National Cyber Security Authority to be Established by 2025

Pakistan is set to establish a “National Cyber Security Authority” by 2025, mandating that all organizations in the country deploy security-certified infrastructures starting from July 2028. This initiative is focused on preventing data breaches and cyber attacks on national institutions and private organizations from foreign sources.

The existing National Cyber Emergency Response Team (CERT) will be transformed into the new National Cyber Security Authority. This authority will set up a lab to test and certify the security of hardware and software infrastructures before their deployment in the country. The lab certification will become compulsory for all organizations by July 2028, according to Business Recorder.

Currently, Pakistan lacks robust cyber security infrastructure and capabilities. The establishment of the National Cyber Security Authority and the mandatory security certification requirements aim to address these gaps and strengthen Pakistan’s overall cyber security posture.

While several key government organizations like the Pakistan Telecommunication Authority (PTA), National Database and Registration Authority (NADRA), and State Bank of Pakistan (SBP) have been effective in protecting consumers, clients, and national data, they have been operating in silos with minimal cooperation and coordination. The head of CERT is working to bring these organizations together on a single platform to enhance collaboration and improve Pakistan’s cyber security efforts.

In comparison, the private sector in Pakistan is more advanced in terms of cyber security compliance, measures, controls, and services. The CERT head has invited the private sector to partner with the government to establish a public-private collaboration aimed at better facilitating the nation’s cyber security efforts.

Pakistan is currently ranked 79th globally in cyber security measures. However, initiatives are underway to improve this ranking to the 50th position. Past incidents have shown that many Pakistani organizations, including key state-owned entities, have faced data breaches, with evidence suggesting that most of these attacks originated from outside the country, particularly from India and Chinese Advanced Persistent Threats (APTs).

“The financial sector remained the top focus of cyber attackers,” said Shaukat Bizenjo, Additional Director of the SBP Digital Financial Services Group. An IMF study indicates that 20,000 cyber attacks have occurred in the past 20 years, resulting in losses of $20 billion globally, with $12 billion of that lost by the financial sector alone.

Additionally, the Pakistan Software Houses Association for IT & ITES (PASHA) Chairman Muhammad Zohaib Khan highlighted the significant underreporting of Pakistan’s IT exports, stating that actual IT exports stood at $6-7 billion in FY24 compared to the reported $3.2 billion. He projected that reported IT exports would soar to $5 billion in the current fiscal year.