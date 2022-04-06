Information and Communication Technologies (ICTs) have played a key role in revolutionizing the world. Pakistan has also adopted the path of Digital Transformation to harness the benefits of ICTs. The increased use of digital services exposes information assets to a host of Cyber Security threats. In the absence of an indigenous national ICT and Cyber Security industry, Pakistan relies heavily on imported hardware, software, and services. This reliance, inadequate national security standards, and weak policies have made computer systems in Pakistan vulnerable to cyberattacks.

The assurance of Cyber Security requires proper structures and processes for governance, regulation, implementation, and enforcement. Any absence or weakness of the regulation structures poses a threat to Cyber Security. An effective response to risks, threats, and attacks requires a coordinated effort through a series of response teams. The vision is for Pakistan to have a secure, robust, and continually improving nationwide digital ecosystem. This Policy will drive the demand in the local IT industry to ensure the quality delivery of its products and services.

National Cyber Security Policy Emphasizes on Digital Transformation & Mitigation of Cyber Attacks

The focus will also be on promoting online businesses and the smooth running of digital payments. The National Cyber Security Policy aims to protect online data privacy and security of citizens and enhance national prosperity in the digital domain. The policy also aims to create a country-wide culture of Cyber Security awareness through mass communication and education programs and to train skilled Cyber Security professionals. The relevant stakeholders will also undertake specific actions to ensure a cyber-secure environment. These include

Working with Internet Service Providers (ISPs) and Telecom operators to block malware attacks.

Promoting security best practices through Internet governance organizations.

Develop an Internet Protocol (IP) reputation service to protect government digital services.

Encourage a culture of "accountability" and "self-governance" such as National Cyber Security Policy 202111.

Develop a mechanism for the protection of Critical Information Infrastructure and its integration at the entity level through relevant sectoral CERTs.

Create vulnerability management and patch management program for government technology systems.

To create an information assurance framework for Cyber Security audit and compliance requirements for all entities in both public and private sectors.

Nurture an environment for entrepreneurship based on cooperation among government, industry, academia, and research institutions in different areas e.g. supply chain risk management, etc.

Pakistan’s top-down and bottom-up approach is essential to creating a cyber-aware culture. The Ministry of IT & Telecom will play a key role in advancing the country’s stance on the international forum and will make recommendations for joining international collaborations. In order to achieve defined objectives, it is imperative to introduce legal frameworks for cyber governance.

These will be formulated after consultation with stakeholders and will include the formulation of the National Cyber Security Plan and Cyber Security-related laws. The objective of improving Pakistan’s ICT ranking based on international indices and benchmarks will be achieved by focusing on the key areas which include the Internet of Things, Ransomware, AI (Artificial Intelligence), Serverless Apps, Critical National Infrastructure, Sophisticated Phishing Campaigns, Cloud Computing, Cyber Security Awareness, Hacker-for-hire services, and Skills shortages.

