National Cybersecurity Strategy 2024-2029 has been launched to build robust cybersecurity infrastructure and capabilities
Sherab Lhamo
In the span of nine years, Bhutan Computer Incident Response Team (BtCIRT) under GovTech has handled over 1,388 cybersecurity threats and attacks, with 204 incidents in 2024 alone.
The cases have been increasing yearly with evolving technology.
The cybersecurity cases range from abusive content, fraud, and intrusion attempts to system vulnerabilities and malicious code.
BtCIRT launched the National Cybersecurity Strategy 2024-2029 on October 25, during the National Cybersecurity Conference 2024. The Strategy aims to protect cyberspace and combat various aspects of cybersecurity risks and threats that could adversely affect people, businesses, and the government.
The strategy outlines four primary goals: enhancing national cybersecurity governance and coordination through the cybersecurity institutional framework; strengthening the cybersecurity legislation framework in Bhutan while dealing with cybersecurity incidents and cybercrimes; protect the critical information infrastructure of Bhutan to prepare them to be resilient; and enhance Incident Response with better collaboration, cooperation among stakeholder.
The strategy is crucial for Bhutan to effectively tackle the ever-evolving landscape of cyber threats, taking proactive measures to mitigate both present and future cyber-attacks. As Bhutan increasingly relies on technology, it becomes vulnerable to cyber threats. A comprehensive strategy will help mitigate these risks, foster international cooperation, and build a resilient cyberspace.
“Developing a successful National Cybersecurity Strategy requires not just an awareness of global trends but also an understanding of the specific issues that Bhutan faces in cyber defence,” the strategy document states.
To enhance National Cybersecurity Governance and Coordination through Cybersecurity Institutional Framework, the strategy highlights the need for coordinated and responsive approach to effectively address the evolving landscape of digital threats in the country through active involvement of government agencies, private sector entities, and relevant stakeholders.
Currently, BtCIRT serves as the central point of contact for all cybersecurity issues pertinent to national security. However, the government restructuring has led to a lack of clarity regarding the specific roles and responsibilities of various agencies in handling cybersecurity issues that fall outside the authority of BtCIRT.
In response, the strategy document proposes the establishment of a centralised cybersecurity institutional framework, with clear roles and responsibilities of each entity involved in cybersecurity at different levels—government, strategic, operational, and tactical.
The strategy highlights the need for a robust cybersecurity legislative framework to ensure that legal mechanisms are in place to promptly respond to cyber incidents. This would also facilitate law enforcement efforts against cybercrimes, contributing to overall national cybersecurity and resilience.
The strategy recommends establishment of CII Protection (CIIP) regulatory framework to safeguard the country’s Critical Information Infrastructure (CII) and enhance its resilience against cyber threats and other disruptions.
This framework will consist of relevant regulations, policies, and standards to protect CII from cyberattacks, physical threats, and natural disasters. It will also ensure continued delivery of essential services such as energy, healthcare, financial and telecom systems, among others.
To enhance incident response, the strategy recommends the establishment of Security Operation Centres (SOCs), which will serve as an operational arm for continuous monitoring, threat detection, and real-time analysis of the entire ICT infrastructure.
The SOC will provide a centralised platform equipped with advanced technologies like intrusion detection systems and security information and event management (SIEM) tools, enabling the detection of potential threats before they escalate into full-blown incidents. It will operate 24/7, ensuring continuous vigilance and rapid response capabilities.
The strategy recommends establishment of three SOCs to address specific cybersecurity needs: Governmental SOC (GSOC), EduSOC and Power SOC/CSIRTs.
The GSOC will be located within the BtCIRT/Cybersecurity Division. It will monitor government assets and networks. EduSOC will address specific cyber threats faced by educational institutions while Power SOC/CSIRTs will provide security to operational technology in critical infrastructure sectors, including power.