Cyber security policy 2021
RECENTLY Pakistan introduced first cyber security policy. This is first of its kind and was much needed.
The cyber security policy came after startling disclosure that hostile intelligence agencies (HIA) used Pegasus malware to steal data from cellular phones of high ranking officials including PM Khan.
The incumbent government views digitization crucial for prosperity of Pakistan.
Government has initiated digital Pakistan Program which guarantees that the future is Digital, and Pakistanis deserve an entry into this future equipped with all necessary tools and services.
The main driving force behind the NCSP is the “Digital Pakistan Initiative” of the government.
The initiative was started in 2018 with the objective to promote connectivity, increase investment in digital skills, and improve digital infrastructure, innovation and tech entrepreneurship in Pakistan.
It is therefore imperative that all actions and transactions of digital Pakistan must be safe and secure against any cyber-attack.
Over the year Pakistan has witnessed exponential digitalization. Despite the fact that country is passing through financial crunches since long as the country is neighbour to war-torn Afghanistan.
But indicators such as internet penetration, Cellular phone subscribers are very much positive and lead towards a well-poised Pakistan to harness benefits of fourth industrial revolution.
However cyber security ranking of the country is abysmally low. According to the ITU Global Cyber security Index (GCI), 2020 Pakistan ranked 76 among 182 countries.
With an overall score of 64.88/100, Pakistan got placement at the level of a developing country. Pakistan got the highest score of 17.25/20 in the category of capacity development.
It got scores of 15.97/20 and 12.26/20 in the categories of legal measures and technical measures respectively.
However, Pakistan’s performance in the categories of organizational measures and cooperative measures is unsatisfactory with the score of 11.01/20 and 8.38/20 respectively.
A security policy document has several functions. It provides a framework within which policies can be written, modified and assessed.
The three main components in the process of cyber security are; people, processes and data and information.
Any policy to be made for securing cyberspace should address and cater to these three pillars.
These three components not only need protection but these three components also result threats.
The NCSP is foundation for holistic cyber ecosystem of the country.
NCSP acknowledges the previous lapses such as weak legislation to safeguard national interest in cyberspace.
The vision of NCSP-2021 envisions a secure, robust and continually improving nationwide digital ecosystem which ensures accountability, confidentiality, integrity and availability of digital assets leading to socio-economic development and national security.
The scope of NCSP covers securing entire cyberspace of Pakistan. The NCSP objective highlights the establishment of governance and institutional framework for safeguarding critical infrastructure and protect the online privacy of the citizens of Pakistan.
The guiding principle of NSCP is support for public/private organization to enhance cyber security of their data as well online protection of citizens of the country.
The guiding principle highlights that a cyber-attack against Critical Infrastructure (CII) will be regarded as an act of aggression against national sovereignty and will be defended with appropriate response.
According to the policy statement, the energy, telecom, finance, water and healthcare sectors come under CII.
The deliverable of NCSP besides others include establishment of a centralized body to oversee implementation of NCSP-21 and subsequent revisions/amendments in the policy. The body will also act as focal forum to resolve inter-departmental bottlenecks.
For interim measure NCSP suggests empowering of sectoral bodies and capacity building of relevant stakeholders The National Cyber Security Policy 2021 is subject to inclusive review after every three years and as when required, depending on the emerging global cyber trends and technological advancements by the relevant organization in consultation with all stakeholders
The NCSP is a step towards right direction. However in the absence of implementation strategy and clear attribution of duties, the NCSP-21 might prove another initiative with weak enforcement.
Attacks in cyberspace are lethal and cyber-attacks against national critical systems such as FBR and NADRA databases require robust cyber security mechanism governed by an encompassing national cyber security policy.
—The writer is contributing columnist, based in Islamabad.