The federal cabinet on Tuesday approved the National Cyber Security Policy 2021, which is meant for data protection and prevention of cybercrimes.
Minister for Information and Broadcasting Chaudhry Fawad Hussain announced the approval during a press briefing, which addressed the decisions taken by the federal cabinet in a meeting chaired by Prime Minister Imran Khan.
The government also approved a new policy for foreign investment, the information and broadcasting minister said. The policy is meant to provide security to international investors and reduce international litigation against Pakistan’s bilateral agreements.
The cabinet also approved the government’s Advertisement Policy 2021, under which advertisements will be made digital while ensuring transparency.
National Cyber Security Policy 2021
The policy states its vision “to develop secure and resilient cyber systems and networks for national cyber security and response.”
The policy pointed out that due to the absence of an indigenous national ICT and cyber security industry, the country relies mostly on imported hardware and software. “This reliance along with absence of national security standards and weak accreditation have made Pakistan vulnerable to foreign exploitation through imbedded malwares, backdoors and chipsets,” the policy states.
This framework proposed by the policy is meant to secure the entire cyberspace of Pakistan, including all information and communication systems used in both public and private sectors.
To achieve its objectives, an implementation framework shall be developed by a designated organization of the federal government. This organization shall also act at the Central Entity at the federal level for implementation of all matters related to cyber security.
The Central Entity will augment the technical capabilities of law enforcement agencies to identify cybercrimes. It will also coordinate with other cybercrime agencies for sharing of information, and will embed cyber security in public and private service networks vulnerable to cybercrimes.
“At this point, a comprehensive cyber security policy to protect the key infrastructure, and the digital rights and data of the Pakistani citizens is extremely important, and thus the policy has come at the right time. However, we also need to consider that most data breaches in Pakistan’s critical infrastructure, mainly NADRA, haven’t been caused by massive cyber attacks. Most of them have been either internal breaches or through weak links, such as external actors and companies. Therefore, in addition to a comprehensive cyber security policy, it’s equally important to develop a culture of cyber safety, especially in the critical infrastructure and networks,” Asad Baig, co-founder of Media Matters for Democracy, said.
A Cyber Governance Policy Committee (CGPC) has also been set up to assert national level ownership to policy initiatives related to cyber-governance and security.
The committee will be responsible for strategic oversight over national cyber security issues. It’s core functions include expediting formulation and approval of the National Cyber Security Policy and Cyber Security Act. It will also assist in addressing requirements of organizational structures, technical, procedural and legal measures to support the policy mandate and implementation mechanisms.
The CGPC will also carry out consultations on aspects related to cyber governance on a regular and permanent basis. It will assign roles to national institutions for collaboration with global and regional organizations.
CGPC will also provide guidance to align policy with emerging cyberspace requirements through updates and periodic reviews.
The policy recommendations of CGPC will be approved/endorsed by the Federal Cabinet.
Frameworks and regulations for cyber governance will be formulated in consultation with stakeholders.
The policy is subject to inclusive review after every three years, depending on technological advancements by the relevant organization in consultation with all stakeholders.