As Bhutan embraces the digital age, the widespread use of pirated software and reassembled hardware including government institutions which is open secret often goes unnoticed undermines cybersecurity and intellectual property (IP) laws.

This practice not only compromises cybersecurity but also undermines Bhutan’s intellectual property (IP) laws and its commitment to the Bern Convention on IP protection. As Bhutan aspires to become a member of the World Trade Organization (WTO), ensuring compliance with IP laws becomes even more crucial.

The Royal Audit Authority’s (RAA) “Performance Audit Report on Preparedness for Cybersecurity 2023” has revealed a surge in cyber incidents reported by government agencies in recent years. Though the Audit Report fell short of reporting on the use of these products and their vulnerability, the report revealed that ranging from phishing attempts to data breaches, pose significant risks to citizens and the government’s digital infrastructure.

This is becoming risky with National Digital Identity storing every data of us henceforth. The lack of a national cybersecurity strategy exacerbates the risks in the absence of a well-defined National Cybersecurity Strategy (NCS). Without a unified vision and collaboration among stakeholders, cyber initiatives remain fragmented, hindering the country’s ability to combat cyber threats.

Reliance on cloud tools like Google Workspace raises data privacy concerns given the lack of regulations: While cloud-computing tools like Google Workspace offer operational efficiency, their use must be accompanied by robust cybersecurity measures. Bhutan current regulations governing data privacy are not robust enough to protect us from exploitation by cybercriminals.

The emergence of AI-generated cyber threats poses greater risks and vulnerabilities and requires new regulations and guidelines. AI-generated phishing emails, malware, and deep fake campaigns demand comprehensive regulations and ethical guidelines to mitigate the associated risks.

Growth in identity theft and ransomware are on rise globally. Identity-based attacks and ransomware threats have become more prevalent and with increasing digital transformation and cloud migration, proactive defense against potential vulnerabilities is crucial for small society like ours.

A multi-faceted approach is needed to address the challenges. The government-led awareness campaigns are needed to educate organisations about the risks of using counterfeit products and emphasise the benefits of using genuine hardware and software. Public awareness campaigns should highlight the socioeconomic merits of IP alongside the cyber risks of piracy.

Increasing budgetary allocations to expand legal software access and centralised procurement is crucial. Appropriate incentives and enforcement should regulate local suppliers, including tax incentives, to encourage the supply of genuine products. With the nation’s focus on a technology-driven economy, prioritising long-term investment in genuine products over short-term cost savings is essential.

Enforcing strict regulations against the use of pirated software and counterfeit hardware in government and public institutions will promote the use of genuine products.

Bhutan’s journey towards WTO membership requires adherence to international IP laws. Genuine hardware and software usage is pivotal for Bhutan’s digital growth and security. Finalising the long-delayed National Cybersecurity Strategy is an urgent step to provide a unified vision and oversight. The fragmented cyber initiatives need immediate collective effort and unison, as audits have highlighted.

At a minimum, all government computers should run legal software with adequate cybersecurity controls. Partnering with reputed tech companies can enable this transition cost-effectively with access to discounted rates or customised packages that suit the country’s specific needs. Citizens cannot value IP when the state itself disregards it frequently.

Leading by example must be the guiding philosophy.

Sonam Tshering

Lawyer, Thimphu

Disclaimer: The views expressed in this article are author’s own.