ISLAMABAD: Calling for urgent steps for legislation on cyber security, experts on Tuesday warned that the government was not adequately prepared to deal with cyber threats.

Speaking at a seminar ‘Security in Cyber Space: Implications and Challenges’, experts said legislation and a well-defined policy on cyber security was needed to decide on the steps the government and other stakeholders in the country were required to take for defending against and responding to cyber attacks.

The seminar organised by Islamabad-based think tank, Centre for International Strategic Studies (CISS), examined the cyber issues and their implications, besides exploring the options for a national policy on cyber space.

“The government needs to strongly focus on this area to strategise its response to the emerging challenge,” executive director CISS retired Ambassador Sarwar Naqvi said in his closing remarks.

“Cyber space is an area where vulnerabilities of states against sub-state actors trying to achieve political objectives have become more apparent,” he said.

Say legislation and a well-defined policy on cyber security is needed

Chairman of the Task Force on Cyber Security, set up by the Senate Standing Committee on Defence, Ammar Jafri said that politicking and bureaucratic red-tape were preventing progress towards legislation on the crucial issue.

He said a draft law on cyber security had been submitted in the Senate a year ago, but nothing happened afterwards.

Government agencies, he maintained, suffered from confusion on the issue.

“Government policy on email was framed 20 years ago,” he said.

Mr Jafri, who also heads Pakistan Information Security Association, said law enforcement agencies should focus on gaining expertise in forensics for improving their capabilities in tracking criminals.

Mr Jafri regretted that emergency mechanisms for dealing with internet attacks – CERT - were not in place. He disclosed that Stuxnet virus that targeted Iran’s nuclear programme, also hit Pakistan, but luckily did not cause much damage here.

Defence analyst Dr Riffat Hussain said cyber warfare became an attractive option for the attacker because it used latest innovation, allowed anonymity, provided disproportionate power to otherwise weaker actors, low entry cost, cheaper in execution, easy delivery, proliferation of tools and avoided use of combat troops.

International law expert Ahmer Bilal Soofi also emphasised on enacting domestic legislation on cyber security.

Mr Soofi and Dr Tughral Yamin deliberated on the international laws applicable to cyber attacks.

Mr Soofi said international jurists viewed cyber attack on a country as a conflict situation. Cyber attack, by a state, would be viewed as use of force.

Mr Yamin looked at it differently.

His opinion was that the law of war specifies that the initial attack must be attributed before a counter-attack is permitted.

Cyber attacks, at least at the initial stage, provide anonymity to the attacker.

Legal experts in the US, he said, contend that law of war covered cyber space.

Mr Yamin, who heads Centre for International Peace and Stability at National University of Science and Technology, proposed confidence building measures between India and Pakistan on cyber security to avert “a worst case scenario that could be triggered by unscrupulous info space activity”.

He said the prospects of an unintentional war occurring due to malicious cyber activity cannot be ruled out.

Mr Yamin said all regional groupings except Saarc were working for an arrangement on cyber security.

Regretting political indifference on the issue, Mr Yamin said, a cyber crimes bill was also lying pending in the parliament.

Published in Dawn, October 1st , 2014