Government websites under control of private company, risk of data misuse high
KATHMANDU: With the increasing popularity and accessibility of the internet, the Government of Nepal made it mandatory for all ministries, departments, and central level offices to make their own websites. Accordingly, almost all government agencies have created and launched their websites. However, the construction process and cybersecurity of those websites have been repeatedly questioned.
In the year 2068 BS, ‘Guidelines on Website Creation and Management of Government Bodies’ were issued. According to the directive, the government has created a website and launched it, making it easier for the public to get information. With the proliferation of the Internet, the effectiveness of this is certain to increase in the days to come. At the same time, experts have emphasized the need for the concerned bodies to focus on how to build and operate these websites in a safe manner.
The 2068 guideline on website creation-design-hosting is not entirely clear. As a result, many government websites are now hosted by private companies. Thus, when private companies develop or host the website of any government body, they have full access to that website. This comes with the danger of private companies having full access to confidential information that only government officials should have, and also the risk of such information being misused.
Ramesh Prasad Pokhrel, Assistant Director of the National Information and Technology Center, says that the reason for this mismanagement is the lack of certainty on who will build the website on the ‘Guidelines on Government Website Creation and Management, 2068.’
“The guidelines on government websites do not specify how to do this. In order to regulate it, how/who will make it has to be written somewhere,” says Assistant Director Pokhrel.
“It is being said that hosting will be done in the data center. However, some government offices are refusing to do so. We have been writing letters time and time again but they are not complying.”
NIC (National Informatics Center) builds/hosts the websites of almost all government agencies in neighboring India.
“We also need a development team,” says Pokhrel. “The government should form a development team, but this has not been done here.”
Assistant Director Pokhrel said that even if the site design is done externally, the risk of data leakage can be reduced if hosting is done in the government’s data center.
He said, “Questions like ‘what can a website developer do after a private company has created a website and given the username and password to the government?’ may be raised, but the website needs to be constantly updated and managed. For that, the developer has to be given ‘full access’. There is a risk of data leakage and misuse.”
In order to avoid such risks, government websites in other countries have been run by the government under its own supervision. He said that it would be appropriate for the government of Nepal to adopt the same policy to reduce the potential risks.
“In the coming years, the government will probably do this by forming its own development team. We are also taking initiative for this,” says Pokhrel. “We have also built a few sites, including that of the Ministry of Defense.”
Cybersecurity expert Naresh Lamgade also says that creating a government office website by a private company can generate “trust issues”.
“Website developers have to be given a little bit of access. Misuse can lead to action being taken,” says Lamgade, “Data leaks or misuse can be very risky.”
Lamgade suggests that it would be safe and convenient for the government to set up a mechanism for this purpose.