Pakistan is planning to establish a “National Cyber Security Authority” by next year. This new authority will make it mandatory for all organizations in the country to deploy security-certified infrastructures starting from July 2028. The goal is to prevent data breaches and cyber attacks on national institutions and private organizations from foreign sources.

The current National Cyber Emergency Response Team (CERT) will be transformed into this new National Cyber Security Authority. The authority will set up a lab that will test and certify the security of hardware and software infrastructures before they can be deployed in the country. This lab certification will become compulsory for all organizations by July 2028, Business Recorder reported.

The country currently lacks basic cyber security infrastructure and capabilities. The establishment of the new National Cyber Security Authority and the mandatory security certification requirement are intended to address this gap and strengthen Pakistan’s overall cyber security posture.

While Pakistan lacks overall cyber security capabilities, several key government organizations such as the Pakistan Telecommunication Authority (PTA), National Database and Registration Authority (NADRA), and State Bank of Pakistan (SBP) are doing a good job in protecting consumers, clients, and national data from cyber attacks.

However, the main challenge is that these organizations are working in silos, with very little cooperation and coordination between them. The head of the National Cyber Emergency Response Team (CERT) has taken it upon himself to bring all these organizations together on a single platform to collaborate and contribute to a joint effort to improve Pakistan’s cyber security.

Compared to the government organizations, the private sector in Pakistan is far more advanced in terms of cyber security compliance, security measures, controls, and the services they provide. The CERT head has invited the private sector to partner with the government to establish a public-private collaboration that can better facilitate the nation’s cyber security efforts.

Currently, Pakistan is ranked 79th globally in cyber security measures. The CERT head said they have initiatives underway to improve this ranking to the 50th position.

Read more

SBP aims to maintain inflation targeting regime

Caretakers under Kakar blamed for excessive wheat import, Rs300 billion loss to exchequer

US imposes sanctions on Iran over cyber activities, cyberattack on Albania

Past incidents have shown that many Pakistani organizations, including key state-owned entities, have faced data breaches, with the evidence suggesting that most of these attacks originated from outside the country’s borders. India is identified as the top source of these cyber attacks, while Chinese Advanced Persistent Threats (APTs) have also been found involved in some cases.

“That financial sector remained top focus of the cyber attackers. An IMF study suggests 20,000 cyber attacks took place in the past 20 years. Organizations lost $20 billion in such attacks, while $12 billion out of that was lost alone by the financial sector in the world,“State Bank of Pakistan (SBP) Digital Financial Services Group Additional Director Shaukat Bizenjo said.

“The actual IT exports of Pakistan stands significantly higher at $6-7 billion in FY24 compared to the one reported at record high at $3.2 billion in the year,” PASHA Chairman Muhammad Zohaib Khan stated.

He projected the reported IT export would soar to $5 billion in the current fiscal year.