July 17, 2023

Rules approved to fight cyberthreats in public entities

Kalbe Ali Published July 17, 2023

ISLAMABAD: The federal cabinet has approved the Computer Emergency Response Team (CERT) Rules 2023 to counter the ever-growing cyberthreats and hacking attempts at various public sector entities.

The rules stated that a CERT council will be established through the Ministry of IT and Telecom, which will work as a forum for consultative as well as advising all tiers of computer emergency response teams.

The teams will protect against, detect, and respond to cybersecurity incidents and will improve country’s ability to manage such incidents. The council will help establish such teams at national, government, defence, and other sector levels .

Federal IT Minister Syed Aminul Haque, responding to a query, said the response teams at national and sectoral levels will enhance the overall cybersecurity posture and resilience at national level.

“These rules were required to streamline the process required for countering risks of cyber-attacks and the CERTs at various levels as identified in the rules will set the direction for identifying and prioritising protective measures regarding cyber-security,” he said.

Teams to ensure cybersecurity response, enhancing national capabilities

The rules have definitions and constituencies of response teams for national, government, critical information infrastructure, sectoral, federal and provincial levels.

The national team will be responsible for developing a national infrastructure to coordinate a response to any threat against or attack on any critical infrastructure, information systems, critical infrastructure data, or widespread attack on information systems in Pakistan.

This also includes developing capability to support incident reporting across a broad spectrum within the country, including government, military, critical services and infrastructures, telecommunication, commercial, academic, banking, finance, etc.

The national response team will have the power to designate any public or private infrastructure as critical infrastructure — vulnerable to cyberthreats from time to time. It will also play a coordinating and supporting role for the private sector based critical information infrastructure organisations, which have their infrastructure to handle security incidents.

The CERTs will support development of related national cybersecurity platforms, such as, security operation centres, secure e-government services, national identity and access management frameworks.

It is likely to enable Pakistan to develop and enhance its threat intelligence analysis, incident response, and coordination capabilities at national and international levels.

The federal response team will ensure cybersecurity in the federal government subjects and other public sector bodies, including autonomous and semi-autonomous organisations.

The provincial CERT will function as a sectoral team and report to the national team through the government unit.

The provincial team will be notified by the concerned provincial government and it will ensure the security of all digital assets developed, occupied, and deployed by relevant provincial public sector entities.

Published in Dawn, July 17th, 2023

