Cyber security challenges and response -Express Tribune

Spread the word

The October 29 cyber-attack on the National Bank of Pakistan once again reminds us of the complexity of cyberspace and the enormous impact of a cyber-attack. Cyberspace is a mam-made domain. It is pervasive and ubiquitous, and acts as an enabler to operate and live in natural domains. Advancements in cyberspace have led to information revolution which has been transformed into the fourth industrial revolution (4IR) where cutting-edge technologies such as AI, machine learning and big data are helping accelerate digital transformation in public and private sectors.

The cyberspace has created opportunities for state and non-state actors to maximise their gains and further their agenda. While cyber criminals are involved in hacking for monetary gains, states are also using cyberspace as another domain to maximise their power. Military-graded cyber weapons are being used for strategic gains. The Stuxnet malware added new dimension to cyber weapons and proved that now sophisticated software can be used for physical destruction of intended target. The Pegasus spyware is another example of sophistication of cyber weapons where a call by predator — whether attended or not — can compromise a prey’s cellular phone and can steal sensitive data.

Due to its multi-dimensional impact, the cyberspace has become central to hybrid war. Information operations have always been playing a significant role during conflicts since ages. However due to the increased role of cyberspace, information operations are also becoming frequent and sophisticated.

Pakistan is a developing country but its internet penetration is much satisfactory, with 77.7% mobile subscription. In 2018, the government launched Digital Pakistan initiative aimed at increasing connectivity, providing enhanced digital infrastructure and encouraging innovation and entrepreneurship. The previous governments too provided an enabling environment for the IT sector by reducing tariffs. Initiatives such as the PM Laptop Scheme also effectively contributed to enhancing computer literacy. IT solutions such as NADRA database, land automation record, safe city project, and online tax return system are part of digital transformation. The IT industry also blossomed during the Covid-19 pandemic and IT solutions such as edTech and FinTech helped sustain life. E-commerce business growth also accelerated during this period.

However, no significant measures have been taken to prevent cyber threats. National Cyber Security Policy — 21 was approved in July this year for data safety and privacy of local users. The policy mandates a central body to oversee implementation, remove bureaucratic hurdles and carry out capacity building for changing landscape of cyber threats. But there is no significant headway.

Pakistan’s cyberspace is under constant attack. According to official figures, one million cyber-attacks have been launched on Pakistan since January 2021. Even though the attacks were thwarted by the National Telecom Company, offence has a significant advantage over defence in cyber space, due to the frequently changing threat vectors. Hence it was observed that the FBR data centre was successfully marginalised by hackers on August 14, 2021 and recently the NBP system was also compromised.

Pakistan is a vibrant IT market ready to harness 4IR benefits and poised to tackle the relevant challenges due to the availability of the required infrastructure. The government needs to implement NCSP-21. Efforts should be made to enhance capacity building of existing IT experts in public sector and more cyber security experts should be inducted in organisations responsible for cyber security. The government should initiate an information security campaign to educate people. It should also consider legislation for prosecution of defaulters for any data loss as accountability will help improve performance of all those responsible for cyber security.

Published in The Express Tribune, November 6th, 2021.