It’s encouraging to read that the government understands the seriousness of the loss of $81 million dollars via the hacking of Bangladesh Bank, and that a cyber-security agency is going to be formed to prevent further disasters. Currently, information security in each government department is up to the internal IT staff of that department.
It is not surprising that the internal IT staff of various government departments have no idea of information security, as they have never been selected for that knowledge or trained in it. Rectifying this situation and urgently correcting many obvious information security-related problems within government offices at reasonable cost should be the job of the cyber-security agency.
Until recently, the sole responsibility of IT staff in government departments was maintaining PCs and network hardware, and purging viruses from out-of-date and often unlicensed/pirated copies of Microsoft Windows. The use of unlicensed/pirated/outdated operating systems in government offices is a huge security risk, and may have contributed to the Bangladesh Bank hacking.
Given the easily hackable use of Windows XP across government departments, the cyber-security agency needs to urgently undertake the task of replacing all the unlicensed/pirated software either with licenced copies of Windows or with free/open source equivalents
Government departments should never run unlicensed/pirated copies of MS Windows or any other software. Unlicensed copies of MS Windows are generally installed from old installation CDs of out-of-date versions such as Windows XP, which no longer gets security updates from Microsoft and so is impossible to protect from hacking.
However, there is no government body tasked with supervising the work of all the various IT staff of different government departments and stopping these high-risk practices. Identifying risky IT practices, retraining staff, and auditing security improvement should be the task of a government cyber-security body.
Given the prevalence of unlicensed/outdated, and consequently, easily hackable use of Windows XP across government departments, the cyber-security agency needs to urgently undertake the task of replacing all the unlicensed/pirated software either with licenced copies of Windows or with free/open source equivalents like Ubuntu Linux (www.ubuntu.com), Red Hat Linux (www.redhat.com), or Suse Linux (www.suse.com).
Buying Microsoft Windows will typically cost the government around $100 per computer -- if MS Office is purchased as well, the cost will come to around $400 per computer. For, perhaps, 50,000 government computers, the total cost would be around $20m (almost Tk160cr).
This is a significant expense, one that can be saved by using Linux on all government computers.
Linux comes with the free/open source LibreOffice, which is compatible with MS Office files, Thunderbird email, which is similar to MS Outlook Express, and Mozilla Firefox web browser. These can easily be used for all common office tasks.
Migrating tens of thousands of government computers to Linux and LibreOffice may seem like a daunting task, but these free/open source software are so easy to use that it is in fact quite simple.
Kazi Farms Group, and its associated media companies Deepto TV and Dhaka Tribune, as well as its CSR-supported university Central Women’s University, have already replaced MS Windows/Office with Linux/LibreOffice on over 1000 computers.
Practically every proprietary software anyone might ever need now has a free/open source equivalent.
Proprietary software companies often deride free/open source software as being insecure, but a 2014 study by the UK government’s security branch found that Ubuntu Linux was in fact the most secure of the 10 operating systems that they evaluated for government use (http://www.zdnet.com/article/).
Recognising this, in 2007, the French national police migrated their 90,000 computers to Ubuntu Linux. In 2015, the Italian Ministry of Defense announced that they would install LibreOffice on 150,000 computers, and it was also to be installed in 500,000 computers in various French government departments the same year.
Other governments around the world (including Germany, Spain, Russia, China, and India) have recognised the security and cost-savings of Linux/LibreOffice and have migrated from MS Windows/MS Office to varying degrees.
The Bangladesh government should also join this group of countries who are successfully asserting their digital independence from Microsoft and other multi-national software vendors.
The logic of migrating all government computers from outdated and unlicensed MS Windows/Office to Linux/LibreOffice is perfectly clear from both an IT-security and cost-reduction point of view; but hitherto there has been no government department with the job of looking at these issues. That should be the first task of the proposed national cyber-security agency.
Zeeshan Hasan is a director of Kazi Media, the company behind Deepto TV. He is also the managing director of Sysnova.