Pakistan’s New Cyber Security Policy

The Pakistan Telecommunication Authority (PTA) has announced that a new national cyber security policy and the  Pakistan national cyber security agency has been approved. The new policy aims to support both public and private institutions, including national information systems and critical infrastructure, replacing a system whereby government institutions have separate security operations.

This a delicate time for Pakistan, which recently accused India of using Israeli Pegasus spyware to spy on Prime Minister Imran Khan, and has designated cyber attacks on any Pakistani institution as an attack on national sovereignty.

Federal Minister for Information and Broadcasting Fawad Chaudhry said the policy has been introduced keeping in view the enhanced significance of the cyber regime. He said Prime Minister Imran Kahn has asked that a “threats assessment committee” be formed to decide whether or not security be provided to government ministers and other important figures.

Pakistan’s new cyber security policy will include a new governance and institutional framework for a ‘secure cyber ecosystem’, along with computer emergency response teams (CERTs) and security operations centres (SOCs) at national, sector, and institutional levels. The policy also calls for new information-sharing mechanisms, along with skills development and training programs and public awareness campaigns.

The country’s current cyber law, the ‘Prevention of Electronic Crime Act’ (PECA), is poorly implemented, according to ethical hacker and security analyst Rafay Baloch. “To quote a few examples, the federal government has yet to designate a digital forensics laboratory to provide expert opinion to the court independent of the investigative agency which is mandated by the section 40 of PECA,” he told reporters. Baloch says that the new policy should improve Pakistan’s cybersecurity, in particular by harmonising practices across different bodies. He also calls for the government to develop an institutional framework consisting of dual civil-military agencies:

According to the new national policy, a cyber attack on any institution of Pakistan will be considered an act of aggression against national sovereignty and all necessary and retaliatory steps would be taken. The committee will implement the policy at the national level, determine a strategy in a timely manner and take timely action. The committee comprises the secretaries and senior officers of 13 different departments/organisations.

Currently Pakistan has been ranked seventh worst cyber secure state in the world by the Global Strategies Index and the Global Security Index 2018 report.

Pakistan Today:      Portswigger:         Dawn:     Tribune.pk:    The News.pk

You Might Also Read:

India’s New National Cyber Security Strategy:

 

« Detecting & Mitigating Cyber Attacks
Apple Uses Surveillance To Detect Child Abuse »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Allianz Commercial

Allianz Commercial

Allianz Commercial is the center of expertise and global line of Allianz Group for insuring mid-sized businesses, large enterprises and specialist risks.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Tailscale

Tailscale

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.