The American multinational technology company showcases its security wares

Cyber security: A workshop on cyber security and cloud services was conducted by American multinational technology company, Microsoft, in Thimphu, yesterday.

The workshop, attended by around 60 participants from the government and the private sector, focused on cybercrime and what Microsoft offers to counter it.

Microsoft head of legal and corporate affairs for Southeast Asia, Shalini Ratwatte, said that cyber crime had become the largest criminal activity today, and that it was no more a problem limited only to IT officers but one that now could equally affect the entire operations of an organisation.

She added that it would be a mistake to think that using a free email account in a country like Bhutan meant that a hacker would not be interested.  She explained that this was because hackers target IP (internet protocol) addresses on a random basis.  An IP address is a unique identifier for a device like a computer.

It was also pointed out that when Malaysian Airlines flight MH370 disappeared, many hackers had attempted to spread malware, by posting videos or links that the aircraft had been found to lure viewers to click on it and infect their devices.

Ratwatte said that one of the greatest fears of a government today is “botnets”, where a number of computers connected to the internet have been infected, and are forwarding transmissions like spam or viruses, without the user knowing.

She pointed out that Microsoft has a digital crimes unit that tackles such issues, by fighting malware through screening and clearing IP addresses, partnering with law enforcement agencies like INTERPOL and the FBI to investigate such cybercrimes, and by also helping them to take legal action against such criminals.

Microsoft regional business development director for Southeast Asia, Kevin Koh, said that he was aware of the country’s national fibre optic network, and that if there was one weak link within that network, such as an agency, then the entire government would be at risk.  He said there was a need for standards to be in place and best practices to be followed.

It was pointed out that Microsoft, besides providing cyber security and cloud services, could also help in setting up such policies.

When asked by a participant if Bhutan would be able to afford Microsoft’s services, Koh said that there were different prices for different countries.  He added that the final price would depend on the structure of the deal, and that more volume would equal discounts.

But he also pointed out that by moving into the “cloud”, it was already a cheaper alternative.

In order to gain the confidence of customers, Koh said that, when Microsoft’s systems get hacked or go down, the company publishes the information, and even pays back the customer for the time the system was not available.

Koh also faced a number of questions on data security.  Asked by another participant if there were any grounds upon which Microsoft might reveal data stored on its servers, it was pointed out that, only with the consent of the customer, was data revealed.

It was also pointed out that, if there was criminal or illegal data being stored on its servers, only a court order and evidence of the illegal activity would warrant revelation.  But Koh also said that such data was encrypted and the key would only be found with the customer.

If a government is insistent on Microsoft revealing data stored on its servers, Ratwatte said that the company would take the government to court as it had done so in the Edward Snowden case. “We’re only a service provider.”

Microsoft officials also said that the company only chose to host its data centres in countries where the environment was conducive, or there was prior assurance from the government that the data was Microsoft property.

Information and communications secretary, Dasho Kinley Dorji, who was in attendance, said that it was good to know that Bhutan had reached a stage where cyber security had to be discussed.

He said that there was a need for adequate laws on cyber security in Bhutan, and it was for that primary reason that the country’s Information Act is being updated.  The act is likely to be discussed only in the winter session of Parliament.

Dasho Kinley pointed out that the government knew what had to be done in terms of cyber security, but the question was how.

The workshop was organised jointly by Microsoft and its local partner, NGN Technologies.

By Gyalsten K Dorji