Recent data from the Royal Bhutan Police reveals a staggering increase in cyber-related cases, reaching a total of 56 incidents reported across the country until November 27, 2023. The capital city, Thimphu, has become a focal point, recording an alarming 24 cybercrime cases. This surge underscores the pressing need for enhanced cybersecurity measures in Bhutan’s most densely populated urban center.
Notably, other regions, including Trashigang, Samdrup Jongkhar, and Wangdephodrang, have also experienced a significant number of cyber incidents, dispelling the misconception that cyber threats are confined to urban areas. Even in more rural divisions such as Paro, Punakha, and Trongsa, the impact of cybercrime is palpable, necessitating a holistic national response.
In response to this growing menace, there are urgent calls for robust cybersecurity measures. Stakeholders are advocating for increased investment in training programs, public awareness initiatives, and technology upgrades to counter the evolving tactics employed by cybercriminals.
A recent report from the Public Accounts Committee (PAC) has shed light on critical deficiencies in Bhutan’s approach to combating cybercrime. The absence of adequate legal frameworks and mechanisms dedicated to addressing cybercrime is a glaring issue. The lack of defined legal provisions and cross-border investigative agreements poses significant challenges for law enforcement agencies, leaving Bhutan’s cybersecurity vulnerable to potential cyber-attacks.
The report underscores the need for urgent action in fortifying legal provisions and agreements. While Bhutan has existing legal provisions for data privacy and protection, the report points out inadequacies in enforcement mechanisms, raising concerns about the safeguarding of individuals’ data and the overall integrity of the digital landscape.
One of the report’s major findings is the absence of a designated agency to lead and regulate cybersecurity. The current disintegrated approach, where various regulating agencies oversee Critical Information Infrastructures (CIIs) under their jurisdiction, risks diffusing responsibilities and exposing CIIs to persistent vulnerabilities and threats.
Moreover, the report draws attention to the lack of protocols for cyber incident reporting, leading to a deficiency in common understanding among agencies. This gap in reporting mechanisms poses a serious challenge, potentially resulting in numerous unreported cases. At the national level, the lack of information makes it difficult to comprehensively assess the country’s threat environment and design strategic responses to cyber attacks.
In light of these systemic shortcomings, the PAC report emphasizes the pressing need for Bhutan to strengthen legal frameworks, foster collaboration for cross-border investigations, establish a centralized cybersecurity agency, and implement protocols for incident reporting. Swift actions are deemed imperative to fortify the nation’s cyber defenses and protect against evolving threats. As Bhutan stands at the crossroads of technology and security, a comprehensive cybersecurity overhaul is crucial to safeguarding the nation’s digital future.