Cyber Threat Landscape and Readiness Challenge of Pakistan

People’s normal life in modern society is inseparable from the important services and a lot of conveniences brought by cyberspace. However, while cyberspace benefits mankind, it also brings challenges and threats to people’s safety. Network security refers to ensuring that computers, databases, programs, and networks are not subject to unauthorized access, alteration, and destruction. Cybersecurity aims to create and influence the behavior and rules of cyberspace. Network security is inseparable from in-depth information communication technology knowledge, professional talents, and measures. In the era of globalization, network security is also inseparable from the active and tacit cooperation of countries around the world. In Pakistan, the network security threats organized and planned are gradually severe, but this has not yet been fully studied and analyzed by experts and scholars.

This article gives a simplified summary of the cybersecurity threats faced by Pakistan, which are seriously affecting the country’s network service system. In addition, in response to the severe challenges facing Pakistan in the Internet space, this article makes some suggestions based on current understanding and knowledge, hoping that the country can overcome difficulties and resolve crises.

Basic National Conditions of Pakistan

Pakistan is a Muslim country, which became independent from India in 1947. At present, this country is faced with domestic and foreign difficulties and is facing domestic political struggles and regional conflicts. Pakistan covers an area of 796,095 square kilometers but has a population of 193 million, and the average life expectancy is 66 years. The official language of Pakistan is Urdu, but English is also one of the languages spoken in Pakistan. Compared with neighboring countries, Pakistan has one of the lowest Internet penetration rates in South Asia. Only 100 million people have access to the Internet, slightly higher than 50% of the total population (2014). However, the country’s network construction was completed quickly with the support of China. In only three years, the penetration rate of 3G Internet rose to 75%. However, broadband is still the country’s shortcoming with only 10% coverage. This data is slightly higher than that of Afghanistan in the Middle East countries. Although Pakistan’s population base and nuclear weapons accidents, no other aspects can be called the first in the world. However, terrorism and the relationship between the United States and India have caused this country with backward network technology to face huge cyber threats. Such a situation is definitely not something a small developing country can face calmly.

Pakistan’s network infrastructure

Like most developing countries in the world, Pakistan is building network service facilities. Regardless of whether it is a government organization or a commercial company, they are updating information technology, building infrastructure, and operating on a basic basis, providing services or obtaining benefits; NADRA (National Database and Registration Authority) is the most important network infrastructure service department in Pakistan, Is a database that collects national identity information. Important departments such as banks, passport offices, election commissioning agencies, and the FBI all rely on NADRA data. Therefore, although NADRA is an organization in a developing country, the level of services provided worldwide is also top-notch. At the same time, NADRA has become an important target of hacker attacks, especially attacks from cyber terrorism. Terrorists try every means to block or disrupt NADRA’s normal services, steal Pakistan’s confidential information to achieve illegal purposes.

Pakistan is building a network of government affairs office, so it is an important measure to build a modern country, so as to improve the efficiency of the government, adapt to the changes in the situation brought by the information society, and meet new challenges so that all government departments can provide the people with faster and more efficient Basic services.

Pakistan also has a relatively mature capital market, so a large number of long-term capital transactions and investments are carried out every day. Such a capital market is conducive to organizations and government agencies to invest assets in and avoid fraud or plunder; now, the capital market is also upgrading, from the previous paper transactions and paper records to electronic information trading systems. Such trading systems include stock trading, investment banking, mobile/online banking, financial departments, and government departments.

Current threats and attacks

As a developing country, Pakistan’s security measures in cyberspace are far from meeting current needs. For the Pakistani government, ensuring the security of private information has become one of the top tasks. For example, on social platforms, people can freely interact with friends and share various information. However, cybercriminals use this to steal personal privacy and even user location information will be collected.

Similar to other countries, Pakistan’s cyber threats range from Trojan scams to spam, from virus vulnerabilities to phishing traps, from cyber harassment to code errors, from internal infiltration to external attacks, and are omnipresent, with a wide range of types, and they are hard to prevent. According to Pakistani experts, in the coming year, the most cyber threats Pakistan will suffer from will be marked malware attacks and APT (Advanced Persistent Threat), each reaching a quarter of them. With the development of Pakistan’s mobile Internet, the security threats received by mobile phones have begun to become prominent and will reach one-tenth.

Faced with severe security threats, Pakistan urgently needs to devise a strong and effective strategy to deal with it in order to ensure the safety of the country and its people.

The powerless government of Pakistan

Snowden exposed the US National Security Agency’s monitoring and stealing of information from countries around the world. Many people remember such big countries as Britain, Germany, and Brazil. In fact, Pakistan, as a Middle Eastern country that has accumulated grievances with the United States for many years, has also been subjected to information theft by the US National Security Agency. Pakistan’s department responsible for maintaining national cybersecurity, NTISB (National Telecom & Information Technology Security Board) is formulating policies to protect governments, organizations, and enterprises from cyber threats. Pakistan’s cabinet report clearly and directly reveals what the United States has done. As a leading information technology country in the world, the United States is using electronic surveillance, ground, and air intelligent platforms such as satellites, telephone recording equipment, and electronic Mail interception, radio monitoring, and the flow of dissemination technology to capture every move in Pakistan. Such an approach is grand and unreserved. Pakistan’s security services must formulate and implement policies to maintain national security. Since 2014, there have been reports that the network systems of Pakistan’s Ministry of National Defense and the Federal Government have been continuously attacked by “DDoS”. According to the analysis of industry experts, Bakista’s network technology is far from responding to current cyber threats, because defending DDoS requires professionals to organize and track the attackers, and the government’s talent pool in this area is far from enough. Pakistan’s FIA’s cybersecurity department also publicly admitted that they are not yet capable of responding to such cyber attacks.

Pakistan’s cyber protection policy

Currently, Pakistan’s existing legal system to protect cybersecurity and respond to the growing cybercrime is not yet complete. In an era of rapid and varied cyber attacks, the current legal framework is not sufficient to effectively deal with and prevent the rampant behavior of cybercriminals. Cyberspace is incubating new types of crimes, such as hacking (illegal intrusion to obtain data), interference with data and information dissemination systems, online fraud and fraud, malicious attacks on critical information infrastructure, illegal interception, and Trojan horses that monitor information systems Viruses and so on. Facing this unique and unprecedented cybercrime, Pakistan urgently needs a complete and comprehensive legal framework to punish individuals and organizations that violate the law.

The delegation of the Republic of Tanzania once proposed to Pakistan that it is necessary to establish a cybercrime unit CCU (Cyber Crime Unit) to rectify the chaos of cybercrime. And Pakistan also needs to legislate as soon as possible and set up a computer emergency team CERT to ensure the implementation of the law. As one of the least developed countries in the world, Tanzania suffered as much as US$6 million in losses due to cyber-attacks. This has forced a small African country to take the lead in setting up cybercrime teams and computer emergency teams. The situation in Pakistan is even more serious. Every year, the country suffers as much as US$445 billion in losses due to cybercrime and electronic theft. In addition, more than 8 million data records were broken into and intercepted by hackers. Therefore, it is difficult for developing countries like Pakistan to deal with cyber threats on their own. It also needs to cooperate with developed countries and get the support of their technology and knowledge. In January 2017, Pakistan’s Congress promulgated the “Electronic Crime Prevention Act”, which was formulated by the network and telecommunications sector. In this bill, the following issues are focused on. The Pakistani law on cybercrime investigation and evidence collection cannot support current criminal investigations and obtaining electronic evidence. This is because if technical problems are not resolved, it will be difficult to accuse and convict criminals in court;

The operations of generating electronic evidence, retaining electronic evidence, and exposing information dissemination data need to be specialized;

Real-time evidence collection and other capabilities under certain circumstances are necessary for efficient investigation of cybercriminals;

According to the requirements of the constitution, the strength and size of the rights organs that provide protection of civil rights on the Internet and civil rights protection organs in other fields are disproportionate.

While continuously strengthening the existing protection measures and improving the legal framework, the authority that maintains network security must also have its own monitoring mechanism to prevent abuse of rights.

The introduction of the new legal framework will undoubtedly be of great help to the fight against cybercrime and the maintenance of network security. A safer network environment is of great significance to the improvement of network infrastructure, the construction of e-government, and the investment of enterprises and companies in Pakistan. In addition, the protection of the online information of every Pakistani citizen, especially personal privacy, is also the top priority of the policy. Although people now face too many cyber threats in an international network environment, it is impossible for a national government to completely eliminate such cyber crimes. In any case, this legislation is of great significance to Pakistan, because the government takes the initiative to assume the responsibility of maintaining network security, not only paying attention to its own security and business development but also have a positive view of its people. The security of Pakistan’s network environment is at least one more guarantee.

Conclusion

In modern times, the proportion of cyberattacks is rising sharply. Skilled cyber terrorists have mastered cyber technology, and launching a mature, complete and destructive terrorist attack is no longer a problem for them. This poses a great threat to Pakistan’s NADRA system, government information system, and business system. A successful cyberattack is likely to cause the stagnation of government services in Pakistan, the paralysis of the trading market, and the damage to the property of citizens such as mobile banking. Such a cyber attack is less costly than terrorist details on the ground and has great influence. Terrorists obviously prefer cyber-terrorist operations. Furthermore, if Pakistan’s network environment continues to deteriorate, Pakistan’s political stability, social stability, and economic development will be severely damaged. Therefore, Pakistan must take a correct view of cybersecurity threats and national conditions and implement a strong and effective prevention strategy to ensure the safety of its people, enterprises, companies, and government.

Originally Published on https://shahrukhathar.info/cyber-threat-landscape-and-readiness-challenge-of-pakistan/