The first national level cyber-security drill, organised recently by a government agency and participated by 35 private and public institutions, has produced some rather quizzical results.
The government’s e-Government Computer Incident Response Team (BGD e-GOV CIRT) hosted the drill — held online remotely — for 20 banks and 15 non-banking financial institutions, law enforcement agencies, and private entities on October 22. Each organisation was given six problems and a stipulated time to come up with solutions.
At least 13 of the 35 participating organisations failed to solve any problem, including Bangladesh Police, Dhaka Metropolitan Police’s Counter Terrorism and Transnational Crime (CTTC) unit, and the Digital Security Agency.
Contacted on Thursday, AFM Al Kibria, deputy commissioner of CTTC, said he could not recall of any participation from his agency in any cyber drill.
Digital Security Agency and Bangladesh Police did not respond to request for comments.
Tarique M Barkatullah, project director of BGD e-GOV CIRT, later told The Daily Star that due to “ongoing heavy workload”, only apprentice-level officials from the three agencies participated in the drill, at a capacity of “observation and assessment”.
Another organiser, wishing not to be named, also insisted that this does not reflect the true capability of the law enforcement agencies in dealing with cyber threats.
Requesting anonymity, a source at Bangladesh Computer Council, who was involved in organising the event, confirmed that members of the three agencies were present at the drill “on-and-off”.
The results of the drill, which had been uploaded on the website of Bangladesh Computer Council (the governing organisation of CIRT), were removed sometime in the last two days. This newspaper has preserved a copy of it.
“This drill was first of its kind in Bangladesh and our objective was to provide a real-life experience for the participants on incident handling and mitigation,” said Md Bahauddin Palash, one of the organising team members of the cyber drill and the information security specialist of BGD e-GOV CIRT.
NCC Bank came first with a score of 85, while Pubali Bank secured second position with 83. Bangladesh Bank, the regulator of all financial institutions, came fourth with a score of 70.
Senior maintenance engineer and team leader for Bangladesh Bank, Fahad Zaman Chowdhury, described this drill as an eye-opener.
“This initiative is very timely as nature of the threats nowadays has become sophisticated. As this was our first time and we participated in a short notice, I believe our team have done a good job. Of course, we have scopes of improvement and we will work on that.”
NCC Bank, which had its fair share of experience dealing with a hacking attempt in 2019, was better equipped in dealing with this kind of scenario, according to Kazi Jonayed-Un-Naby, senior assistant vice president of the bank and the team leader at the drill.
“We need more of these drills in order to better equip ourselves. The industry is lacking in skilled manpower and most of the organisations are suffering for it,” he said.
Cyber security expert Sumon Ahmed Sabir, executive council member of APNIC and CTO of Fiber @ Home Ltd, sees these cyber drills as a welcome move in such a perilous time.
“CIRT has done a great job hosting such a drill for the first time. The results rightly indicate what lacking we have in terms of defensive cyber capability. We need more coordinate measures to protect our digital space and we need to invest more in our digital ecosystem,” he said.
According to Barkatullah, “This is just the start. Even technologically advanced countries like Israel hosted their first national cyber drill in 2016. So we are not necessarily far behind. On December 12, Digital Bangladesh Day, we are planning to host a drill on a national level with even more stakeholders.”
This content was originally published here.