The tech and cyber worlds were intensely outraged in 2021 as the Pegasus Project investigation unveiled the massively unethical software hacking and data leak by use of spyware. Various international media including The Guardian, The Washington Post and Reuters, among others, reported that Pegasus spyware was used as part of cyber surveillance in many countries that hacked hundreds of smartphones belonging to heads of states, heads of government, government officials, politicians, diplomats and ambassadors, judiciary and media persons, and human rights activists, among others.
The King of Morocco, the President of France, and the prime ministers of Morocco, Egypt and Pakistan were included in the target list of more than 50,000 phone numbers, stated The Washington Post. Le Monde further reported that several Delhi-based diplomats and ambassadors, including the Nepalese ambassador, were on the potential targets' list, as were Pakistani government officials. "The numbers of Imran Khan [the then Prime Minister of Pakistan] and several of his ambassadors in India appear on the list as potential targets. Dozens of other Delhi-based diplomats and ambassadors are included, from Iran, Afghanistan, China, Nepal and Saudi Arabia," stated Le Monde.
The spyware called Pegasus is reportedly licensed by the NSO Group, an Israeli company. Once this malware infects Android and iPhone devices and smartphones, it can extract messages, photos and files from the device and secretly activate cameras and microphone. Smartphone users remain unaware as to whether their device is infected. The NSO Group claimed it sold that spyware only to governments, for intelligence and legal agencies to use it against criminals and terrorists. Instead, it had been used to target government and international agencies' officials, heads of states and governments, diplomats, and other government and public officials.
It is condemnable that these actors were being spied on. Snooping on government officials and diplomats may lead to a gap of trust between nations and erode bilateral relations, if it is proven that the governments of the host states themselves were involved in a conspiracy to spy on officials of the sending states. It is a grave threat to the national security and sovereignty of nations whose officials are being snooped.
Cyber Intelligence for National Security
Billions of people worldwide use mobile phones as their primary source of communication and many depend on the internet and social media as a major source of information. Data shows that nearly 3.8 billion people, 48.33 percent of the global population, use smartphones, out of more than 5.27 billion who use mobile phones worldwide. By 2023, worldwide mobile users are likely to cross 7.33 billion, predicts Statista, a market and consumer data portal. According to the Global System for Mobile Communications Association (GSMA), there are more than 10.38 billion mobile connections, including cellular Internet of Things, worldwide. In addition, there are more than 4.72 billion internet users and 4.33 billion who use social media; average internet penetration is 59.5 percent globally, while it is 96 percent in northern Europe (real-time GSMA intelligence data as of January 2021).
In Nepal, there are 14.18 million internet users, which is 56 percent of the total population; more than 13 million people use social media, which is 44.2 percent of the total population; and there are 38.61 million mobile connections, which is 131.3 percent of the total population of Nepal (As of January 2021). The mobile subscription is more than 1.3 times of the total population in the country. The internet and social media have been a public platform where large amounts of public data that influence public policy, decision making, politics, diplomacy, military, research, intellectual property, and finance are shared. The crucial task to every entity- government, private and public- is to manage, monitor and secure these digital data, while massive amounts of data are being assembled and exploited by various state and non-state actors.
The Nepali tech and cyber sphere was outraged a few months back due to cyber hacking and snagging of digital infrastructures at different government offices. The central server of the government and servers of different sensitive sectors such as the Department of Immigration and National Information Technology Center went down. The main purpose of the hackers, perhaps, was data breaching. Reportedly, there were 3906 recorded cases of cyber-crime in the fiscal year 2020-2021, while it was 1547 in the first quarter of 2021-2022. Due to the poor digital infrastructure in banks, power-grids, telecom, airports and foreign missions, Nepal has frequently witnessed critical cyber security threats. This has been an emerging challenge for Nepal’s national security.
Cyber-attacks have reportedly risen by 38 percent (all-time high) in 2022 than in 2021 globally. The economic cost of cyber security is expected to cross-over $10 trillion by 2025 worldwide (CyberSecurity Ventures), whereas the national sanctuary cost and that of transnational effects combined would go beyond imagination.
Amid the high possibility of cyber-battles between the two populous and economic giant rivals India and China or between arch-rivals India and Pakistan, Nepal needs to strengthen cyber security preparedness in advance. The government needs to think in advance of establishing a dedicated cyber security center. Taking into account geo-location, geo-political proximity and dependency on others, Nepal needs to march ahead into the spheres of artificial intelligence and big data. Data and technological sovereignty will be key to determining national power capability and wealth for the nation.
The Global Cyber Security Index 2021 shows that Nepal ranks 94th in global rankings out of 160 countries and ranks 101st on the National Cyber Security Index, while it ranks 140th on the ICT Development Index and 115th on Networked Readiness Index. Previously, in 2020, Nepal was at 94th in global rankings out of 182 countries, and it ranked 17 out of 37 countries in Asia Pacific Region. Earlier, in 2018, Nepal was at 109th position and ranked 20th regionally. The index is assessed based on the countries' engagement in five key measures — legal, technical, organizational, capacity development and cooperation.
Nepal has significantly progressed in the cyber security sphere in recent years. Nevertheless, rising in the index alone may not bring cyber security to a country like Nepal. It has to be pragmatic in devising strategic and intelligence policies, and have to foster partnerships with the concerned security agencies, ICT providers, industries, academics, and civilians for a sustainable cyber security planning. Various legislative policies regarding big data, digital and data sovereignty, data protection, privacy, intellectual property, cyber-crime and cyber-terrorism, among others, need to be revised and updated based on the contemporary needs of the society and nation. National security policy has to be pragmatically shifted to developing a resilient national cyber security architecture.
Learning from past failures of political, diplomatic and security intelligence as well as internal weaknesses and power conflicts at various junctures of history, Nepal should take pragmatic steps in upgrading its intelligence mechanisms such that “real-time threat intelligence” could also be implemented. For this, Nepal should invest rationally in intelligence and develop a sound intelligence culture as part of a soft security strategy, while cutting-edge technology along with improved communication systems and corresponding data security are indispensable as part of comprehensive protection mechanisms. Technically, an advanced intelligence unit needs to be set up such that it would provide time-sensitive data on a real-time basis, which will enable Nepal to enhance national security.