The likelihood of the country being under a threat of cyber attack was not so big considering the peace Bhutan enjoys, according to the director of Cybercrime Research Institute, Dr Marco Gercke.
However, he said that the country could be a victim of the attack directed against others but it could still affect Bhutan. “So the country needs to be prepared,” he said
The ministry of information and communications in collaboration with ITU organised a cyber security incident simulation exercise yesterday in Thimphu.
The simulation exercise was held to create awareness among decision makers on cyber security and it highlighted the need for intervention policies that can help strengthen cyber security.
He said that criminals usually conduct open source intelligence survey to find out the vulnerabilities and technologies used. “There are information published in Bhutan, which are great from the transparency point of view but sometimes this makes it more likely for you to become a victim,” he said.
He said that Bhutan has expertise that knows the vulnerabilities in their specific field.
“There are dynamics in the country. There are people who know what the threats are. However, it is not widely communicated. I believe that we need to bring all together and make sure to hear different stakeholders,” he said.
However, the exercise saw a different response when it comes to making decisions without having a pre-agreed plan. The result highlighted the importance to have a clear strategy in place.
The simulation exercise was also aimed to educate officials on the potential threats and create awareness on the preparedness to make critical decisions in response to cyber attacks.
Extortion, ransomware, social engineering, release of internal emails of political players, attack against critical infrastructure, against elections, attacks through IoT, purchasing data from illegal sources, phishing, and fake news among others are some cyber attacks the country is vulnerable to.
The ministry plans to draft a national cyber security strategy, discuss child online protection, promote improved institutional cyber culture and raise awareness of cyber practices.
This initiative to establish cyber security strategy comes after two years of forming Bhutan Computer Incident Response Team (BtCIRT) in 2016 that was mandated to ensure the security of online systems and also act as a central point of contact regarding cyber security related issues in the country.
MoIC minister Karma Donnen Wangdi said that BtCIRT for the past one year handled and resolved 250 computers incidents.
Of the total incidents resolved, 83 percent were vulnerabilities found in systems, followed by 10 percent of systems that were infected by malicious codes and six percent related to phishing emails and sites, compromised systems and intrusion attempts.
“It is imperative that security risks associated with the proliferation of ICT enabled infrastructure and Internet is not only combated with technological solutions but appropriately balanced with comprehensive national cyber security strategies and resilience,” the minister said.
The minister added that with the growth in reliance on digital infrastructure, cyberspace remains inherently vulnerable. “The rate of compromise is increasing and the methods used by malicious actors are rapidly evolving. Bhutan is not an exception to such attacks,” he said.