ISLAMABAD: The federal cabinet on Tuesday approved the National Cyber Security Policy 2021 that allows establishment of a national cyber security response framework as the government constituted the Cyber Governance Policy Committee to implement the policy.
As per the policy, a cyberattack on any institution of Pakistan will be considered an act of aggression against national sovereignty and all necessary and retaliatory steps would be taken. The committee will implement the policy at the national level, determine a strategy in a timely manner and take timely action. The committee comprises the secretaries and senior officers of 13 different departments/organisations.
Earlier, various organisations were addressing cyber security-related issues in silos.
Currently Pakistan has been ranked seventh worst cyber-secure state in the world by the Global Strategies Index and the Global Security Index 2018 report.
Pakistan currently holds a weak cyber security posture to deal with any threat in the digital domain.
Cyberattack on any institution to be considered aggression against national sovereignty
The National Cyber Security Policy aims to counter the incidents related to malicious use of information and communication technologies in cyberspace that pose a grave financial and security threat to Pakistan.
The policy includes support for the establishment of an internal framework in all public and private institutions for the protection of cyber ecosystem, security of national information system and infrastructure and protection in all national ICT infrastructures.
The policy calls upon all stakeholders to devise information sharing mechanisms to protect against cyberattacks at all levels, ensure cybercrime monitoring, electronic identification and security and provide the organisations with the required systems and support for protection of online privacy.
It provides responsibility for citizen data matters while establishing a public-private partnership for operational and technical assistance and raising awareness of cyber security using a variety of media across the country.
The policy calls upon the information technology ministry to prepare cyber security experts through campaigns, skill development and training programmes.
Talking to media after the cabinet meeting, federal Minister for IT Syed Aminul Haq said that the primary objective of the policy was to ensure the privacy of online data, information and private and important content of Pakistani citizens and government and private entities while maintaining its privacy.
“The IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cyber security,” he added.
The minister said that information and communication technology-based services and systems were becoming a key driving force for individuals, businesses, organisations, and the government.
But the increased connectivity, mobility, and versatility of digital services had exposed the systems to cyber security threats, he added. Therefore, the emerging cyber threats and vulnerabilities in digital world require a comprehensive and coordinated framework to ensure safe cyberspace for the citizens and businesses.
According to the policy, the government will lead the national response in case of any incident with the support from both the public and private sectors.
As per the policy, a cyberattack on Pakistan will be considered as category I and category II aggression against national sovereignty and the State will defend itself with appropriate response measures.
The policy highlights that to counter these threats, the IT ministry will help establish active cyber defence and cyber security governance, protect internet-based services, ensure protection and resilience of national critical information structures, protection of the government’s information systems and infrastructure, develop information security assurance framework, increase awareness of cyber security and develop cybercrime response mechanisms and regulations.
Published in Dawn, July 28th , 2021