By: Hammaad Salik
Pakistan’s entire modern way of life, from communication to commerce to conflict, is dependent upon internet, and as a result, cybersecurity issues and challenges emerged. Yet there is no issue so important that remains poorly understood. With every passing day, realization of the degree of cyber threats to Pakistan makes us peruse more on the fragile state of the critical infrastructure of Paksitan in terms of cyber security.
According to the report by Kaspersky – Pakistan has been ranked amongst the most prone countries to cyber-attacks. The report stated that Pakistan has not formulated satisfactory legislation regarding cyber security , neither it has taken solid measures to create awareness and capacity building measures.
“We have entered the critical infrastructure of Pakistan. The moment we get the go-ahead, we will destroy these,” S. Amar Prasad Reddy, Additional Director- General, National Cyber Safety and Security Standards, said speaking at National Cyber Defence Summit 2016”. This wouldn’t be the first time, nor the last Pakistan would be vulnerable to cyber-attacks. In 2017, Shadow Brokers released files of Equation Group (EQGRP) hacking into Pakistan’s Internet infrastructure ranging from Core Routers to Pakistan Telecommunication Green Line Communication Network in order to intercept Pakistan’s civilian and military leadership communication. Furthermore, studies suggest that these agencies have tools to collect CDRs (Call detail record) that are generated on GSM core networks for billing purpose. It means our systems are deeply penetrated. The most notorious was perhaps the SICKLESTAR which was the nickname given to Mobilink GSM’s compromise operation. In 2018 , an incident occurred in which there was the blackout activity on various grid stations in Punjab region of Pakistan; to grid operators, it was a routine load shedding process. Irony in this incident is that no one even considered the possibility of being under a cyber-attack and that clearly attributes to the lack of understanding of cyber realm. Nevertheless, attacks on Ministry of Foreign Affairs website and Pakistan’s Banking systems are a sad realization of how unsecure these networks are. The government and decision makers provide the lame excuses of classified and restricted information and provision of any such information comes under security breach despite knowing the fact they are already compromised.
We have a major knowledge gap when it comes to cybersecurity in Pakistan. This is exuberated by lack of a legal framework and policies to govern it. Pakistan does have the Electronic Crimes Prevention Act of 2016, the primary aim of which is to counter online harassment and terrorist content. This act however draws criticism for severely impacting citizens’ rights to expression and privacy by taking advantage of grey areas in the act and by hiding behind vague language. Such loopholes may lead to curtailment of free speech and unfair prosecutions. Pakistan is in dire need of a comprehensive action plan which should include Presidential Directives, National Cyber Strategy and Cyber Awareness programs. Any plan that does not include all relevant stakeholders, agencies and departments cannot be an accurate action plan. The numerous drafts of action plan that so far have been put forth did not include all stake holders and governing bodies.
A major part of this disconnect is lack of experience and knowledge among leaders sitting at those decision seats. Todays’ youth are digital natives born into a world where computers have always existed. Unfortunately, the world is being run by “digital immigrants”, older generations for whom computers and all the issues the Internet age presents remains unnatural and often confusing. It is not solely an issue of age. If that was the case, we could just wait until old farts die and all would be solved. Cybersecurity is one of those areas that has been left only to the most technically inclined to worry their uncombed or bald heads over. A few months back we had a conversation with one of the country’s finest intelligence official regarding prohibiting the use of pirated and nulled Windows operating software on critical workstations within their department. The official stated that his 15-year-old child can purchase a pirated Windows DVD for Rs. 50 and install it on multiple workstations instead of buying an original with a $300 price tag. As James Mulvenon- computer security expert explained “Therefore, Pakistan is right when it says that it is a victim of hacking, but the main culprit is its own disregard for intellectual property, not state sponsored espionage”.
“All that cyber stuff, I mean is cyber even a real threat now!” – says Senior Government official in Pakistan. To date, majority senior officials in the Pakistan’s Government and Military have their assistants print out the emails, while they would respond back in pen, then have the assistants type back the emails. I mean these are the people tasked with defending the nations Critical Infrastructures and Key Technological Resources. Interestingly majority of the machines in use by various Government departments and agencies have outdated or unpatched operating systems and other software’s. Irony is every time one of these organizations get compromised we let out a wide range of emotions from anger to frustration. Pen-test any of these Government organizations and we will find that majority of these machines in use have Windows 98 and Windows XP still running on them.
Unfortunately, Pakistan’s government, military and commercial sector has been unable to have a productive brain storming session and/or cross share ideas amongst various decision and policy making bodies. This lets us to ask the question to have we been unable to devise a much needed comprehensive and effective cyber policy for our country as a result of a game of egos amongst the various aforementioned sectors.
Hammaad Salik is an entrepreneur and member advisory Strategic Warfare Group. He aims to provide accurate and transparent cyber information to the general public. His expertise are Cyber Warfare Operations and Kinetic Warfare. He can be reached at [email protected].
From our Print Edition