Protecting \'critical infrastructures\' from cyber attack

The reported selection of 21 government organisations as 'critical infrastructures,' although belated, is a welcome development. In tandem with this, the moves have also been initiated to provide protection to those from cyber attack. The government seems to have learnt the lessons of cyber security in a hard way; the hackers had siphoned off more than $100 million from the country's central bank in an unprecedented cyber heist. Nearly $35 million has been recovered and the prospect of getting back the remaining amount, as of now, appears slim. In fact, such an incident was beyond the imagination of the Bangladesh Bank (BB) high-ups. Weaknesses in the management of its backroom were there and the cyber criminals just took advantage of those.

The trans-national cyber heist of BB's reserve, kept with the US Federal Reserve Bank in New York, a year back gave a wake-up call to the government policymakers and top bankers. As a sequel to this, the identification of 21 public sector entities as 'critical organisations' and the measures that are reportedly in the offing to ensue their cyber security, are steps in the right direction.  Speakers discussing the cyber security issues at a seminar in Dhaka Sunday last wanted the National Board of Revenue (NBR) to protect taxpayers' information from cyber attack and hacking. International hackers are unlikely to be that much interested in such information unless they are employed by certain quarters. But some people at home might be interested to sneak into the NBR network to steal information about some selected large taxpayers with ulterior motives.

Until now most part of the tax administration is sticking to the old ways of storing taxpayers' information. But the process of automation is on and it may not be too far for the system becoming fully automated. This makes it all too important to raise the efficiency level of the tax authorities in order to enable their personnel to cope with the evolving developments. Digital technological advancement in the matters of preserving information does always run the risk of security breach. For hackers -- appropriate word here should be crackers  -- breaking into such storage of information is too easy a job unless the right kind of protective measures are not in place. Speaking at the afore-mentioned seminar, the state minister for information communication and technology had quite rightly suggested for conducting information technology (IT) security audit twice a year by the NBR and developing certified experts of its own on the particular technologies that are adopted for automation. Not the NBR alone should do such things. The organisations that are designated as 'critical infrastructures,' do also play very crucial roles in the national key systems, services and functions. Any disruption in their functions would inevitably leave 'debilitating' impacts on public health and safety, commercial operations and national security. So, the minister's suggestion to set up a disaster recovery centre to overcome any unwanted situation, in matters of cyber security, deserves due attention.

The country is yet to take automation up to the desired level. Nonetheless, it is proceeding towards the goals in a slow but steady manner. For that matter, the relevant authorities need to be equally aware of the need for building up necessary protective measures against possible onslaught from cyber criminals. The hackers have been demonstrating their ingenuity to crack into others' information storage. But IT experts are not also lagging behind in their job of developing protective software. The local IT people, engaged in protecting the 'critical infrastructures', do need to be adequately conversant with the continuous developments in the sector for ensuring their application equal to the needs and circumstances of the time.