Financial Crime World

Delay in Identifying Critical Information Infrastructures Puts Bhutan’s Cyberspace at Risk

The Royal Audit Authority (RAA) has released a draft report highlighting the urgent need to strengthen Bhutan’s cybersecurity framework to prevent potential cyber threats and ensure a safe and secure cyberspace.

Challenges Facing Bhutan’s Cybersecurity

  • Delay in identifying Critical Information Infrastructures (CIIs), which exposes them to potential cyber threats
  • Lack of an effective capacity assessment framework
  • Inadequate legal frameworks
  • Insufficient institutional coordination

Key Recommendations

To address these concerns, the RAA has recommended six key measures:

  • Review Regulatory Framework: Ensure compliance with security controls and enhance the country’s cybersecurity posture.
  • Strengthen Institutional Coordination: Overcome disconnects between agencies involved in cybersecurity.
  • Expedite Protection of CIIs: Develop an identification framework, identify CIIs, ensure owners implement security measures, and develop CII regulations.
  • Review Existing Laws and Regulations: Address cybercrime by reviewing existing laws, rules, and regulations.
  • Develop Comprehensive National Cybersecurity Strategy: Ensure a cohesive approach to cybersecurity in Bhutan.
  • Enhance International Cooperation and Coordination: Collaborate with regional and global partners to share best practices and address common challenges.

Methodology

The RAA conducted the audit by:

  • Reviewing relevant legislation, plan documents, policies, and strategies related to cybersecurity
  • Consulting with key stakeholders, including the Bhutan Telecom Authority (BtCIRT)
  • Reviewing other documents and publications
  • Applying a system-oriented audit approach

Conclusion

The delay in identifying CIIs and the lack of an effective capacity assessment framework, inadequate legal frameworks, and insufficient institutional coordination pose significant risks to Bhutan’s cyberspace. It is essential for the government to take immediate action to strengthen its cybersecurity framework and protect against potential cyber threats.

This draft report serves as a wake-up call for the government to prioritize cybersecurity and ensure a safe and secure cyberspace for citizens, businesses, and the country’s overall development.