Cybercriminals are active across the globe making cyber threats too common nowadays. Although such attacks affect only one individual by stealing the data from one person’s device but that more likely includes the personal details of many other people, potentially endangering a wider community. In this way, the Malware and viruses spread from one person’s device to another, much like a contagious disease.
New Cyber Governance Policy & Its Major Building Blocks
The solution to minimize cyber threats is Cyber Governance. The term Cyber Governance is related to providing visibility into business risks based on cyber threats. It helps you monitor for compliance and improves overall security posture. The Government of Pakistan has recently drafted a new Cyber Governance Policy.
The policy focuses on the potential of information and communication technologies that can help in the socio-economic development of Pakistan. Furthermore, it will provide reliable, secure and resilient cyberspace for all by assuring the availability and integrity of the critical infrastructure and information system.
Before moving on, let’s have a look at the major blocks that the Cyber Governance Policy Draft includes. The policy draft lays out the roles and responsibilities of policy formulation on the subject. In addition to all this, it clearly hints at the implementation mechanism where the central institution will be responsible to set up policy mandated standards.
Furthermore, they need to set up a coordination process between threat environment grading mechanisms, various tiers and dynamic critical infrastructure classification mechanisms and risk mitigation assurance mechanisms for all classes of users and entities across various sectors of Pakistan.
The major building blocks of the policy draft are
(i) vision, scope, objectives;
(ii) governance model;
(iii) institutional structure and functions;
(v) cross structure collaboration model and processes;
(vi) risk assurance framework;
(vii) capacity building;
(viii) R&D and indigenization;
(ix) model for international collaboration;
(xi) and legislative cover for the institutional model/operationalization of PECA 2016.
Government of Pakistan is considering the option of establishing a specialized and autonomous body for cybersecurity through the proposed draft, under an appropriate high-level reporting mechanism. The proposed Policy will have an autonomous functional model and broader oversight board with the representation of relevant stakeholders. Furthermore, it will be equipped with all the modern and necessary tools to effectively address the issues of cybersecurity in the country. All kinds of users and organizations compliance will be ensured through relevant sectorial cybersecurity apparatus across various sectors.
The new policy will carry out a significant role in the socio-economic development of Pakistan. We all know Cyber threats are quite a serious matter in our country nowadays. To combat that issue, the government has taken the step of such policy formulation. It will allow them to deal with such threats.
The policy aims at the creation, enhancement and drafting specifications of technical interface. Moreover, it also focuses on the processes for national, provincial sectoral and organizational level mechanisms for assessment of threats to ICT infrastructure.
This policy will allow the creation of scenarios for response, resolution and crisis management using an effective predictive, preventive protective response and post-incident recovery actions. In this way, it will play a very critical role in combating cyber threats. The major focus of this policy is on threat prediction and anticipation as well as reactive capacities. It will result in an effective response to cyber incidents. The threat prediction will alert the companies, agencies or individuals letting them know their data is at risk. In addition to that, those who will, unfortunately, get attacked by the cyber threats will be able to recover through post-incident recovery actions.
The cyber governance policy is a public policy that will not only create expectations but will raise awareness among businesses and the civil society of Pakistan. However, there are some important things that the government needs to consider while formulating this policy. There should be transparency while formulating and implementing it.
The government should not breach Public Trust as civil liberty plays a very important role by limiting the reach of government to stay within the bounds of what is regarded as acceptable in one’s life. The most substantial reason that Pakistan is struggling to counter cybersecurity attacks is due to lack of capacity and gaps in the country’s cybersecurity strategies.
The main focus of this policy should be on the practicality and manageability of structure. There should be a balance between safety and growth/economic considerations. The policy must have sustainability together with international compatibility.
The policy should support individual citizens, as well as businesses, in a more practical and proactive way, to manage the particular society risk. For example, individuals can be provided with free face-to-face assistance and cybersecurity support.
Everyone should be given clear guidelines regarding policy. The Government of Pakistan can work with mobile phone service providers so that security-related software updates can be batched and issued via their trusted channels. In addition to that, they can also prompt people to install these by disseminating the need for the updates using text messages, and also publicize this via other media outlets.
We all know cybersecurity is a complex issue that requires in-depth analysis from various perspectives to formulate counter-strategies. The most substantial reason that Pakistan is struggling to counter cybersecurity attacks is due to lack of capacity and gaps in the country’s cybersecurity strategies. So, the government should focus on that as well while formulating the policy. A separate sectoral level strategy should be made to tackle more sector-specific challenges.
A number of institutions are working on cybersecurity; including the civilians, military, and academia, but the sad part is that all of them are working in isolation. If the government wants to successfully tackle the issue of cyber threats, it needs a better long-lasting solution, for that all institutions will require strong coordination.
As a result of coordination, analysis from various perspectives can be done resulting in the formulation of a better policy. Secondly, it will create a consensus among stakeholders to develop a comprehensive national strategy for cybersecurity. Moreover, a separate sectoral level strategy should be made to tackle more sector-specific challenges.
Last but not least, the government should focus more on raising awareness among the public at large. It should be taught as a subject in schools and colleges as it will ensure individual privacy and security from cyber-attacks.
The policy draft document will be presented to the cyber governance policy committee and thereafter the draft will be broadly consulted with the telecom industry as well as other cross-domain stakeholders. So, all including sectors and bodies of the country that will be consulted while formulating this policy should focus on all the important factors after deeply analyzing things.
We hope this policy would help the government in combating the cyberattacks. It’s definitely a good initiative for the safety and security of the country’s critical infrastructure and information systems.