Preserving public trust: Effective strategies for preventing data breaches

It is important to adopt a more progressive mindset with regards to the storage of government data, and consider the utilization of global cloud platforms offered by prominent companies.

Utsav Poudel

  • Read Time 4 min.

The Public Service Commission(PSC) has suffered a significant data loss, with over 400,000 application records, 16,000 user accounts, and 60 government entities affected. The crash was caused by a reader in the hard disk that was installed by Oracle. The server has been down since February 2023, raising questions about the public’s trust in the recruitment process. This emphasizes the importance of having proper data backup and disaster recovery mechanisms in place to prevent such incidents in the future.

Inner Workings: Technology Behind the Government Database System

The Government Integrated Data Centre (GIDC) is responsible for storing and securing the data of those who fill out forms through the online government portal. GIDC operates under the National Information Technology Centre (NITC) and is located in Lalitpur, Nepal. Previously, to minimize downtime and ensure data safety, NITC introduced the Data Centre (DC) and Data Resource Centre (DRC). The original data centre is located in Singha Darbar, Kathmandu, and the backup solution, DRC, is located in Hetauda, Nepal. The government data centre’s Disaster Recovery Centre made by the Korea International Cooperation Agency (KOICA) to be formally put into operation on (Baisakh 31, 2076). The DRC was created as protection against future natural and human-caused calamities that could result in data loss. When someone fills out a form through the online government portal, their data is stored in the GIDC system, which is then governed by NITC. In case of any failure in the government data centre or data loss due to natural or man-made disasters, the data should be recovered by the DRC with their backup system.

Root Causes: The Factors that Led to Data Breach

The precise cause of the data breach that occurred in the government is not confirmed. The server that was hosting the PSC’s website was having problems, which led to the data loss crisis. May be the loss of data was caused by a reader crash in the hard disc that Oracle installed. The server didn’t have a backup, which added to the data loss. Other possible causes might be data storage failure, ransomware attacks, human error, or individuals with malicious intent. It emphasises how crucial effective data backup and disaster recovery systems are, especially for government organisations that handle sensitive data.

Prevention Strategies: How Can Government Avoid Similar Disasters ?

Now we know that the Nepal government integrated DRU with the assistance of KOICA a few years ago to prevent similar disasters. The primary role of the DRU is to aid in these types of situations and provide cyber robustness, which refers to the ability to withstand and recover from cyber-attacks or other digital threats. Another term for robustness in this context is “cyber resilience.” But this was not in the case of PSC data storage. Government couldn’t restore the data from DRU. May be it was not backed up for the last three months. To back up properly, our government could use Cloud data storage. Several governmental organizations worldwide are using cloud-based databases provided by big cloud companies such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. For example, the United States Central Intelligence Agency (CIA) uses Amazon Web Services for its cloud computing needs. The United Kingdom’s National Health Service (NHS) uses Microsoft Azure to store patient data. The Indian government uses Microsoft Azure and Amazon Web Services for various services such as hosting of government websites and e-governance services. The cost of implementing cloud database software is always less than the cost that the government has to bear after losing the data. Cloud data storage is not only more accessible and flexible, but it is also highly cyber resilient. In the cloud, data is stored in multiple servers in different geographical locations, which means that if one server is compromised, the data can still be retrieved from another server within the same time. This makes it highly unlikely for data to be lost, as there are multiple copies of it stored in different places. Additionally, cloud providers have advanced security measures in place to prevent unauthorized access to data, such as encryption and access controls. These measures ensure that data stored in the cloud is secure and protected from cyber threats. You might say that cloud based database server for government like Nepal can be expensive, while there may be some initial costs associated with integrating cloud-based software, the long-term benefits and cost savings can overcome the initial investment. The cost of implementing cloud database software is always less than the cost that the government has to bear after losing the data.  

Looking Ahead: Considering Future Implications and Solutions

The Public Service Commission’s current plan involves providing of services via the Internet, but there are a number of problems that must be solved, including inadequate infrastructure, a lack of skilled workers, unstable server, a lack of substitute services and insufficient data backup. Cyber resilience is essential to overcoming these difficulties because the Internet is always vulnerable to new security threats. It is crucial to have backup plans in place, in case of cyberattacks or system failures in order to guarantee that government services can run normally. In order to ensure effective and efficient delivery of public services in the future, it is imperative that government employees receive adequate training in information technology, as technology will increasingly serve as the foundation for service delivery of government. Furthermore, it is important to adopt a more progressive mindset with regards to the storage of government data, and consider the utilization of global cloud platforms offered by prominent companies such as Microsoft, Google, and Amazon. These platforms adhere to international data and security regulations and can provide significant benefits over traditional data center solutions located only within Nepal.