that he will be punished.
“The government does not have the mechanism to find the people involved in the attack and reach them. Even if something is found, there is no provision to bring the accused to Nepal,” he continues, “and Nepal has not yet become a member of any cybercrime treaty or convention. There should be a mutual legal assistance agreement with other countries to effectively deal with these types of crimes that attract foreign jurisdiction.
He emphasized that the absence of such agreements makes it challenging to bring in cybercriminals from other nations to this region.
What actions must be taken to secure the cyber security system?
Several security standards are adopted in developed nations like the United States, the United Kingdom, and Russia for the protection of data centers, servers, and other IOT (Internet of Things) devices.
In addition, since different nations view cyberattacks as serious crimes, it is evident that no one dares to launch a cyberattack. Here are a few of the most significant ones. In addition, developed nations follow the following practices to protect their cyber security systems:
1) Having firewalls available
Servers and networks are secured by firewalls, which can be hardware- or software-based systems. It controls, filters, and stops unlawful traffic as it enters the network or server. The data center, server, and network may all be kept secure by putting such a system in place.
Data is transformed into code through the process of encryption to prevent unauthorized access. This method is typically used in situations when there are a variety of sensitive, private, and financial data.
Use of a virtual private network (VPN).
A secure and encrypted network connection over the Internet between two devices is known as a VPN. It can be used to keep data, servers, and networks secure.
4) Access management
Access control is a security technique that restricts access to cyber systems and data to those who are permitted.
5. The Instruction Detection System (IDS)
An IDS is a program that controls shady network behavior. This technology alerts you to any questionable activity if it is detected. Also, this system has the ability to blacklist any questionable IP addresses.
6) Physical Protection
It is also crucial to ensure the physical security of the numerous physical components and equipment in the data server. The potential of theft and destruction is high, especially given how valuable these materials are. Security is therefore required on both a physical and virtual level.
The server's resources should all be backed up. such that it can be altered promptly and a new one installed when any device or system is attacked. In addition, in a cyber assault, the equipment utilized is infected (weaknesses, containing viruses and malware).
The risk of a cyber attack is great if all three gadgets are used without being tested first. This is fixed by quickly replacing the infected device and installing a new device as a backup. As a result, the likelihood of cyber assaults caused by earlier deficiencies is diminished.
8) Effective use of personnel, equipment, and procedures
In cyber systems, PPTs—People, Process, and Technology—are given considerable weight. Only with a balance between these three components can cyber security be effective. As a result, for server and data center security in industrialized nations, PPT principles are given a higher prominence.