Skip to main content

While the introduction of information and communication technologies (ICTs) brings undeniable benefits in terms of speed and efficiency of digital transformation, it can also significantly expand the cybersecurity risk landscape or “attack surface.”


That’s why all governments need to frame ICT-enabled infrastructure within a comprehensive National Cybersecurity Strategy (NCS) developed through a nationally coherent and all-encompassing approach.


Adopting and implementing an NCS can be particularly challenging for developing countries as it requires significant economic, human, and organizational resources. Committed to supporting governments by building capacity and transferring knowledge, ITU hosted a webinar on NCS development and implementation where international experts discussed key actions to build cybersecurity resilience and readiness.

A critical contribution came from the Bhutan Computer Incident Response Team (BtCIRT). We decided to share lessons learned while developing our NCS since Bhutan’s experience not only demonstrates the typical cybersecurity challenges faced by developing countries, but also how developing an NCS can turn these challenges into opportunities for stronger cybersecurity.

Embarking on a journey

Bhutan’s journey toward the definition of its first NCS began in 2012 with a readiness assessment conducted by ITU to measure not only the cybersecurity maturity level of the Kingdom of Bhutan, but also its cyberthreat landscape.

Following the assessment, the Bhutan Computer Incident Response Team (BtCIRT) was formally established in April 2016. The BtCIRT operates under the Department of IT & Telecom (DITT) of the Ministry of Information & Communications. Our formal mandate is to provide both reactive and proactive cybersecurity services to the entire nation, including guiding the development of a national strategy.