Cyber space and cyber security are the realities of this world.
Exploitation of loosely controlled cyberspace has gained currency in recent
years. Though, there is an increased realisation for cyber security in Pakistan
the fundamental challenges in ICT and cyber space are nonexistence of cyber
laws and lack of central body to generate response to cyber threats. It is not
only depriving us from captivating the
technology innovations of ICT but is also tarnishing the image of Pakistan in the
outside world being a cyber safe haven for Terrorists/ criminals.
CHAPATER – 5
RECOMMENDATIONS AND CONCLUSION
cyber warfare domain, it goes without saying that all measures at any level is either
directly or indirectly linked to the fact that cyber threat cannot be evaded
until and unless there is awareness and realization at user level. A wholesome
approach to offset the threat is advocated at various tiers, so as to obviate
the chance of any potential damage. Few recommendations at national levels are
appended as following
5.1.1 Establishment of
National Cyber Security Organisation (NCSO). National Cyber
Security Organisation is proposed to be established under Cabinet Committee on
National Security. Salient are as
It will serve as
the focal point for policy making, coordination, execution, re-evaluation and
enforcement of cyber security policy at the national level.
It will include
technology reprenstatives from Ministry of Defence (MoD), Ministry of Interior
(MoI), Ministry of Information Technology (MoIT), Ministry of Law (MoL) and
other major stakeholders from government departments.
NCSO will offer technology training and human
resource services to all the government
departments through their respective ministries. Pakistan Telecommunication Auth (PTA), Higher
Education Communication (HEC) and all the government and private academic
centres also be include under its constituency to improve its functionality,
effects and uniformity. So by virtue of its ability NCSO will emerge as single
authority to all the internet and mobile service providers, academic institutes
and research centres in cyber security domain.
Owing to its resources, it will monitor the cyber traffic
in the country to identify cyber security breaches and take necessary
preventive/ damage control measures.
Research and Development
Facilities. The government of Pakistan needs to focus more on
its research and develop sectors and build up analysis capabilities to gain
more perception into risks and threats in the cyber domain. Creation of Research and Development Wing
under National Cyber Security
Organisation, is recommended which is suggested to undertake
research primarily in following fields:-
Emerging trends in viruses,
their effects on own public and private sectors and counter measures.
measures to overcome those vulnerabilities and post incident response options.
Types of EMP devices and
protection against EMP attacks.
Cyber security audit for public
and private sectors.
Indigenous development of cyber
Inspection of imported computer circuits and
chips before assembling a computer sys.
Joining International Forums on
Cyber Security. International forums provide a communication platform
to work together on
practising initiatives to strengthening cyber security, fight cyber crime,
protect online data and cyber capacity building. Apart from numerous available
international forums, it is suggested that Pakistan may join the following at
of Incident Response and Security Teams (FIRST).
Being the largest cyber security forum in the world FIRST
is an international confederation of 396 trusted computer incident response teams
from 84 countries who cooperatively handle computer security incidents and
promote incident prevention programs. (Appendix II).
Forum on Cyber Expertise (GFCE). GFCE is a global platform for
countries, international organisations and private companies to exchange best
practices and expertise on cyber capacity building. GFCE consist of 38
countries, various intergovernmental organisations (IGOs) (e.g. EU, INTERPOL,
World Bank etc) and private companies (e.g. Microsoft, IBM, HP, etc) alongside
collaboration with other cyber platforms like FIRST. (Appendix
5.1.3 Maintaining Manual
Backups. Keeping in view
the vulnerabilities of network assisted / enabled computer systems to impending
cyber attack by adversary on future battle field scenario, a certain percentage of manual
based system may be prepared, maintain and kept in lieu as backups in
respective fields including ministries, banking, civil, aviation, railways,
power system and industries . A parallel activity in the form of a week’s ex to
run all such system on these manual systems may be ensured after every six
months to ensure viability of these backups. Initially, prepared of 20 percent
annual backups of all essentials network based system is recommended in all
relevant fields which may further be enhanced to 50 percent of available system
subsequently. The availability of manual backups will ensure uninterrupted
functions of essential networks even during the phases of cyber attack.
5.1.4 Indigenous Production. Efforts be made to enhance the
base of indigenous production and development of computer hardware and software
system. In this regard following measures are recommended:-
Incentive be given to private
sectors to dev computer technology and manufacture computer related equipment.
Preference be given to transfer
of technology in import of equipment.
Dev of indigenous electronic chips for computer sensitive
5.2 Conclusion. Cyberspace
and cyber security are the realities of this age. World has transformed into a
borderless information society not restricted to any one country, religion or
geo-graphical area. Indeed, cyberspace is a global infrastructure created by
human beings, but still, not controllable by any one group or country.
Therefore, aligning with global and regional entities for development of
credible capability for cyber trend analysis, cyber security and proactive
cyber threat management is extremely important for every nation-state.
Pakistan’s critical infrastructure and its armed forces are susceptible to
cyber attacks from our adversary and other non state actors in their respective
domains. It is imperative to take concrete measures at every possible level to
protect its critical infrastructure from cyber threat; however, responsibility
at individual level remains the cornerstone.