Sherab Lhamo

The country’s cybersecurity would largely be only as strong as the GovTech agency, which is why the joint sitting of the Parliament called to strengthen its institutional and regulatory framework.

The Joint Sitting adopted all the five recommendations on the preparedness for cybersecurity, unanimously supported by 67 members present yesterday.

The Chairperson of the Public Accounts Committee (PAC), Gyambo Tshering presented the Performance Audit Report on the Preparedness for Cybersecurity, which reviewed the Annual Audit Report from 2016 to 2022.

The report assessed the government’s efforts to ensure a safe, secure, and resilient cyberspace in Bhutan.

As the GovTech agency has human resources shortage, especially cybersecurity experts, the House recommended allocating adequate budget and legal officers to effectively create a legal framework, as presently the agency is looked after by enforcement agencies and regulators.

Industry, Commerce and Employment Minister Karma Dorji pointed out the need for the country’s own data system, as Google Space and Zoom presently used by the government institutions is a risk to data security, as the data directly go into their cloud storage.

The recommendations are to establish coordinating leadership, provide strategic direction and empower the related agency for cybersecurity, to implement the draft National Cybersecurity Strategy with implementation plan, budget, monitoring and evaluation framework.

The report was prepared based on the review of  available documents, analysis of data, and discussion with relevant officials of the Bhutan Computer Incident Response Team, Bhutan InfoComm and Media Authority, Office of Attorney General, Royal Bhutan Police,  Royal Monetary Authority, Financial Institutions and Telecommunication Service Providers.

The report highlighted the lack of legal framework and mechanisms to address cybercrime, which could make the country more vulnerable to cyberattacks. It was also found that there is a lack of adequate cybersecurity capacity- building and awareness in the country, and lack proper monitoring mechanism instituted to ensure appropriate security measures.

Lamgong Wangchang MP, Uygen Tshering raised concerns on the security risks posed by extensive use of counterfeit software by government institutions, and suggested the need to buy the software and distribute among the institutions to ensure privacy and safety.

It is recommended that the GovTech should enforce mechanism for data privacy and protection against unauthorised disclosure and processing of personal data.

PAC’s Deputy Chairperson and Chhoekhor Tang MP, Dawa said that the IT officers of different government agencies use anti-virus to enhance data security and privacy.

The joint sitting also adopted the seven recommendations on the Performance Audit Report on irrigation systems.