Over the last few decades, the exceptional innovation and use of the cyber space has taken place, giving rise to a inter-connected world and brought people together from all spheres of life on one platform.
The majority of modern nations have ridden themselves of manual systems of infrastructure vital to their national economy and shifted to enhance their systems to digitization. But this huge development and progress has a cost to pay. The nature of digital systems are vulnerable to cyber-attacks by malevolent groups, or individuals, with enhanced and serious repercussions for nations of all over the world.
With an increased usage of internet and phenomenal sophistication of cyber-attacks by state and non-state actors, it has become a serious challenge to either limit the usage of internet or counter these cyber threats. As such, cyber security has come up as a critical issue for the government of Pakistan, military, and security policy makers in the current scenario of receiving persistent cyber threats to the Critical Infrastructure of the country. The Critical Infrastructure such as hospitals, e-government, military establishments, nuclear arsenals, NADRA, Civil Aviation System, emergency services, election commission of Pakistan and many others are key assets containing sensitive and confidential information.
Being an ally with the US on the War on Terror, Pakistan not only favored the International Community, but also stood at the forefront in eliminating extremism and terrorism from the country. However, given due importance, cyber security in the country has been a neglected part that was not given adequate attention. The war on the ground was being fought, and won successfully, but the war in cyber space is still under consideration. Secondly, as a nuclear state and its significant geopolitical position, the increase in cyber-attacks on critical infrastructure cannot be diffused.
The government of Pakistan has been engaged in making policies for countering cyber-attacks since 2003, but no actual implementation has been done. With every passing day and year, the cyber space is not only being misused by cyber criminals, but it has become a haven for cyber terrorists to recruit and use it for networking, communication, data gathering, psychological warfare, and mobilization purposes.
Every independence day, the defamation of Pakistani websites by Indian hackers is taken as wake-up call by the authorities concerned. A national level cyber security policy and its implementation is still missing and if it is made, not yet publicly available. There are electronic crime bills, but have those bills managed to reduce cyber crimes in the last few years? The answer is no.
The Senate Standing Committee on Defence keeps recommending improving cyber security of the country as the Chairman standing committee proposed a seven-point action plan for countering cyber threats. The seven points also put emphasis on joint Asian Strategy to counter cyber threats, but if looking at real facts and figures, how much implementation has been done so far? And still we find none is the answer.
Nevertheless, it has also been revealed that Pakistani is one of the three countries which are being monitored constantly by foreign spies. Cyber war is on the rise and the very nature of the threats are fast evolving making it difficult for Pakistan to counter. On the cyber front, Pakistan is constantly being attacked, either if we are talking of the Independence Day defamation of Pakistan’s ministries websites or the compromise of the NADRA servers in 2012 by Turkish hackers, the crash of the database server of the NADRA website in 2013 by the Afghan Cyber Army (ACA), the cyber-attack on Karachi Gateway exchange, or a compromise of a well-known ISP service in the country, and many other covert or non-covert cyber-attacks. As such, cyber war is constantly increasing and there seems to be no end to it.
If we look at the approach of neighboring countries towards fighting cybercrimes, it is evident that a reactionary approach can never work when it comes to fighting in the cyber space. The recent meeting chaired by National Security Advisor Naseer Khan Janjua for developing and evolving a mechanism to ensure cyber security in Pakistan at a national level is one positive step in this bleak and dismal cyber countering approach by the Government. But the real challenge comes at the implementation level. The neighboring country established CERT-India (Computer Emergency Response team) in Jan 2004 realizing the importance of cyber security and alarming increase in security breaches. Besides, there are various International Fora for Cyber-crime including Forum for incident response and security team (FIRST), Computer Security and Incident Response team (CSIRT) in almost all countries, naming a few US-CERT, AUS-CERT, JAPCERT, Asia Pacific (AP-CERT), Singapore Sing-CERT, Chinese CNCERT, and CERT NZ.
There are many ways forward how to implement this needed policy. The Advisor NSA needs to make the implementation for the establishment of National Pakistan Computer Emergency Response Team i.e. PK-CERT. It may be a joint response structure of government, military, private and public sector. The purpose of PK-CERT would be to provide state-of-the-art cyber security services to Government, private and public sector organizations. The main objective would be to respond and react to critical incidents effectively and efficiently. There is a strong need to setup CERT centers at provincial level connecting it to the PK-CERT working as a central network at center.
The PK-CERT would also act as a bridge between international CERTs for sharing best practices. Additionally, National Cyber Strategy needs to be made and implemented with true letter and spirit which not only guides on how to protect key assets and CIs, but also provides how to respond to any computer emergency incident by PK-CERT. In addition, the universities should group together for the promotion of cyber security awareness under the umbrella of Higher Education Commission (HEC). Another important aspect to be focused on is the cyber security course by the Chamber of Commerce for business on how to secure digital enterprises. This is also the right time to include cyber security policy in Foreign Policy of Pakistan, which not only informs how to respond diplomatically to any incident related to cyber space, but also provides policy for delegates who attend international conferences and seminars on cyber related matters.
There is no doubt that the war at cyber space cannot be won unless we are prepared more than the cyber criminals. The lethal technological digital weapons not only make it possible for cyber attackers to wage war against the country in the cyber space, but also the lack of response time and counter measures by the Government provide them the opportunity to win the war. The cyber war cannot be won merely with cyber policies and proposals. This is the time now to implement the cyber policies, respond and counter cyber threats and react and mitigate cyber-attacks efficiently and effectively. The war in the cyber space must be taken as seriously as a war on land, sea or air.
*Zaheema Iqbal is a student of M-Phil International Relations at National Defence University, Islamabad. Her areas of expertise are terrorism, extremism, radicalization, cyber-war, cyber terrorism, and cyber security. She can be reached at [email protected]