In a significant move towards bolstering its cyber defenses, Pakistan is set to establish a National Cyber Security Authority by 2025. This new authority will mandate that all organizations within the country deploy security-certified infrastructures starting from July 2028. The primary objective of this initiative is to prevent data breaches and cyber attacks on national institutions and private organizations from foreign sources.
The existing National Cyber Emergency Response Team (CERT) will be transformed into the National Cyber Security Authority. This transformation will involve the creation of a lab to test and certify the security of hardware and software infrastructures before their deployment in the country. According to a report by Business Recorder, this lab certification will become compulsory for all organizations by July 2028.
Addressing Cyber Security Gaps
Currently, Pakistan lacks basic cyber security infrastructure and capabilities. The establishment of the National Cyber Security Authority and the mandatory security certification requirement are intended to address this gap and significantly enhance Pakistan’s overall cyber security posture. Although several key government organizations such as the Pakistan Telecommunication Authority (PTA), National Database and Registration Authority (NADRA), and State Bank of Pakistan (SBP) have been effective in protecting consumer, client, and national data from cyber attacks, they have been working largely in isolation.
The head of the National Cyber Emergency Response Team (CERT) has emphasized the need for these organizations to collaborate on a single platform to improve Pakistan’s cyber security efforts. By uniting their efforts, these entities can create a more robust and coordinated response to cyber threats.
Private Sector Collaboration
While the public sector is working on enhancing its cyber security capabilities, the private sector in Pakistan is already more advanced in terms of cyber security compliance, security measures, controls, and services. The CERT head has invited the private sector to partner with the government, establishing a public-private collaboration that can better facilitate the nation’s cyber security efforts.
Current Global Ranking and Future Goals
At present, Pakistan is ranked 79th globally in cyber security measures. The CERT head has indicated that there are initiatives underway to improve this ranking to the 50th position. This ambitious goal reflects Pakistan’s commitment to enhancing its cyber security landscape and protecting its digital infrastructure.
Historical Context of Cyber Attacks
Past incidents have shown that many Pakistani organizations, including key state-owned entities, have faced data breaches, with most attacks originating from outside the country’s borders. India has been identified as the top source of these cyber attacks, with Chinese Advanced Persistent Threats (APTs) also involved in some cases.
Financial Sector Under Threat
The financial sector has been a primary target for cyber attackers. An IMF study suggests that 20,000 cyber attacks have taken place over the past 20 years, resulting in a loss of $20 billion, with $12 billion of that amount lost by the financial sector alone. Shaukat Bizenjo, Additional Director of the State Bank of Pakistan (SBP) Digital Financial Services Group, highlighted these figures to underscore the critical importance of enhancing cyber security measures.
IT Export Growth
Despite these challenges, Pakistan’s IT sector has shown significant growth. Muhammad Zohaib Khan, Chairman of the Pakistan Software Houses Association (PASHA), stated that the actual IT exports of Pakistan stood at $6-7 billion in FY24, compared to the officially reported $3.2 billion. He projected that the reported IT export would soar to $5 billion in the current fiscal year.
Conclusion
The establishment of the National Cyber Security Authority marks a pivotal step in Pakistan’s efforts to enhance its cyber security infrastructure and capabilities. By mandating security-certified infrastructures and fostering collaboration between the public and private sectors, Pakistan aims to protect its national and organizational data from cyber threats. As the country moves towards this goal, it will be crucial to ensure that all stakeholders are aligned and working together to create a secure digital environment.
