New cybersecurity policy for Pakistan
The Pakistani government has announced a major overhaul of its cybersecurity systems according to the Pakistan Telecommunications Authority. The South Asian nation is ranked 79th in the ITU's Global Cyber Security Index and has for many years lagged behind its major rivals in this crucial sector.
The announcement comes at a difficult time for the Pakistani government which has recently accused India of using the Israeli developed spyware, Pegasus, to spy on its Prime Minister Imran Khan. The new policy aims to co-ordinate and support public and private institutions and protect Pakistan's critical infrastructure, which up to recently have had separate security operations.
The new policy will incorporate a new governance and institutional framework within a framework of computer emergency response teams working at security operations centres. Alongside these reforms will be a higher level of information-sharing mechanisms and training to raise public awareness of the importance of cybersecurity.
The IT Minister Syed Aminul Haq said: "The IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cybersecurity."
Javvad Malik, the security awareness advocate at KnowBe4 said: "Security awareness is essential. People need to be informed of the risks that come with interconnected systems, and what their role is in ensuring security. Once this groundwork is laid, then putting in place technologies and procedures to support these become easier and more effective."
Ethical hacker Rafay Baloch commented: "The major challenge pertaining to the policy is its implementation. A national cybersecurity policy is accompanied by a strategy document with an action plan to achieve the objectives laid out in the policy. The strategy document would include prioritisation of action items, timelines, roles and responsibilities of organisations responsible for implementing the objectives laid out in the policy. That would be raised with the specific purpose of implementing the aforementioned policy objectives and maintaining national cyber defences in government, commercial and military domains."