In December 2023, the Pakistan Telecommunication Authority (PTA) launched the first Cyber Security Strategy 2023-2028 for the telecom industry, aimed at strengthening the security and resilience of Pakistan’s evolving telecom sector. The five-year plan is aligned with the National Cyber Security Policy 2021, and is designed to fortify digital security in the telecom landscape.

The initiative focuses on areas such as risk management and governance, cyber defence and incident response, R&D and public-private partnerships to address the new challenges posed by the “increasing interconnectivity of telecom networks, potential cyber threats and the need for data and customer information”. The strategy calls for “increased awareness and education to help people recognise, prevent, and respond to cyber threats”. It also emphasises the need for a comprehensive and integrated approach to cybersecurity across the telecom sector, laying out a framework for collaborative efforts to protect critical telecom infrastructure and services and identifies key challenges and opportunities for the industry, providing a roadmap to protect critical national infrastructure.

The strategy is built on six foundational pillars; legal framework, cyber resilience, proactive monitoring and incident response, capacity building, cooperation and collaboration, and public awareness. The document stresses a multi-stakeholder approach, fostering active collaboration between public and private sectors, regulatory bodies, telecom operators, private security firms, academia and civil society, with a view to create a comprehensive and united front against cyber threats.

The strategy expects the telecom companies to train all their personnel on cybersecurity practices and procedures, particularly on their responsibility to fend off insider threats, ensure compliance of their networks and systems with the PTA regulations and cybersecurity framework and monitor and update networks and systems.

Although the growth of Information and Telecommunication Technology (ICT) has brought enormous opportunities for countries like Pakistan; this has also exposed them to multiple threats emanating from cyberspace. Pakistan is one of the most vulnerable countries to cyber attacks, but industry practitioners say the response to cybersecurity threats has been slow and inadequate.

Pakistan has taken several measures since to improve cybersecurity, starting with the launch of the National Cyber Security Policy in 2021. The document contains ambitious goals and covers various aspects of cybersecurity. The focus is primarily on government institutions, but also recognises the need for cybersecurity practices in the private sector.

Four dimensions of the National Cyber Security Policy are important. First, the emphasis on deterrence. According to it, any cyber attack on the national institution will now be considered as a direct attack on the country’s sovereignty. Second, a governance body; the Cyber Governance Policy Committee (CGPC) has been formed to implement the policy at a national level. Third, for the protection of the cyber ecosystem, the assurance of support of all stakeholders for the establishment of an internal framework in all public and private institutions was given. Fourth was to create awareness among citizens about the security threat. This policy emphasises the importance of cybersecurity audits and compliance. Special courts for cybersecurity cases, cybersecurity education and cross-sector collaboration are also mentioned as key initiatives.

Previously, government organisations tackled cybersecurity by themselves and Pakistan was ranked as the 79th worst cyber-secure state among 182 by the Global Cyber Security Index in 2021. India was ranked at 10 and Bangladesh 53 on the index, which signifies the preparedness of a country to counter cybersecurity threats.

The National Cyber Security Policy is a strategic framework and the implementation will be overseen by key institutions, including the National Telecommunication and Information Security Board (NTISB) and the Pakistan Computer Emergency Response Team (PakCERT). These organisations form the backbone of Pakistan’s cybersecurity architecture, coordinating efforts across various sectors to build a resilient cyber ecosystem.

Muhammad Umar Farooq, a Karachi-based cybersecurity practitioner says that cybersecurity has become a pivotal battleground for nations in a world increasingly driven and disrupted by technology. “As digital threats evolve with alarming sophistication, the urgency for robust cyber defence escalates.” He added that Pakistan, situated at a critical juncture of technological advancement and geopolitical significance, faces a unique set of challenges and opportunities in the cyber domain. In Farooq’s opinion, Pakistan’s cybersecurity strategy has seen significant milestones. “The establishment of the Cyber Security Directorate marks a strategic move towards centralising national cyber defence efforts. Moreover, initiatives in digital literacy and awareness programmes have been instrumental in cultivating a cyber-conscious public. However, while the rapidly changing nature of cyber threats necessitates continuous evolution, the focus must shift toward more advanced areas, such as developing indigenous cybersecurity technologies, enhancing cyber intelligence capabilities, and fostering a robust cybersecurity industry.”

To understand Pakistan’s place in the global cybersecurity landscape, a comparison with other nations is helpful. The United States, for instance, has a highly advanced cybersecurity framework, emphasising public-private partnerships and innovation in cyber defence technologies. India focuses on capacity building and cyber warfare defence, demonstrating a proactive approach to cyber threats.

According to Farooq, despite notable progress, Pakistan’s cybersecurity infrastructure grapples with challenges. “Outdated technologies, limited resources for cyber defence, and a lag in adopting emerging technologies like artificial intelligence and blockchain technology pose significant hurdles. Upgrading these aspects is crucial for keeping pace with sophisticated cyber adversaries.”

For Farooq, a major challenge for Pakistan is the scarcity of skilled cybersecurity professionals, a situation that creates vulnerabilities in the national cyber defence, making security education and training, from basic digital literacy to advanced technical skills critical.“

If Pakistan wants to leapfrog into the forefront of cyber defence, Farooq argues that it must embrace emerging technologies. “Investing in areas like quantum computing, machine learning, and cybersecurity analytics can provide a significant edge. Additionally, fostering a home-grown cybersecurity industry can lead to technological self-reliance and innovation. The future calls for a strategy that is dynamic, proactive, and inclusive. This involves not only technological advancements and policy reforms but also a cultural shift towards recognising the importance of cybersecurity in every aspect of society.”

Nasir Jamal is Bureau Chief, Dawn Lahore.
nasirjamal6592@gmail.com