The ‘Guidelines on Website Creation and Management of Government Bodies’ were published in the year 2068 BS. According to the mandate, the government has built and launched a website to make it easier for the people to obtain information. With the development of the Internet, the effectiveness of this will undoubtedly increase in the coming days. Simultaneously, experts have stressed the importance of concerned entities focusing on how to construct and administer these websites in a safe manner.
The 2068 website creation-design-hosting guideline is not totally clear. As a result, private companies now host numerous government websites. As a result, when private businesses construct or host a government body’s website, they have complete access to that website. This comes with the risk of private corporations having full access to confidential information that should only be available to government personnel, as well as the potential of such information being exploited.
The reason for this mismanagement, according to Ramesh Prasad Pokhrel, Assistant Director of the National Information and Technology Center, is a lack of assurance about who will develop the website based on the ‘Guidelines on Government Website Creation and Management, 2068.’
“The instructions on the government’s websites do not clarify how to achieve this. “How/who will make it has to be stated somewhere in order to regulate it,” adds Assistant Director Pokhrel.
“It has been stated that hosting will take place at the data center. Some government offices, however, are refusing to comply. We’ve written letters after letters, but they’re not responding.”
The National Informatics Center (NIC) creates and manages the websites of nearly all government agencies in neighboring India.
“We also need a development team,” Pokhrel adds. “The government should organize a development team, but this has not happened in this case.”
According to Assistant Director Pokhrel, even though the site is designed externally, the risk of data leaking can be decreased by hosting in the government’s data center.
“Questions like ‘what can a website developer do once a private company has established a website and given the government the username and password?’ may be raised,” he said, but the website must be regularly updated and monitored. To do so, the developer must be granted “full access.” There is a risk of data loss and misappropriation.”
To prevent such hazards, governments in some nations have managed official websites under their own supervision. He stated that the same strategy would be appropriate for the Nepalese government to implement in order to eliminate potential hazards.
“The government will most likely do this in the coming years by assembling its own development team. Pokhrel adds, “We are also taking the initiative on this.” “We have also constructed a few sites, including the Ministry of Defense.”
According to cybersecurity expert Naresh Lamgade, a commercial corporation developing a government office website can cause “trust concerns.”
“Website developers must be allowed some level of access. “Abuse can result in action,” Lamgade warns, adding that “data leaks or misuse can be quite risky.”
Lamgade advises that the government establish a mechanism for this purpose because it would be both safe and convenient.