Cybersecurity is the application of protecting critical systems and sensitive information from cyberattacks. Cyberattacks inflicted on a state include the removal of sensitive and important data from different organizations such as banks, ministries, national databases, and power plants. Pakistan, a geopolitically important nuclear power, faces growing cybersecurity threats. Pakistan has millions of internet users and different systems, such as banking and national databases, are dependent on digital platforms. Pakistan’s critical infrastructure is secure and equipped with the latest indigenous cyber defense capabilities to mitigate cyberattacks. However, given the increase in cyber threats, Pakistan has also introduced extra measures to bolster its cyber defense strategy. 

Pakistan’s Cybersecurity Infrastructure

Pakistan’s Cyber Incident Response Team (CSIRT) operates in a variety of sectors. In view of the importance of research and development in cybersecurity, Pakistan established the National Center for Cyber Security in 2018. The Higher Education Commission of Pakistan (HEC) also introduced degree programs in cybersecurity in different universities.

Critical information infrastructure is the backbone of the digital world and vital for economic and national security. Recognizing cyberattacks as a global and national threat, countries around the globe have adopted measures to strengthen cybersecurity. In this context, Pakistan needs to strengthen cybersecurity protocols to protect critical information infrastructure from future cyberattacks. The cyberattacks on K-Electric, an energy provider, in late 2020 and the National Bank of Pakistan in 2021 revealed flaws in Pakistan’s cyber defenses. Officials from both institutions claimed that the cyberattacks were not harmful and that the data remained safe. However, to protect from these cyberattacks in the future, Pakistan needs to implement effective data protection laws.

Pakistan’s Cybersecurity Policy

The federal cabinet approved Pakistan’s first national cybersecurity policy on July 27, 2021, which aims to secure sensitive data and guard against cyber threats. The policy was prepared by the Ministry of Information and Telecommunication to create a legal and organizational framework for cybersecurity. To ensure the security of digital systems, various initiatives, laws, and policies created by different governmental bodies have been put into place. Some of this legislation includes the Electronic Transaction Ordinance, 2002, Investigation for Fair Trial Act, 2013, Pakistan Telecommunication Act, 1996, and Prevention of Electronic Crimes Act, 2016. Additionally, the State Bank of Pakistan has issued cybersecurity guidelines to the financial sector.

Pakistan’s cybersecurity policy highlights various challenges for bolstering national cyber defense systems, including stable administration and governance, the effective implementation of cybersecurity laws, regulations, and policies, the lack of a proper structure, and the inadequate allocation of resources. Another weak area identified includes an ineffective response to data governance and a dependence on external resources for enhancing cyber defenses. Moreover, Pakistan needs an active nationwide cyber response team that detects and counters cyberattacks. 

There is a growing need to prevent cyberattacks and Pakistan needs to address the shortcomings in its cybersecurity policy and enhance preparedness to counter new threats. Neglecting to update critical information infrastructure could be costly and undermine cyber defense mechanisms. The ability to defend against potential cyberattacks is crucial, and Pakistan’s cybersecurity laws and policies must be continually updated to match the evolution of cyber threats. 

Cybersecurity Recommendations

Cyber-related legislation needs to be aligned with contemporary information system dynamics. More importantly, Pakistan needs to focus on reforming the legal mechanisms and strategies to deal with cyber offenders by establishing tribunals and similar procedures in association with the Federal Investigation Agency.

In order to proactively deter cyber threats, various teams should be placed in concerned organizations to share timely information and ensure resiliency. National Computer Emergency Response Teams should be established to efficiently manage preemptive threats. Various response, information sharing, and analysis teams with relevant responsibilities should be established to respond to cyber breaches.

Pakistan needs to invest in institutional reforms and establish a specific cybersecurity body that aims to ensure cooperation between different national governments and law enforcement agencies. Additionally, legislative and policy reforms are vital, especially those aimed at enforcing the Prevention of Electronic Crime Act (PECA), 2016 which considers cyberspace issues from a broader perspective.

Moreover, to mitigate cyberattacks, the Pakistani government should adopt “cybersecurity models.” First, intergovernmental relations should promote effective collaboration between federal, state, and provincial governments.

Second, Pakistan should collaborate with other foreign governments and agencies. To efficiently construct a national cyber defense system and promote sustainable economic development, a state must combat external threats. Pakistan should sign agreements with different countries to prevent cyberattacks in this context. For instance, Pakistan should raise cybersecurity as an issue within the South Asian Association for Regional Cooperation framework. In this regard, Pakistan and India can make use of multilateral diplomacy to reduce the risk of destabilizing cyberattacks. A joint mechanism for discussing cybersecurity should be set up for information sharing and defense preparations. 

Third, Pakistan should concentrate on public-private partnerships to effectively implement cybersecurity policies. Multinational companies are key players in cyberspace and play a significant role in shaping cyber defense policies and responses.

The Pakistani government must take steps to address systemic vulnerabilities in its critical infrastructure. Ministries, security agencies, and experts should establish a cybersecurity forum to discuss and analyze cyber threats, and develop effective policies. Another step could be to establish a cyber command center within the Inter-Services Intelligence agency to manage cyber defense for the Pakistani military, share critical security information, and coordinate with other entities.

Dr. Muhammadi is an Associate Director of Research at the Center for International Strategic Studies (CISS), Islamabad, Pakistan. He holds a Ph.D. in Politics and International Relations from Shanghai International Studies University, Shanghai, PR China.

Saliha Mehboob is Research Officer at the Center for International Strategic Studies (CISS), Islamabad, Pakistan. She holds an M.Phil. in International Relations from Quaid e Azam University Islamabad, Pakistan.

Image: Reuters.