The Pakistan Telecommunication Authority (PTA) has approved a new cybersecurity policy and an accompanying cybersecurity agency for the South Asian nation.
The new policy aims to help private and public institutions – including national information systems and critical infrastructure. This will replace a system in which government institutions have separate security operations.
It comes at a time when Pakistan accused India of using the Israeli spyware – Pegasus – to spy on PM Imran Khan.
“The IT ministry and relevant private and public institutions will be given all possible assistance and support to ensure that their services, data, ICT products and systems are according to the requirements of cybersecurity,” said IT minister Syed Aminul Haq.
Pakistan’s new cybersecurity policy will include a new institutional and governance structure for a ‘secure cyber ecosystem’. This also includes computer emergency response teams (CERTs) and security operations centres (SOCs) at a national, sector, and institutional level.
The latest policy calls for new information-sharing mechanisms, along with training programs, skills development, and public awareness campaigns.
Experts call the cybersecurity policy announced by Pakistan a positive development. They say that
security awareness is essential, and people need to be told of the risks that come with interconnected systems and of their role in ensuring security.
Pakistan ranks 79th in the ITU’s Global Cybersecurity Index- signifying a poor record in terms of cybersecurity.
The country’s famous cyber law, the ‘Prevention of Electronic Crime Act’ (PECA), remains poorly implemented.
The federal government is yet to designate a digital forensics laboratory to provide a professional opinion to the autonomous court – independent of the investigative agency – mandated by section 40 of PECA.
Furthermore, under section 49 of PECA, the federal government was expected to designate national and sectoral CERTs for guarding against critical infrastructure.
Experts expect the new policy to improve Pakistan’s overall cybersecurity, harmonising practices across different bodies.