Bangladesh has undergone a rapid digitalization process over the previous decades. According to the Bangladesh Telecommunication Regulatory Commission (BTRC), the country currently contains more than 126.1 million internet users. However, the process of digitalization has coincided with increasing cyber security challenges for the country. The Cyber Security & Infrastructure Security Agency of the United States (US) defines cybersecurity as “the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”
Thus, ensuring cyber security is highly critical for both the national security of Bangladesh and personal security of Bangladeshi people. Bangladesh’s extensive efforts to enhance its cyber security have propelled it to become the most cyber-secure state in South Asia. Yet, the country continues to face a host of cyber security challenges.
Existing Threats to Bangladesh’s Cyber Security: At present, Bangladesh faces regular and persistent threats to its cyber security. Some of the common vulnerabilities of Bangladeshi cyberspace include: attacks on banks and non-bank financial institutions (NBFIs), financial scams, theft of information, phishing, hacking of social media accounts, the spread of misinformation, hate speech etc. These vulnerabilities threaten government’s security and economy as well as citizen’s life, honour and property.
On the financial front, Bangladeshi banks, NBFIs, and mobile financial services (MFS) face serious cyber security threats. For instance, the highly vulnerable banking sector in Bangladesh deals with approximately 630 cyber-attacks daily with most of these attacks originating from abroad. Most of these attacks originate from abroad. 24% of these attacks originate from China, 13% from North Korea, 12% from Russia, and 7% each from the US and Pakistan. In addition, a host of other cyber-crimes are prevalent across cyberspace, including scams related to MFS services, illegal betting, multi-level marketing (MLM) capitalizing cryptocurrency, cyber extortion, cyber vandalism, and various types of scams. The advent of online illegal betting with surrogate marketing strategy and tele-phishing to exploit MFS and credit card services have also become more frequent that is affecting the common people.
Many government and non-government institutions face high-level cyber security threats, with their data (such as birth certificates, National Identity Cards (NIDs), driving licenses, and passports) storages being targeted by hackers. Moreover, private companies and non- government organizations (NGOs) often have relatively weaker protection against cyber- attacks. Also, the sharing of user data with third parties by non-government institutions are also creating cyber security threats as data are being used for malicious intent.
According to the Cybercrime Awareness Foundation (CAF), 75% of the victims of cyber- crimes in Bangladesh are aged between 18 and 30. In 2022, cyber-bullying accounted for 52.21% of all reported cyber-crimes in Bangladesh. In addition, a number of other cyber- crimes, including illegal betting, pornography, cyber scams, and frauds related to MFS, affect people on a large scale. Most Bangladeshi citizens lack cyber awareness, technological adaptability, and preparedness to deal with such cyber threats. Moreover, infrastructural disadvantages, jurisdictional limits, and lack of monitoring of the dark web hinder the government's efforts to deal effectively with these threats.
Also, the emergence of end-to-end encryption technologies has made it hard to apprehend those who are involved in cyber-crimes and cyber-terrorism. Terrorist organizations are extensively using encryption technology to remain unmonitored. They are also operating in social media for spreading extremist propaganda, and new recruitment.
The lack of monitoring of dark web further facilitates their activities. As dark web largely remains out of monitoring, terrorist outfits use this space to hold conferences and meetings. For example, banned Bangladeshi extremist organization, Hizbut Tahrir uses dark web for holding seminars. Transaction through crypto-currency is another concern for counter terrorism effort. Unanimous transaction through crypto-currency helps terrorist organizations to bypass traditional financial monitoring system and helps terror financing to move beyond the border. An arrest of two militants in 2019 and subsequent interrogation revealed that Ansar Al Islam and Ansarullah Bangla Team have been using bitcoin for years to channel their finance.
Besides, the latest use of deep fakes in disinformation campaign and misuse of Artificial Intelligence (AI) has also added new challenges to the country’s cyber security. Thus, the country faces a plethora of cyber security challenges.
Efforts to Tackle the Cyber Security Challenges: Public and private banks including other financial institutions have undertaken a number of measures to ensure their cyber security. These institutions have formed Cyber Security Unit (CSU), employed cybersecurity specialists, installed Security Operations Centre (SOC) and undertaken measures to comply Payment Card Industry Data Security Standard (PCI DSS) certification. These measures also include the formulation of information security policy, the creation of computer incident response teams (CIRT), the training of personnel and the recruitment of skilled manpower.
On 11 March 2014, the government introduced the National Cybersecurity Strategy (NCS), which serves as a framework for the organization and prioritization of the efforts to protect Bangladeshi cyberspace and its critical information infrastructure (CII). Based on the Global Cybersecurity Agenda (GCA), the NCS seeks to create a safe cyberspace through the implementation of legal, technical-procedural, and organizational measures. On 13 September 2023, Bangladesh’s national parliament approved the Cyber Security Act (CSA) to provide the country with a strong legal framework for ensuring protection from cyber- crimes.
In line with the NCS, the government created the Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) in February 2016 and established the CT (Counter Terrorism) -Cyber Crime Investigation under the Dhaka Metropolitan Police in May 2016. Also, cyber-crime units are enmeshed in different branches of the Bangladesh Police and the Bangladesh Armed Forces. Government has established National Cyber Security Agency (NCSA) to further enhance national cyber security in November 2023.
Moreover, the government has conducted several campaigns to create awareness among the population about cyber-security. Cyber security has been given priority where Information and communication Technology (ICT) is already introduced in the curriculum of school and colleges. Law enforcement agencies and defense services have been provided with specialized training.
Thus, Bangladesh has undertaken stringent measures to ensure cyber security. However, numerous financial, organizational, and individual challenges to cyber security still persist in the country. Hence, the country should further strengthen its efforts to protect its cyberspace which can be exposed to greater threats considering the revolution of Artificial Intelligence (AI), Internet of Things (IoT) based technologies and emergence of crypto currency.
The Way Forward: To begin with, based on the NCS, the country should develop a rigorous and meticulous mechanism like developing and deploying squad of cyber security experts and carry out periodical external as well as internal countrywide information security (IS) audit. It can also invest in DarkLabs, an elite team of security researchers, penetration testers, reverse engineers, network analysts, data scientists and underground white hackers dedicated to safeguard cyber-attacks before they materialize. They would advance the understanding of cyber security threats, develop countermeasures, take down malicious infrastructure and intensify preparation, prevention, and recovery efforts.
Then, the country should initiate the process for the establishment of an information-sharing mechanism with neighbouring and friendly countries to facilitate international cooperation on cyber-crimes. Also, the country should undertake necessary political and diplomatic measures for synchronizing cyber security regulations with other countries to apprehend transnational cyber criminals. In addition, NCSA should include representative from all law enforcement agencies.
Moreover, the country should explore the opportunity to bring the dark web under government monitoring system.
After that, CII, financial and NBFI institutions should undertake stringent measures to enhance their cybersecurity. These may include the employment of cybersecurity experts, higher training of their personnel in dealing with cybersecurity threats, enforcing SOCs, performing Vulnerability Assessment and Penetration Testing (VAPT) by expert ethical hackers, strengthening of authentication systems and conducting regular IS audit etc.
Furthermore, all government and non-government organizations must have cyber security policy, use no other than licenced software, and strengthen cyber security regulations to make. Most importantly, vetting of the personnel of government sophisticated organizations should be carried out periodically.
Lastly, the government should have a long-term plan for the enhancement of cyber security including the application of AI which can play a pivotal role in securing the IoT by enabling real-time threat detection. It should undertake measures to develop cyber-threat assessment capability at the user level by promoting cyber hygiene among the population against common and recurring cyber threats such as illegal betting, scams, and cryptocurrency- related fraud. To increase the technological adaptability and preparedness of the mass users,
'Safe Internet' program in the curriculum ensuring online safety education to all educational institutions should be introduced.
In the 21st century, cyber security has emerged as an integral part of national security across the world, and Bangladesh is no exception. As the agenda of building a „digital" and „smart" Bangladesh moves forward, the minimization of cyber security threats becomes a greater priority for the country. Hence, in accordance with its national strategy, Bangladesh should undertake measures to bolster its cyber security, develop a national culture of cyber security, and strengthen its cyber security institutions to ensure a secure cyberspace for the nation.
The writer is a military officer.
