Bangladesh is undergoing a digital transformation, with increasing adoption of online platforms in banking, healthcare, education, and government services.
However, this progress has also exposed the nation to significant cybersecurity risks.
The draft Cybersecurity Ordinance 2024 marks a crucial step in addressing these challenges, aiming to enhance digital security and protect both public and private sector assets from evolving threats.
Cybersecurity landscape in Bangladesh is fraught with vulnerabilities.
The Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) reports thousands of cyberattacks each year, targeting critical sectors such as finance, telecommunications, and government services.
Despite this, many organisations lack adequate security measures, leaving them vulnerable to ransomware, phishing attacks, and data breaches.
Public awareness of cybersecurity remains limited, further exacerbating the risk.
While the Digital Security Act of 2018 provides some legal recourse, it is insufficient to address the complexities of modern cyber threats, particularly those stemming from advanced persistent threats (APTs) and state-sponsored actors.
The need for a robust cybersecurity framework is underscored by several high-profile incidents in Bangladesh.
The Bangladesh Bank heist of 2016 exposed glaring vulnerabilities in the financial sector, with hackers successfully siphoning $81 million.
This event highlighted weaknesses not only in local security systems but also in international interbank communication protocols.
Subsequent incidents, such as the BRAC Bank ATM fraud and numerous ransomware attacks on hospitals and educational institutions, underscore the urgent need for improved cybersecurity measures.
Data breaches affecting government databases and private organisations have also eroded public trust, exposing sensitive personal and organisational information.
Several other incidents further illustrate the scale of the problem. In 2020, a significant ransomware attack targeted a leading healthcare provider, disrupting patient services and compromising medical records.
E-commerce platforms have also been frequent victims, with fraudulent transactions and data theft affecting both businesses and consumers.
In one prominent case, a popular e-commerce site experienced a breach that exposed the personal data of over a million users.
Additionally, in 2022, cybercriminals launched a sophisticated phishing campaign against a major telecommunications provider, compromising customer data and disrupting services for several days.
These incidents underline the increasing sophistication of cyber threats and the urgent need for a robust cybersecurity infrastructure.
The proposed Cybersecurity Ordinance is essential for several reasons.
A strong legal framework will address existing gaps, ensuring that both preventive and punitive measures are in place.
Safeguarding critical infrastructure is vital for national security, as digital platforms increasingly underpin essential services.
Moreover, a secure online environment is crucial for economic growth, fostering innovation and attracting foreign investment.
Protecting personal data is equally important for maintaining public confidence in digital services.
Implementing the ordinance will not be without challenges.
Limited financial and technical resources could impede the development of robust cybersecurity infrastructure.
The shortage of skilled professionals in cybersecurity, including ethical hackers and incident responders, is another significant obstacle.
Effective implementation will also require seamless coordination between government agencies, private entities, and international partners.
Drawing lessons from international standards, such as the General Data Protection Regulation (GDPR) of the European Union, could guide the development of comprehensive data protection and privacy laws in Bangladesh.
Additionally, frameworks like the National Institute of Standards and Technology (NIST) Cybersecurity Framework could serve as benchmarks for establishing robust security protocols.
To overcome these challenges, a multi-pronged approach is necessary.
Developing a national cybersecurity strategy with clear objectives and accountability mechanisms will provide direction.
Investment in education and training is essential to build a skilled workforce capable of addressing sophisticated threats.
Public awareness campaigns must be launched to educate citizens about safe online practices and the importance of cybersecurity.
Strengthening partnerships with international organisations, such as the International Telecommunication Union (ITU), can facilitate knowledge sharing and resource mobilisation.
Establishing a robust incident response system will enable real-time monitoring and mitigation of threats.
Encouraging private sector investment in advanced cybersecurity technologies through incentives will also be critical.
Bangladesh can also look to other nations for inspiration.
For instance, Singapore’s Cybersecurity Act, 2018, has been instrumental in fortifying its critical information infrastructure through a regulatory framework that mandates proactive risk management and incident reporting.
Similarly, India’s CERT-In (Computer Emergency Response Team) plays a pivotal role in handling cybersecurity incidents and raising awareness across sectors.
These examples highlight the importance of institutional frameworks and collaborative efforts in building a resilient cybersecurity ecosystem.
The role of the private sector cannot be overstated.
Many of the largest data breaches and cyberattacks in Bangladesh have targeted private enterprises, yet investment in cybersecurity tools and training often lags behind.
Collaboration between the government and private companies is vital to sharing threat intelligence, developing industry-specific cybersecurity standards, and implementing best practices.
Public-private partnerships could play a significant role in financing and deploying state-of-the-art security solutions, ensuring that even small and medium-sized enterprises have access to necessary protections.
The Cybersecurity Ordinance, 2024, represents a significant step towards addressing the growing cyber risks in Bangladesh.
By integrating insights from international standards and adopting a comprehensive approach, the country can build a resilient digital ecosystem.
The government’s proactive measures, supported by collaboration among all stakeholders, will ensure a secure and prosperous digital future for Bangladesh.
