Can laws help secure Pakistan’s cyberspace?

In Blog, Cyber Security, National Security
January 19, 2022
Fatima Nawaz
34 Views
0 comments

Over the past few years cybercrimes and offenses have emerged as a major threat to cyberspaces of states. Hence cybersecurity is gradually becoming a matter of national security for states. Quite recently, the Pegasus hacking spyware scandal prompted the Pakistani Government to formalize its first ever National Cyber Security Policy. Previous initiatives such as the

Over the past few years cybercrimes and offenses have emerged as a major threat to cyberspaces of states. Hence cybersecurity is gradually becoming a matter of national security for states. Quite recently, the Pegasus hacking spyware scandal prompted the Pakistani Government to formalize its first ever National Cyber Security Policy. Previous initiatives such as the Prevention of Electronic Crimes Act (PECA), have been poorly implemented hence remain more or less obsolete. What needs to be considered now is whether the cyber security policy provides ample security to Pakistan’s cyber spaces or does Pakistan need to alter the policy with respect to international best practices.

Pakistan’s initiative to formulate a cyber security policy is a step that is welcomed by those who are aware of the threat cyber offenses pose to Pakistan. Headed by the Ministry of Information Technology & Telecommunication, the policy aims to protect data and confidential information whilst trying to construct a framework to prevent any future cyber-attacks. It seeks to protect citizens from cyber-attacks and to be able to give required support to individuals and organizations to ensure safety in cyberspace, along with forming a legal structure to tackle issues of cyber security. For the implementation and oversight of regulations, the Cyber Governance Policy Committee (CGPC) is part of the policy.

Pakistan’s attempt at securing its cyber space is not only internally beneficial but also holds some international importance. This is to do with Pakistan’s ranking on Global Cybersecurity Index (GCI) 2020, out of the 18 Asia- Pacific states on the Index Pakistan ranked 14. The GCI is a trusted measure of how committed a country is to protecting its cyber spaces and upgrading its cybersecurity laws. It is expected that through these security measures taken by the Government Pakistan will also improve its ranking globally. Previous results indicated the lack of commitment to issues of cyber security, however if the Government continues to work for the cause, Pakistan will be recognized for its efforts.

The policy was much needed especially in times where hacking spywares is being used on national levels to track and trace high government officials, including the current Prime Minister of Pakistan. Recently, the Pegasus scandal was unveiled by international media, which showed the extent to which hacking spywares is being used. With the advancements in technology it comes as no surprise that software technology is able to spy on individuals through their own devices. The Pegasus spyware is a greater concern for Pakistan since it is licensed by an Israeli cyber-arms firm, and one of its biggest clients is India. This shows that the threat of cyber-attacks is not only high but also imminent.

It comes as a great surprise that despite India being one of the biggest clients of the hacking spyware, it does not have a dedicated cyber security policy. Issues of cyber security within India are dealt with under the Information Technology Act (2000), which was amended in 2008. Cyber Regulations Appellate Tribunal (CRAT) covered under the IT Act, 2000, is the chief governing body established by the Central Government. Recently there have been discussions on the need for a policy which is focused on the issue of cyber security. That is not to say that the IT Act completely disregards the issue of cyber security, it is the fact that the regulations are not enough to protect the cyberspaces. In today’s world where everyone is interconnected the concerns regarding cybersecurity have increased. As the world moves forward one cannot expect to not interact with the outside world. Hence it is important to have separate laws and policies to tackle issues of cybersecurity and possible attacks.

Countries that do have dedicated laws are only a few, those include China, Vietnam, Singapore. China especially has stringent guidelines in place for cyberspaces. Not only that, China is constantly working on improving and setting new rules and regulations. Recently the Chinese government passed the Data Security law (DSL) in June 2021. This law seeks to protect critical information and confidential data relating to the national security of the country, whilst also classifying data based on its level of importance. The law is expected to have an impact on companies and organizations that possess data relating to national security and those who hold masses of public data. At that time the security protection regulations on the critical information infrastructure (CII Regulations) were also passed. This applies to IT networks critical to national security and public interest, which indicate China’s commitment to the matter and its enthusiasm to have a well-rounded system of cyberspace governance.

The discussion above is also telling of the fact that in this era of technology and advancements, cyber warfare is becoming increasingly popular. To remain oblivious of the fact is naivety on behalf of the state. Cyber space needs to be protected in the same way as land and airspace of a state is protected. Pakistan can learn from China’s dedication to the issue and start building up a comprehensive system of cyberspace regulations. As far as Pakistan’s own National Cyber security policy is concerned, it has been highlighted before and needs to be considered again, that cyberspace falls under national security and hence should be dealt with by the National Security Division. Moreover, the policy emphasizes on development of cyber security regimes through R&D programmes however policymakers have not yet allocated any funds for said projects.

Hence, it is essential that the Pakistani government focuses not only on devising policies, but also on mitigating issues that arise with regards to said policies. Without a comprehensive action plan it is highly unlikely that a state would be able to counter any cyber-attacks coming its way. Furthermore, the complete implementation of any present or upcoming policies is again a matter of consideration. Foregoing the implementation of a policy is essentially rendering the policy useless. Therefore, as long as the government is dedicated to ensuring that the policy takes its course of action, Pakistan is still in a much better place compared to neighboring states.