The recent cyber-attack against the National Bank of Pakistan (NBP) once again reminds us of the complexity of cyberspace and the enormous impact of a cyber-attack. The attack was identified on 29th October 2021 and different services of the bank were unavailable over the weekend. The IT Minister stated on Monday that no data had been lost and the hackers were unable to take out the bank’s servers. He also shared some glaring statistics which showed the importance of a robust cyber security system for the country.
Cyberspace is a man-made domain and acts as an enabler to operate and live in the natural domains. Advancements in cyberspace have resulted in an information revolution, transformed into the fourth industrial revolution, where cutting edge technologies such as artificial intelligence, machine learning and big data are helping to accelerate digital transformation in both the public and private sectors.
Cyberspace impact is enormous; regardless of whether someone belongs to a developed country or a developing one, is living in the city or a village, everyone is a cyberspace user due to its pervasiveness. Entry into cyberspace is relatively easy and less costly; hence this domain is not limited to state actors, non-state actors are equally well placed to operate in it.
Cyberspace has created opportunities for state and non-state actors to maximize their gains and further their agenda. With the existing trend of cybercrimes, such as hacking for monetary gains by cyber criminals and carrying out hacking attempts by script kiddies to win fame, states are using cyberspace as another domain to maximize their power. Military graded cyber weapons are being used for strategic gains. The Stuxnet malware added a new dimension to cyber weapons and proved that now sophisticated software can be used for the physical destruction of intended targets. The Pegasus spyware is another example of the sophistication of cyber weapons; a call by a predator, whether attended or not, can compromise the prey’s cellular phone and can steal sensitive data such as text messages, photos, videos, etc. Due to its multi-dimensional impact, cyberspace is central to hybrid war. Information operations always play a significant role during conflicts; however, due to the increased role of cyberspace information, operations are also becoming frequent and sophisticated.
The impact of cyberspace is wide ranging and diverse and influenced our households as well. While it contributes positively to online learning, for instance, it is also threatening our values as an abundance of conflicting content is available on different platforms. Parental control is imperative to prevent misleading the younger generation.
Pakistan is a developing country with a per capita income of around $1543 p.a. However, internet penetration in the country is satisfactory. Mobile connectivity is available for 77.7 % of total population. In 2018, the current government began a digital Pakistan initiative which is aimed at increasing connectivity, providing enhanced digital infrastructure and encouraging innovation and entrepreneurship. It is worth mentioning that previous governments also provided an enabling environment for the IT sector by reducing tariffs for the IT industry. Initiatives such as the previous government’s CM Punjab Laptop scheme also effectively contributed to enhancing computer literacy in the country.
Over the years, the country has undertaken digital transformation for better government-public coordination. IT solutions such as the NADRA database, land automation records, safe city projects, and the online tax return system of the FBR are some of the projects which are part of this digital transformation. The IT industry also blossom during the COVD-19 pandemic and IT solutions such as edTech and FinTech helped to sustain life. The growth of e-commerce was also accelerated.
Pakistan is ranked among those developing countries where both public and private organizations are increasingly deploying online administrative and service systems. In this regard, the National Database and Registration Authority (NADRA) is the most important and sensitive public entity as it centrally holds the national Identity Documents (ID) database of the Pakistani citizens. The NADRA shares online information of citizens with banks, the Election Commission of Pakistan, immigration and passport departments, mobile networks and security departments. For modernization and better efficiency, a number of Pakistan’s public corporations are increasingly providing e-services in the economic, social and security sectors. In Pakistan, the E-Government Directorate was established in 2002 under the IT Ministry, and was renamed as the National Information Technology Board after the merger with the Pakistan Computer Bureau in 2014. Consequently, the country is able to take advantage of of ICT-based services, including Automatic Teller Machines (ATMs), internet banking, online payments and online stock exchanges. Some social sectors, such as educational institutions, hospitals and police departments (Khyber Pakhtunkhwa), also deliver e-government services.
Despite the fact that Pakistan has embarked upon digitalization and a lot of ground has been covered in this regard, no significant measures have been taken to prevent cyber threats. The National Cyber Security Policy-21(NCSP-21) was approved in July in line with the government initiative of Digital Pakistan-18. No headway has yet been made for this policy. It outlines a central body to oversee implementation, remove bureaucratic hurdles and ensure capacity\building to address the changing landscape of cyber threats.
The cyberspace of Pakistan is under constant attack from adversaries. On 27th July this year, the Information Minister stated in a press conference that over one million cyber-attacks had been launched against Pakistani cyber systems and they were successfully thwarted by the national Telecom Company. The minister also said that cyberspace was secured by adapting requisite measures. However in cyber space, offence has a significant advantage over defence, due to changing threat vectors. Hence it was observed that the FBR data center was successfully attacked by hackers and was the NBP system more recently.
Pakistan is the victim of a hybrid war. India launched a series of misinformation operations against Pakistan on 9th December 2020; the smear campaign was unearthed by the Disinfo lab. Pakistani intelligence agencies also traced the origin of a misleading email that disrupted the New Zealand cricket team’s tour to Pakistan in September this year.
Pakistan is a vibrant IT market ready to harness the benefits of the fourth industrial revolution and is among the few developing economies which are well poised to tackle 4IR challenges due to a better available infrastructure. Pakistan is blessed with the strength of a youth bulge which can prove to be a major player. Now it is imperative that the country should implement NCSP-21 at the earliest to prevent any further compromise of vital national data. Efforts should be made to enhance the capacity building of existing IT experts in the public sector and more cyber security experts should be inducted in organizations responsible for the cyber security of the country including, the NTC. The government should also consider legislation for persecution of the defaulter, whether in the private or public sector, for losing data as accountability will induce responsibility and will improve the performance of all those who are responsible for the country’s cyber security.