Nepal Launches National Response TeamITSERT-NP President Rajan Pant on Team's Top Tasks
Nepal's newly-formed Information Technology Security Emergency Response Team, ITSERT-NP, aims at helping individuals and institutions build a more secure environment.
See Also: Ransomware Recovery in the 'New Normal'
The Information Technology Security Emergency Response Team, Nepal was formed with a group of IT professionals -- to respond to the growing cybercrime in Nepal and making citizens aware of cybercrime and create awareness of emerging threats in the sector.
ITSERT will conduct public awareness programs on cybersecurity across Nepal, along with public bodies, says Rajan Raj Pant, president
"We aim to provide enterprises immediate assistance in case of emergency mishaps and make stakeholders conscious about security challenges and the adverse impact on the nation," Pant says.
"The response team will constantly update itself about new challenges through other similar institutions in foreign countries," Pant says. "If it fails to counter problems reported, it will refer the case to institutions abroad."
In this interview with Information Security Media Group, Pant emphasizes the need for a centralised platform to build security awareness among enterprises and professionals alike. Pant also shares insights on:
- The need for an IT security response team in Nepal;
- Goals set in addressing security challenges;
- Leveraging the private-public partnership model for creating a secure nation.
Rajan Raj Pant, the president of Nepal's ITSERT, was earlier responsible for PKI in developing countries, and later, IT Controller, at the ministry of science and technology, Government of Nepal. An MBA specialising in Quantitative Techniques and Computer Management from Shivaji University, Maharashtra, he also holds an LLB degree from Tribhuvan University, Kathmandu, Nepal. He is a certified CEH, ISO 27001 ISMS Lead Auditor.
Rajan is Ex-General Secretary, Computer Association of Nepal, and Member, Management Association of Nepal.
GEETHA NANDIKOTKUR: Nepal's ITSERT is a recent evolution. Can you elaborate on the factors that steered its formation?
RAJAN RAJ PANT: Earlier, as the IT controller in the government, I had plans to form an IT security response team. However, due to the lengthy process of approvals, it wasn't established.
The government too had considered forming an IT Emergency Response Team under the Ministry of Science, Technology and Environment to test and audit security of Nepali websites. The plan didn't materialize.
After coming out of the government, I took the initiative forward, setting up a security body to respond to the growing cybercrime in Nepal and making citizens aware of cybercrime.
Thus, the Information Technology Security Emergency Response Team, Nepal was formed with a group of IT professionals - to tackle challenges to keep information secure.
Established about two months ago, the first of its kind in Nepal, it aims to bring together IT experts, internet security experts and other professionals from IT under a single umbrella and create awareness of emerging threats in the sector. It will also work as a quick response team to resolve security threats with local and international experts.
ITSERT's seven-member executive team is selected based on technical qualification, passion to be associated with the security domain, experience and current job profile.
NANDIKOTKUR: What are ITSERT's goals and agenda in addressing Nepal's security?
PANT: ITSERT, a forum for all Information & Communications Technology security professionals, entrepreneurs and organizations in Nepal, is not-for profit, aimed at enhancing local and international co-operation on IT security, creating awareness among citizens and running security programs. It provides incident response and incident handling services to its members and other organizations.
ITSERT's key focus areas are:
- Responding effectively when a critical IT security incident occurs'
- Helping organizations respond rapidly and propose mitigation and response strategies;
- Establishing a relationship with other national and international CERT teams and share strategies;
- Drafting and proposing an IT security policy for Nepal, soon;
- Helping organizations identify areas of vulnerabilities and offer testing beds;
- Information sharing about new emerging threats with different organizations;
- Co-ordinating and co-operating with the Nepal government on IT security and cybercrime incident response best practices.
The agenda for 2015-16 is to create awareness among people, organizations and users on the importance of securing enterprises.
Challenges and Priorities
NANDIKOTKUR: Can you provide insights into the security challenges Nepal faces? How do you address them?
PANT: Like any country, Nepal faces security-related challenges; cybercrime is also growing. Since they don't get reported, it's difficult to estimate the intensity of the data breach and loss. The greatest challenge is lack of awareness and knowledge among the people; executives, too. It's the hardest thing to convince organizations, including banking, to allocate sufficient budgets for information security. The critical challenges are hacking, phishing and social engineering.
Another challenge is a lack of certified security professionals. Now, there's a greater interest in getting certified in security. But since there's no cybersecurity policy with clear guidelines, it's challenging to find good staff who can pen test and throw light on incident handling.
So, ITSERT's primary objective is spreading of awareness about cybersecurity and cyberlaw among people and organizations alike. We just concluded a cybersecurity conference on 'Secure You, Secure Your Nation'.
The goal is also to set up a cybersecurity incident response team in Nepal soon and empower and encourage private and public groups' participation. Create a central platform for cybersecurity, meet and strengthen regional co-operation.
Thrust on PPP Model
NANDIKOTKUR: You speak about collaboration. How much emphasis do you lay on public-private partnership?
PANT: While we are keen on the government's support in creating an exclusive security platform, we are working towards co-operating with other CERT communities to tackle security challenges. Our mission is to go the PPP way, involving the government to facilitate, govern and control. Private bodies will execute the IT security policy guidelines.
I see telecom and banking becoming conscious of security and spending towards IDS and IPS. It'd be good to collaborate with them to create awareness. For capacity building, ITSERT plans to impart security training and certification to IT professionals by collaborating with professional bodies.