Government IT Manpower on Cyber ​​Drill

The hacker accessed the system through the malicious code (harmful notification) sent to the user for the 'Orion' software update of Solar Wind and did things like stealing data and blocking the service.

It is said that due to the Solar Winds hack, important information including emails from the US Department of Homeland Security, Ministry of Finance and Industry including Microsoft, Intel, and Cisco have been lost. The study on the damage caused by it is still not finished. The same famous cyber attack incident was analyzed as a 'case study' by the information technology personnel of various agencies of the Government of Nepal at the office of the Integrated Data Management Center at Singhdarbar on Monday.

'No matter how new or robust a technology or device is, its configuration, implementation and the literacy of the user who runs it will be a risk,' Dhan Bahadur Thapa Magar, a computer engineer at the Ministry of Finance, said, 'We call the Solar Winds hack from different angles and theoretical concepts of cyber security. We understood that even if only one aspect is missed, there will be extensive damage through the information technology system. On the first day of the National Cyber ​​Drill 2024 program organized by the Ministry of Communication and Information Technology, various cyber attack incidents in the country and abroad were studied.

'At first I didn't know what cyber drill was, after today's program I realized that it is very important for people in the IT sector,' said Saloni Shikha, Assistant Director working in the Information Technology Department of Nepal Rastra Bank, 'The banking sector itself is sensitive and on top of that, central Being a bank, the information technology system of Rashtra Bank has been subjected to various cyber attack attempts. Most of them are phishing attacks, where employees are tricked into clicking on links, password, OTP etc. are trapped in various ways. The cyber drill exercise provided an opportunity to learn how to safely restore any such compromised system. 27 IT personnel from the Cyber ​​Security Center, Integrated Data Management Center and Information Technology Department are participating in the cyber drill. Rajkumar Maharjan, Undersecretary for Technology of the Ministry of Information and Communication and Information Technology, said that on the first day, cyber risk defense was rehearsed through theoretical and 'table top exercises'.

'Throughout Tuesday, we will practice how to respond to a cyber attack or what procedures to use to restore the system,' he said. Under the

cyber attack simulation exercise, IT employees will be divided into two groups, one will conduct a cyber attack and the other will organize a competition to defend and restore the system, said Deputy Secretary Maharjan. "We call it Catch the Flag, where cyber attack and response happen virtually simultaneously," he said. The exercise to be done is a cyber drill.'

Recently, with every work being done online or through the Internet, there have been frequent incidents of attacks on sensitive information technology infrastructures around the world. Since such risks can occur in information technology systems at any time, all countries have government and private cyber security to identify and protect them. Drills and digital literacy programs have been conducted. Even though cyber drill practice has been started in Nepal since 2075, it has not been done regularly.