71,000 cyber attacks made on FBR portals every month: Tarin

Published October 1, 2021
This file photo shows Finance Minister Shaukat Tarin. — Reuters/File
This file photo shows Finance Minister Shaukat Tarin. — Reuters/File

ISLAMABAD: Finance Minister Shaukat Tarin has informed the National Assembly that on an average the Federal Board of Revenue (FBR) portals were subjected to 71,000 cyber attacks every month.

This volume has, over a couple of years, increased sharply as tools and methods available with the hackers are more powerful and sophisticated, Mr Tarin said in a written reply to a question from PPP MNA Raza Rabani Khar placed before the assembly on Wednesday.

This was the first detailed reply from the finance minister regarding protecting the data of taxpayers.

The minister said FBR had been authorised to procure cyber and information security-related hardware, software and services to protect the organisation from future attacks.

In a written reply, he said during the last three years (Feb 18, 2019 to Feb 22, 202; March 23, 2021; April 13, 2021 to August 19, 2021), FBR’s systems were breached three times (around 0.001pc success rate).

Finance minister recommends annual budget for technology refresh

“The breach in 2019 was not detected till the investigation into the latest breach in August 2021. The breach was minor in nature and the infrastructure hosting the FBR website was hardened. Therefore, a cyber breach-related audit was not carried out to date.”

However, Mr Tarin said there was an ongoing investigation into the current breach with the help of a third party. This third party is helping scan the entire FBR network, including all machines located in the field formations, in order to determine the possible point of the initial breach.

He said once this has been determined and remedial actions have been taken, a full third-party security audit will be carried out to determine any remaining vulnerabilities.

A full action plan to counter the vulnerabilities will be put together and its execution monitored.

“Therefore, a cyber breach-related audit was not carried out to date. Technology continues to evolve at breakneck speed and requires constant reinvestment.”

Historically, investment into technology at the FBR has remained restricted to specific periods directly related to financing being made available by donor agencies.

This method of investment creates technology debt in between such periods which can lead to vulnerabilities going unaddressed, which can consequently create opportunities for malicious actors such as what transpired during this recent event.

The minister said it was highly recommended that an annual budget for technology refresh be allocated to FBR, which would allow the organisation to keep its technology up to date and take full advantage of advancements taking place in that space. This should be equivalent to 0.05pc of the revenue collected which would have amounted to Rs2.4bn last year.

This amount would have been sufficient for the FBR to have upgraded much of its information security infrastructure which may have prevented the recent incident.

The threat landscape is always evolving at a faster pace as compared to organisations trying to protect themselves. Therefore, this initial procurement may protect the FBR for the immediate and medium future. However, a continued investment must be put in place to protect and allow the FBR to evolve into a data-driven digital organisation, he added.

Published in Dawn, October 1st, 2021

Opinion

Editorial

Untruths and politics
Updated 01 Oct, 2022

Untruths and politics

It would arguably be in the national interest for the Supreme Court to take up the cipher and settle the matter.
Farmers’ protest
01 Oct, 2022

Farmers’ protest

SEVERAL hundred farmers have converged on Islamabad for the last three days to protest against the soaring costs of...
Dasht-i-Barchi bombing
01 Oct, 2022

Dasht-i-Barchi bombing

ON Friday morning, Kabul’s Dasht-i-Barchi neighbourhood was rocked by a terrorist attack targeting an educational...
Avenfield relief
Updated 30 Sep, 2022

Avenfield relief

Accountability cannot continue to be treated like a revolving door in which politicians can be shoved in or pulled out on a whim.
Dar’s plans
Updated 30 Sep, 2022

Dar’s plans

For starters, the country doesn’t have spare dollars to burn.
Another targeted attack
30 Sep, 2022

Another targeted attack

WEDNESDAY’S deadly attack on three Chinese-origin individuals in Karachi’s Saddar area demonstrates the threat...