Overhaul the Cyber Security Agency to protect data

We are alarmed to learn that even five years after the Digital Security Act (DSA) was enacted, the Digital Security Agency—renamed National Cyber Security Agency following the passage of the Cyber Security Act (CSA)—still remains non-functional. According to a report by this daily, the agency was not provided with necessary equipment or manpower to perform its critical role. The DSA made way for robust provisions for its operation to "ensure the emergency security of critical information infrastructure." Yet, reportedly, it still lacks operational capabilities, including a national computer emergency response team and digital forensic labs, that were promised in the law. The lacklustre state of such a vital institution reveals the sheer apathy of the government to protect citizens' data.

Developing the manpower and capacity of the agency should have been a priority for those in charge. When asked for comments, the agency's director-general, Abu Sayed Md Kamruzzaman, said the delay in developing the institution mainly arises from "misconstruction as many government agencies do not understand the importance of cybersecurity." If that is the case, then what explains the government's heavy investment in cybersecurity surveillance software, including the expensive Spearhead system from Israel, with whom Bangladesh has no diplomatic ties? This situation is completely unacceptable.

It is no secret that government sites are being increasingly targeted because of their weaknesses, leaving citizens' personal information up for grabs. In October, following a massive data breach, officials acknowledged that the personal information of 5.5 crore holders of smart NID cards were available on a Telegram channel. Recently, the tech magazine Wired found that the National Telecommunication Monitoring Centre (NTRC), an intelligence agency, left its database, containing personal metadata, exposed to a spy agency. The fact that government servers such as the Office of the Registrar General, Birth and Death Registration—one of the 29 government-declared critical information infrastructures that the agency is supposed to protect—have been breached shows the vulnerability of our IT system as well as the skewed priorities of the government.

The DSA, bereft of an agency overlooking its mandate and protecting citizens' data, has instead served as a draconian tool to suppress people's freedom of speech. As experts have pointed out, the CSA, which has replaced the DSA, still contains the same weaknesses that were abused over the years to crack down on dissent. Needless to say, genuine cybersecurity laws protect, rather than abuse, the people. We, therefore, urge the government and the ICT Division to overhaul the National Cyber Security Agency so that it can serve its role and ensure the security of the nation's cyber infrastructure.