GIVEN the constantly evolving security dynamics globally and regionally, the threat spectrum continues to grow with every passing day. The nature of threat has transformed from traditional to advanced non-conventional and strategic levels. The sphere of traditional security is quite precise and ardently guarded while no such accord or specific definition exists as to what is non-traditional security and part of its sphere.
In the similar regard, the new battlefield of cyberspace involves instruments and tactics more detrimental to national interests than traditional warfare posing a huge threat across the globe. Primarily, cyberspace has become a critical area of concern for its virtual and undetectable nature as it follows no geographical boundaries or limitations. However, the concept of cybersecurity and its mechanisms to regulate the cyber space have become an important feature of national security these days as government; military, corporate, financial, and medical organizations collect, process, and store unprecedented amount of data on computers and other devices.
It is predicted that global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021. However, reports suggest that the world-wide cybersecurity market have already topped with $75 billion spendings in the year 2015. And it is further estimated that these security spendings will soar upto $101 billion in 2018, and hit $170 billion by 2020. The developed economies including the US, European countries, Austrialia and even the countries in Middle East, Gulf and Pacific regions have been allocating bigger chunks of the economies to ensure continuous upgradation of their cybersecurity system. Moreover, these countries have legislated conventions and directives to ensure cybersecurity such as the Budapest Convention on Cybercrime, Network and Information Security (NIS) Directive and EU General Data Protection Regulation. But the challenge remains to be the vastness of cyberspace, its issues of ownership and identification of threat and its origin.
In the very specific case of Pakistan, the efforts for a unified cybersecurity policy or strategy are underway. However, there are certain impeding factors halting the overall process such as level of awareness and knowledge regarding malicious happenings in cyberspace, lack of cyber-readiness and proportion of national spendings in the field. Moreover, there is a dire need to consider the concerns related to cyberspace outside the domestic structure and subject of strategic and global importance. On cyber laws, the scope needs to be extended beyond recognition of electronic documents and communications; electronic forgery or fraud, website and digital signatures certificate providers, unauthorized access to code, crimes such as defamation and hate speech to suggesting jurisdictions and offences, rather it must cater the growing threat of cyber crimes and terrorism.
Pakistan has a long way ahead in this field when it comes to formulation and implementation of a cybersecurity strategy and relevant infrastructure. Another important aspect in the subsequent implementation of cyber security policy is the realization of the fact that it is to be kept updated continuously due to the constantly evolving nature of cyber space.
In way to formulate a consolidated cyber security strategy, Pakistan must first consider cybersecurity as very integral part of national security. It must further be based on the very principle of proportionality while taking into account the existing and potential risks and resources. Cyber security must be ensured in a coordinated manner through cooperation between the public, private and other sectors, taking into account the inter-connectedness and interdependence of existing infrastructure and services in cyberspace.
Moreover, to achieve the status of Cyber Readiness, Pakistan needs to address areas such as state’s cyber security strategic plan and incident response to counter the threat on immediate basis, and the law enforcement concerning e-crimes, information sharing on national and regional level alongside greater investment in cyber Research & Development, education, and capacity building. On regional level, Pakistan must need to come out of a dormant phase, with a need to upgrade its cyber security mechanisms on immediate basis alongside keeping a check on unrestricted hactivism such as that of between various cyber groups of Pakistan and India.
Pakistan needs to focus on the development of a national as well as an international cyber security strategy. Pakistan must establish its foothold in cyberspace and formulate its state policy, before the world further enhances its capabilities in this field.
— The writer is Assistant Research Officer, Islamabad Policy Research Institute, a think-tank based in Islamabad.