Why we need to step up our cyber-security game
Happy to see that our central bank, in view of cyber breaches in a few other countries and of previous experience, has cautioned all our banks to apply vigilance against cyber threats and possible fallout effects. However, we are still concerned for banks not taking adequate measures to tackle cyber failures and hacking. That too, after the central bank reserve heist and recent ATM/debit card frauds in a few large commercial banks.
A rights issue
In today’s world, information systems and network security have become a rights issue. Understanding the essential need of security, all developed countries have taken steps to address the problem. On the other hand, developing countries are far from being able to guarantee this right. Threats to the information society were emerging on the content level as well as on the network, endpoint, and physical levels. Information security could, however, not be achieved by technology alone.
In order to respond to network threats and create a secure information society, both comprehensive prevention measures and enforcement measures are necessary in people, process, and technology dimensions. The revolutionary development in the field of ICT has opened up new opportunities for developing countries to move forward in the path of progress by rationally exploiting its potential. The Bangladesh Ministry of Science, Information, and Communication Technology in the past and now the ICT Ministry have focused its attention to contributing to the reduction of poverty by strengthening education through applying ICT in rural areas.
Knowledge is power
Rural people, to an extent, are being given access to necessary information for better cultivation and marketing of their products. Citizens at large are expected to be empowered with the necessary information for efficiently performing their tasks. Knowledge has become a source of economic might and power, and therefore, there has been an increase in the number of restrictions on the sharing of knowledge and new norms of intellectual property rights.
The ongoing globalization and the intensely competitive environment have a significant impact on the production and services sectors. In view of this, Bangladesh’s science and technology system has to be infused with a new energy if it is to play a decisive and beneficial role in advancing the welfare of all sections of the population, most importantly the poor people. Keeping the aims and objectives in view, the ministry concerned has formulated some policies on protection of its growing cyber world from the unsolicited consequences.
The National ICT Policy, Cyber Law, and Electronic Ttransaction Act are already adopted. Appropriate education on computer alert and emergency responses are underway by the different agencies, including the government. Bangladesh is new in the cyber world only by accessing and using the cyber resources with immense interest by society where technology development and growth is merely in progress, although in highest attention.
The government has formed National Council for Science and Technology (NCST). The Executive Committee for NCST has also been formed to implement policies formulated by the council. The National Information and Communication Technology Policy has also given enormous importance to the development of ICT for capturing our share in the multi- billion-dollar software export market, for ensuring good governance, for enacting ICT-related policies, special allocation of funds for software projects, development of world-class ICT professionals, and the creation of a world-class ICT institution for championing excellence in the field.
To achieve this objective, a country-wide ICT-infrastructure is supposed to be developed to ensure access to information by every citizen to facilitate empowerment of people and enhance democratic values and norms for sustainable economic development by using the infrastructure of human resources development, good governance, e-commerce, banking, public utility services, and all sorts of on-line ICT- enabled services.
The National ICT Policy also includes issues of human resource development, the creation of ICT infrastructure, facilitating research and development on ICT, and the development of ICT industries on a priority basis. It has also highlighted the importance of hardware industries, e-commerce, e-governance, legal issues related to ICT, application of ICT in health care, application of ICT in agriculture to exploit the potential for development of the rural economy, and agro-business. Application of ICT in other areas like social welfare, transportation, and the judiciary system is also being highlighted.
Rules and norms
In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted a Model Law on electronic commerce. This is known as UNCITRAL model law of e-commerce. In conformity with UNCITRAL model law, Bangladesh has drafted an ICT law which has been approved by the highest authority in February 2005 to facilitate electronic commerce and to encourage growth and development of information technology.
The ICT law establishes rules and norms that validate and recognize contracts and forms through electronic means, sets default rules for contract formation and governance of electronic contract performances, defines the characteristics of valid electronic writing and an original document, provides for the acceptability of electronic signatures for legal and commercial purposes, and supports the admission of computer evidence in courts and arbitration proceedings.
In addition, the Copyright Law 2000 has been amended to include computer software. Bangladesh Computer Council (BCC), the apex body having the responsibility for the promotion of all sorts of ICT activities in the country, has been formed. The development of science and ICT depends on the expansion of the telecommunication sector. An independent telecom regulatory authority Bangladesh Telecommunication Regulatory Commission (BTRC) has been created. Like many other emerging economies, Bangladesh has limitations in access to information and the available access is not affordable because of the inadequacy of the existing infrastructure, as well as the non-availability of appropriate education.
The challenges are posed by the lack of an integrated computer security system and education about computer security. Hence, there is a need for cooperation, collaboration, and investment for security, which also develop the culture of security, creating all the necessary security assurances. As in business or any dealing, trust is important, and trust can be achieved when the practitioners feel that the transaction is secured.
Security from a business perspective must, therefore, be seen as a business and trust enabler, not as a cost. Our challenges are posed by the lack of an integrated computer security system, and education about computer security is therefore one of the most important issues. A nationwide campaign for spreading awareness about cyber-security should be run, and cyber-security should be a core component of educational curriculums at school level.
Further exploration activities are needed on standards for the security of information systems. In order to realize these objectives, the global partnership is indispensable. The backbone of Bangladesh’s economy is multiple manufacturing industries in garments, shipping, cements, and numerous other sectors. All these sectors in today’s pandemic scenario have also adopted digitized operating models in line with developing countries. Special research on business risk analysis and increase in cyber risk exposure should be conducted for businesses critical to the Bangladesh economy.
We also realize that research and development is more important for the Information Security Framework Program. At the same time, for a successful program, we need to have advisory functions that contribute to awareness- raising and co-operation, promote risk assessment methods and best practices, and follow standardization efforts, thus contributing to the development of a global approach to information security.
Cyber-crime legislation has been formulated. There is a serious need to have more projects on cyber-crime legislation and enforce capacity- building and training courses throughout the country. Policies of the country should also include privacy policies, trust marks, and other self-regulatory measures for the development of products and provision of services, and the implementation of the necessary measures for establishing consumer confidence.
Prevention is better than cure
We are increasingly getting into a digitized world or financial system. Covid-19 has in fact fast-forwarded this. Prevention is better than cure here. Only investment in robust processes and architecture can protect us from undesirable consequences, and build trust in society. As the world order is changing, Bangladesh is already a prominent investment destination in Asia and in the globe, and thus can leapfrog development by becoming a leader in niche areas like cyber-security.
Mamun Rashid is a partner at PwC. Views expressed in this article are his own.