Network and Information Security Workshop

Building Cybersecurity Capabilities in Bhutan | October 2017

Project Overview

WP2 - 1st Call Initiative

Enhancing cybersecurity capabilities across Bhutan's digital infrastructure through comprehensive training and capacity building.

52 Professionals Trained
5 Days of Training
4 Partner Organizations

The Network and Information Security Workshop was organized by the Department of IT & Telecom (DITT), Bhutan, with financial support from TEIN*CC and collaboration with Sri Lanka CERT CC and APNIC. This comprehensive five-day workshop in October 2017 aimed to enhance the cybersecurity capabilities of system and network administrators from various Bhutanese institutions.

With Bhutan's growing digital infrastructure, the workshop addressed increasing cyber risks by equipping participants with both theoretical knowledge and hands-on skills in network monitoring, vulnerability detection, system hardening, and incident response.

Partner Organizations

Department of IT & Telecom, Ministry of Information and Communications (Bhutan) TEIN*CC Sri Lanka CERT CC APNIC Foundation

Project Objectives

Primary Goal: To build technical capacity in cybersecurity and network monitoring among Bhutanese IT professionals to better protect national educational and research infrastructure from emerging cyber threats.

Technical Training

Train participants in cybersecurity concepts and tools for effective threat management and system protection.

Hands-on Skills

Demonstrate vulnerability testing and system hardening techniques through practical exercises.

Policy Awareness

Promote awareness of cyber policies and best practices for institutional implementation.

Inter-agency Cooperation

Foster collaboration and secure information exchange between government and educational institutions.

Activities Conducted

Security Fundamentals

Comprehensive coverage of threat types, current trends, and basic security measures. Included real-world case studies and policy discussions to contextualize learning.

Hands-on Technical Sessions

Practical demonstrations of penetration testing, firewall configuration, controlled hacking exercises, and configuration risk assessments.

Operational Security Workshops

Focused training on system administration best practices, backup policies, business continuity planning, and vulnerability response procedures.

Threat-Specific Modules

Specialized sessions addressing malware, phishing attacks, network sniffers, DoS attacks, and implementation of secure protocols (SSH, SCP, SFTP).

Expert-Led Sessions

Training delivered by experienced professionals from Sri Lanka CERT CC and APNIC, featuring interactive demonstrations and policy design exercises.

Key Outcomes

Skilled Workforce Developed

52 participants gained comprehensive hands-on experience in cybersecurity management and incident response, significantly enhancing Bhutan's cybersecurity capacity.

Increased Institutional Readiness

Participants can now effectively audit systems, identify vulnerabilities, and apply protective measures within their respective networks and organizations.

Inter-Agency Collaboration Strengthened

The workshop established valuable channels for cooperation and policy alignment across Bhutanese public agencies and institutions.

Enhanced Cybersecurity Awareness

Institutions are now better informed about legal, policy, and ethical responsibilities related to information protection and cybersecurity governance.

Impact Assessment

The workshop successfully created a foundation for improved cybersecurity practices across Bhutan's critical infrastructure, with participants now serving as cybersecurity champions in their respective organizations.

Challenges and Future Directions

Identified Challenges

Time Constraints

The five-day duration proved insufficient to cover deeper technical implementations and advanced certification content, highlighting the need for extended training programs.

Diverse Participant Backgrounds

Varied levels of prior experience among participants required careful balancing of foundational and technical training content to ensure effective learning for all skill levels.

Future Directions

Sectoral CIRT Formation

Leverage workshop connections and trained personnel to establish Computer Incident Response Teams within key sectors and critical infrastructure.

Advanced Certifications

Plan comprehensive follow-up programs offering deeper technical training and formal security certifications such as TRANSITS and CISSP tracks.

Regional Awareness Programs

Conduct widespread awareness campaigns and basic cybersecurity training programs across all Bhutanese districts and remote areas.

Policy Support and Guidelines

Develop standardized cybersecurity guidelines and frameworks for government agencies and institutions to adopt and implement effectively.

Sustainable Development Goals

This project contributes to achieving several UN Sustainable Development Goals:

SDG 4
Quality Education
SDG 9
Industry, Innovation and Infrastructure
SDG 16
Peace, Justice and Strong Institutions