The government has involved security agency to conduct comprehensive cybersecurity audit and vulnerability assessment of a foreign-made system (Sandvine Inc) hired for Web Monitoring System (WMS), it is learnt
According to official documents, Pakistan Telecommunication Authority (PTA) directed telecom operators in 2017 to deploy a suitable solution capable of mitigating grey traffic and web content blocking. Based on PTA technical requirements, telecom operators committee issued RFP in July 2018. Western-made solutions were offered by different vendors. Three vendors who offered Sandvine based equipment (Sandvine Inc, US-based company) participated in the proof of concept and passed the criteria. No vendor offering, other than Sandvine participated in POC, maintained in the documents.
Security Agency to Conduct Cyber Security Audit & Vulnerability Assessment
Further, the agreement between telecom operators and the vendor was signed in December 2018. PTA has rejected the perception about limiting the freedom of expression of internet users through the WMS system while terming it incorrect and baseless.
Some concerns about possible security hazard/vulnerability of the foreign-made system (Sande Inc) were raised. Therefore necessary written guarantees have been acquired from the selected vendor and the OEM ensuring that there are no backdoors or cybersecurity risks in the system. In addition to written guarantees, it was also decided that necessary measures will b taken for comprehensive cybersecurity audit and vulnerability assessment by a joint team of security agency and PTA.
According to PTA other than many western countries, Sandvine equipment is also deployed in many Muslim countries including Pakistan. The Muslim countries where Sandvine is deployed are Algeria, Bahrain Djibouti, Egypt, Indonesia, Iraq, Kuwait, Lebanon, Libya, Malaysia, Morocco, Pakistan, Qatar, Saudi Arabia Sudan, Tunisia, Turkey and UAE.
In pursuance to section 37 of Prevention of Electronic Crimes Act 2016, clause 11.2 of telecom policy 2015, Regulation 2010 Monitoring and Reconciliation of International Telecom Traffic (MRITT), a suitable technical solution has to be deployed to carry out the following tasks, VoIP (Voice over IP), grey traffic analysis and mitigation, network threat detection, Malware analysis, critical infrastructure information protection, web analysis and legally mandated content filtering, IP consumer trends, OTT applications regulation.
The contract is signed between relevant telecom operators and the vendor without the involvement of public money. All LDIs (Long Distance and International), CMOs (Cellular Mobile Operators) and Submarine Cable Landing Station licensees are sharing the cost of the system under their regulatory obligations.
At present on the directions of the Authority, the industry is in the process of deploying a system called, WMS. The WMS will facilitate in identifying and blocking concealed grey channels over the internet and perform web content filtering to facilitate PTA in fulfilling its responsibility under PECA 2016.