An Insecure Cybersecurity

In Blog, Cyber Security, Economic Security
November 14, 2022
Rania Yaqub
53 Views
0 comments

Pakistan’s cyber security protocols are in shambles as the country faces yet another alarming cyberattack at the highest office following several more in the past few months. The state has recorded more than 60,000 cyber crimes in the first quarter of 2022, as reported by the DG FIA. The startling question is, why is this

Pakistan’s cyber security protocols are in shambles as the country faces yet another alarming cyberattack at the highest office following several more in the past few months. The state has recorded more than 60,000 cyber crimes in the first quarter of 2022, as reported by the DG FIA. The startling question is, why is this not alarming state leaders more? How does this affect Pakistan, and what course of action is needed from our state against such grave human and national security matters.

Tactics of war have changed over the years. Unlike previously, wars are now seldom fought on ground borders and could more likely occur through a computer screen click. Anonymous hacker groups, including those that operate as criminals and those claiming to be vigilantes exposing world leaders in an attempt to serve justice, have been an existing threat for decades. However, we now see the alleged involvement of government alliances in launching cyberattacks against enemy territories. It is more pressing than ever for Pakistan’s cybersecurity threat to be considered an acute danger to our national security.

Most recently, news of a shocking, grave violation came to light when several audio files allegedly recorded in the Prime Minister of Pakistan’s office were released on the internet by an anonymous hacker. These leaked audios contain purported conversations of the country’s current and ex-PM, as well as several state leaders. Fawad Chaudhry of the opposition party Pakistan Tehreek-e-Insaf claimed in a recent tweet that more than 100 hours of further conversations held in the PM office have been available for sale on the internet since August/September. This egregious security lapse shows that even the most secure office in Pakistan held by the country’s Chief Executive has been exposed to crimes of cyberattacks. An incident like this would further cause an incredible lack of trust in our systems within the international community, where one would think twice about the conversations they have in the PM’s office.

Over the years, multiple incidents have surfaced where the vulnerabilities in our cybersecurity have been exposed through various attacks. According to a report by AlJazeera, in 2019, a covert surveillance of senior Pakistani leaders was carried out through hacking of their mobile phones via Whatsapp using a software called ‘Pegasus’. This gave the hackers access to the GPS location, mic, and camera through their mobile phones. The software is allegedly known to have been developed by an Israeli software company, the NSO group. Since Indian authorities used it at the time, it is alleged that they were the perpetrators of this attack.

The statistics of cyberattacks against our state institutions are profoundly grave. A report by the Tribune states that just in the year 2021, a million cyber-attacks were launched against Pakistan. More recently, the Federal Board of Revenue encountered a cyber security breach where the hackers successfully paralysed the organisation’s operations for several hours while gaining possession of confidential taxpayer data, which was put on sale on a Russian forum for an amount of $30,000. K-Electric, a major electricity distribution company in Pakistan, was hacked and held at ransom, which, when not met, resulted in the hackers leaking nearly 8.5 GB of confidential data on the dark web, risking the information of innumerable customers.

The banking sector as well has not been spared by cybercrime. In November 2018, almost all the banks operating in the country had their data breached, affecting nearly 20,000 banking customers and resulting in massive losses. Moreover, the State Bank of Pakistan was under a cyberattack in October 2021, causing service to be temporarily halted, as reported by The Tribune. Most recently, in April 2022, United Bank Limited (UBL) underwent a data leak which resulted in fraudulent financial transactions of customers and jeopardised classified user information.

The government needs to investigate where and why our cybersecurity paradigms are collapsing. Pakistan’s Senate Committee on Foreign Affairs issued a warning in June 2017 stating that Pakistan was a prime target of cyber espionage. Yet, no agency is entirely devoted to investigating and combating cyber threats like the USA’s Cybersecurity and Infrastructure Security Agency (CISA). Pakistan’s National Response Center for Cyber Crime (NR3C), a unit of the Federal Investigation Agency (FIA), is deficient in resources and manpower, hence lacking the infrastructure to shield critical national security paradigms.

Pakistan has had several of its industries, energy, banking, private and public sector organisations, be a target of cybercrime. It is necessary that the government impose regulations that mandate stringent cybersecurity protocols for government departments as well as all public and private sector organisations. The Prevention of Electronic Crimes Act, 2016 lacks several aspects of cybersecurity paradigms. More recently, Pakistan’s first Cyber Security Policy 2021, approved by the Federal Ministry, was the first step by the state to protect data and prevent cybercrime. Yet cybersecurity experts claim that such security breaches will continue to happen and jeopardise human and national security until the government imposes strict regulations and hefty penalties for industries investing in cybersecurity. This highlights the dire need for required legislation to counter cybercrime which Pakistan currently lacks.

To identify this as a grave threat, it is paramount that awareness is created amongst the masses of the cybersecurity regime. A two-day programme held in 2021 called the “Digital Pakistan Cyber Security Hackathon 2021”, inaugurated by the Federal Minister for IT and telecommunications, was a prime example of informing the public of mechanisms that protect them from cyber attacks, as well as creating a wider community of cybersecurity experts across the country. Moreover, the government must conduct drives and programmes for the young and upcoming field with the latest cybersecurity protocols and technology and provide training platforms for future cybersecurity experts.

In a time when everything is digitised, and industries depend on artificial intelligence and big data analytics, it is crucial for the government to identify it as one of the gravest threats against our national security. Unless protocols are in place to combat the threat of cybercrime and ways to retaliate against it, Pakistan’s national, human, and economic security will remain at stake.