Cyber security challenges and response
RECENT cyber-attack against National Bank of Pakistan (NBP) once again reminds us the complexity of cyberspace and enormous impact of a cyber-attack.
The attack was identified on 29 October, 2021 and different services of the bank were not available over the weekend.
The federal IT Minister on Monday 1st November stated that no data was lost and hackers were unable to take out servers of the bank.
He also shared some glaring statistics which show the importance of emplacing a robust cyber security system for the country. Cyberspace is a man-made domain.
After conquering natural domains of land, sea, air and outer-space man has created cyberspace domain for own sustenance. The cyberspace is pervasive and ubiquitous. The cyberspace is acting as enabler to operate and live in natural domains.
Advancement in cyberspace has resulted information revolution which has been transformed into fourth industrial revolution where cutting edge technologies such as artificial intelligence, machine learning and big data are helping to accelerate digital transformation in public as well as private sectors.
The cyberspace has created opportunities for state and non-state actors to maximize their gains and further their agenda.
Besides existing trend of cybercrimes such as hacking for monetary gains by cyber criminals and carrying out hacking attempts by script kiddies to win fame, states are using cyberspace as another domain to maximize their power.
Renowned international relations theorists stated such behaviours of states as “world is anarchic and nation states tend to maximize their power”.
Hence nation states are competing in cyberspace. Military graded cyber weapons are being used for strategic gains.
The Stuxnet malware added new dimension to cyber weapons and proved that now sophisticated software can be used for physical destruction of intended target.
The Pegasus spyware is another example of sophistication of cyber weapons. Where a call by predator whether attended or not can compromise a prey’s cellular phone and can steal sensitive data such as text messages, photos, videos etc.
Due to its multi-dimensional impact the cyberspace has become central to hybrid war. Information operations always play significant role during conflicts since ages. However, due to increased role of cyberspace information operations are also becoming frequent and sophisticated.
Pakistan is a developing country with per capita income around1543 dollars p.a. However internet penetration of the country is much satisfactory. In Pakistan, mobile subscription is 77.7 % of total population.
In 2018 incumbent government started digital Pakistan initiative which is aimed at increasing connectivity, providing enhanced digital infrastructure and encouraging innovation and entrepreneurship.
It is worth mentioning that previous govts also provided enabling environment for IT sector by reducing tariffs for IT industry. Initiatives such as PM Laptop scheme by previous government were also effectively contributed to enhance computer literacy in country.
IT solutions such as NADRA database, land automation record, safe city project and online tax return system of FBR are some of the projects which are part of digital transformation.
IT industry also witnessed blossom during COVD-19 pandemic and IT solutions such as edTech and FinTech helped sustain life. E-commerce business growth was also accelerated during this period.
Despite the fact that the country has embarked upon digitalization and a lot of ground has been covered in this regard, no significant measures are taken to prevent cyber threats.
National Cyber Security Policy-21(NCSP-21) was approved in July this year in line with the government initiative of Digital Pakistan-18, for safety of data and protecting privacy of Pakistani users.
The policy outlines a central body to oversee implementation, remove bureaucratic hurdles and capacity building for changing landscape of cyber threats. A significant headway is yet to be made for this policy.
Cyberspace of Pakistan is under constant attack from adversaries. Information Minister on 27 July 21 during a press conference informed that since January, 2021over one million cyber-attacks were launched against cyber systems of Pakistan which were successfully thwarted by National Telecom Company (NTC). The Minister also informed that cyberspace has been secured by adapting requisite measures.
However in cyber space offence has significant advantage over defence, due to frequent changing threat vectors. Hence it was observed that FBR data centre was successfully marginalized by hackers on 14 August, 2021 and recently NBP system was also compromised.
Pakistan is a vibrant IT market ready to harness benefits of fourth industrial revolution (4IR) and is among few developing economies which are well poised to tackle 4IR challenges, due to better available required infrastructure.
Pakistan is blessed that more than 60% of population is under the age of thirty years, which can prove major player.
Now it is imperative that the country should implement NCSP-21 at the earliest to prevent further compromise of vital national data.
Efforts should be made to enhance capacity building of existing IT experts in public sector and more cyber security experts should be inducted in organizations responsible for cyber security of the country including NT.
Moreover government should initiate a mass level information security campaign to educate people.
The government should also consider legislation for persecution of defaulters whether in private or public sector for losing data as accountability will induce responsibility and will improve performance of all those who are responsible for the country’s cyber security.
