THE escalating use of information technology and reliance on internet connectivity have left society and states vulnerable to cyber insecurity. This new form of threat is a pressing issue in both developed and less developed nations. Governments are grappling with the task of devising strategies to mitigate inherent cyber risks and hazards. However, the current preventive measures and systems are proving inadequate in providing comprehensive security due to the rapid advancements in information technology and the global nature of cyberspace.
The emerging strategic competition among the great powers has transformed cyberspace into a domain of tensions among the states. The military doctrines have acknowledged the tactical necessity of integrating cyber capabilities with kinetic warfare. The states with cyber capabilities can bleed adversaries politically, militarily, economically and psychologically by conducting cyber offensive operations below the threshold of military conflict. According to the Basic Doctrine of the Indian Air Force, “cyber warfare is an attractive low-cost war-waging model because it has some notable features such as low entry cost, blurred traditional boundaries” and that “offensive cyber warfare can be conducted across the entire range of military and nonmilitary operations to achieve national objectives.” Besides, the non-state actors seriously threaten critical infrastructure across the nations. Ironically, the states are sharing cyber weapons with non-state actors to launch proxy wars against adversaries.
The United States alleged that China had been conducting cyber espionage campaigns against multiple governments in the Indo-Pacific. In April 2024, FBI Director Christopher Wray claimed that a hacking group, Volt Typhoon, had broadly targeted American companies in the water, energy, and telecommunications sectors. India conducts offensive cyber operations and orchestrates hacktivist groups against geopolitical adversaries, including Pakistan. For instance, Earlier this year, India-backed hackers, known as Patchwork, created at least 12 malicious Android apps to infect Pakistani user’s devices with spying malware. The Slovak-based cybersecurity company ESET claimed that Indian hackers used VajraSpy malware to target Pakistani military personnel. VajraSpy is a customizable malware, usually disguised as a messaging application, used to exfiltrate user data.
The encouraging development is that security analysts and policymakers strive to chalk out practical countermeasures. The participants of the 3rd International Conference on Cyber Diplomacy organized by Cyber Diplomacy Center and National Institute for Research and Development in Informatics (ICI) Bucharest, Romania, April 16-18, 2024, while debating the current challenges and opportunities in the digital realm, from critical infrastructure protection to the nuances of cyber diplomacy emphasized on the responsible state behavior and transparency around cyber operations.
Notwithstanding the cyber threats, the progress in digital technology is imperative for the country’s development in the twenty-first century. The UNDP’s 2023/24 Pakistan National Human Development Report placed Pakistan in the ‘moderate’ digital development category. The government of Pakistan is endeavoring to augment cyber capabilities in order to ensure the country’s future security and prosperity. Besides, the government must develop and operationalize a national apparatus to detect and deter internal and external cyber-attacks. Islamabad’s resilience to prevent the perils of cyber capabilities resulted in legislation and the creation of institutions. On May 3, 2024, the federal government established a new authority under the Interior division named ‘The National Cyber Crime Investigation Agency (NCCIA)’ to bolster cyber defenses.
The NCCIA is constituted as a separate authority to “safeguard the digital rights of people” and “counter propaganda and rumors on social media.” The political and social stability in Pakistan is immensely threatened by disinformation. Social media has arisen as an essential tool of disinformation. According to the information ministry’s notification in The Gazette of Pakistan, the NCCIA was formed under Section 51 of the Prevention of Electronic Crimes Act 2016 (PECA). It is headed by a director-general who has at least 15 years of experience in computer science, digital forensics, cyber technology, law, public administration, information technology, telecommunication, or related fields to enable him to deal with offenses under the PECA. The director-general exercises the powers of an inspector general of police. The new Authority rendered defunct the Federal Investigation Agency’s (FIA) cybercrime wing, the designated investigation agency under the Act.
The PECA and FIA’s cybercrime wing germinated optimism that Islamabad was sensitive to the detriments of cyber capabilities. It created a framework with the requisite capabilities, such as trained officers and sensitization of civil society to deal with cyber threats. Conversely, political activists allege that the FIA routinely used the PECA to silence dissent. The NCCIA attempts to improve capabilities and streamline operations to detect and deter cyber threats. Notably, the new Authority’s reliance on and reuse of FIA’s resources — personnel, assets, and existing cases — would create mistrust, redundancies, and confusion in society.
Notably, the PECA needs revamping because it is unclear on consumers’ digital rights, law enforcement agencies collaboration, and information-sharing procedures. Hence, the government immediately legislates specific laws to ensure consumers’ digital rights and define the roles and responsibilities of those involved in cybersecurity and protocols for inter-agency collaboration and information sharing. Moreover, the government should provide finances to NCCIA to recruit qualified persons, improve training, and acquire modern technological tools, modernization, and international collaboration to bolster effectiveness.
The critics of NCCIA are alarmed by the misuse of the Authority to curb the freedom of the press and undermine citizens’ right to privacy. They opine that the government could use NCCIA against political opponents using online platforms to further their political agendas. To avoid these shortcomings, the government needs to introduce new cyber laws after consultation with digital rights groups, the IT sector, civil society, political parties, etc., that guarantee citizens’ privacy and ensure transparent operations, judicial oversight and mechanisms for accountability.
To conclude, cybercrime, cyberterrorism and cyberwarfare threaten national security. Therefore, ensuring cyberspace’s safety and security requires innovative approaches with diplomatic dimensions, legislation that does not undermine democratic values, and the creation or refurbishment of executing institutions.
—The writer is professor at the School of Politics and International Relations, Quaid-i-Azam University.
Email: [email protected]