Lack of cyber security laws in Pakistan
VARIOUS initiatives have been put in place by federal and provincial institutions and sectoral regulatory agencies under legislation like the Electronic Transaction Ordinance, 2002, which only applies to electronic banking transactions and documentation.
The Investigation for Fair Trial Act (IFTA) 2013, and the Prevention of Electronic Crime Act (PECA) 2016, which only apply to some but not all internet-connected criminal activities.
Only a small number of dedicated Cyber Security Incident Response Teams (CSIRTs) across government, industry and the military are currently active at the organizational level to address cyber security incidents.
However, the primary agency tasked with ensuring national Cyber Security must be strengthened, and current legal and institutional frameworks must be improved.
Constant assessment, evaluation, and enhancement of the Cyber Security legislative framework, structures, and procedures are essential.
Digital assets in Pakistan are not adequately protected by the law. There is an urgent need to alter Cyber Security law in such a way that it should retain the interest of the community in text and spirit without fail, as the current legislation fails to do so.
Accordingly, a well-structured legal framework may facilitate conformity with a centralized and comprehensive compliance system.
Cybersecurity’s legislative basis, procedures, and operations must be continuously monitored, assessed, and improved, or they will become ineffective and pose a threat in and of themselves.
It’s important to keep an eye on, evaluate, and enhance how well the Cyber Security policy’s compliance structure is being put into practice.
In that regard, a comprehensive strategy and the right legal and technological frameworks may assist to identify the possible hazards and repercussions related thereto, and it could properly examine and ensure that no weak area is left for the wrongdoers to exploit.
When information is considered a financial asset, it is subject to the same risks and dangers as any other financial asset.
One of the first things that should be done to improve global IT security is to establish a complete Cyber Security policy that will address the threats and difficulties.
Knowledge-based economies rely heavily on the free flow of information. Due to the time-sensitive nature of information’s value, its administration, governance, and legislation must be coordinated on a national level utilizing all available resources.
Due to its delicate nature, difficult domain, and widespread use, cyber security necessitates administrative backing.
Cyber security can only be guaranteed with well-designed systems for management and administration, policymaking, and law enforcement.
Cyber security is at risk if there is either a lack of regulatory mechanisms or inadequate regulatory systems.
Limitations in Cyber Security will result from a lack of the necessary capabilities, and Cyber Security is a quickly expanding subject that requires an updated regular collection of appropriate skills and resources.
In addition, there is a growing difficulty in meeting the demand for and supply of digital workers.
The lack of a system to ensure an adequate supply of these talents and resources poses a risk to national cyber security.
In the absence of extensive or even minimal joint declarations among the relevant parties, countries risk having their data colonized by organizations located in other countries.
There is a risk that threat actors may contaminate the information domain, and that personal citizen data will be sold to 3rd parties without proper authorization.
When information is freely shared and then misused, it may be used to exploit vulnerable groups in society.
The lack of data stewardship, poor data integrity, and lack of data governance all lead to inaccurate information resources, which in turn threatens Cyber Security.
In order to effectively counter risks, threats and assaults, many reaction teams must work in tandem.
A significant risk arises from the lack of such teams and the insufficient coordination between them.
It’s mostly because partner organizations have poor Cyber Security practices and infrastructure.
The effectiveness of any Cyber Security ecosystem relies heavily on the capabilities of its supporting companies.
Because of resource constraints, incident and issue management will involve risk assessment and mitigation.
An enterprise risk management activity that requires and encourages enterprises to establish their own guidelines is essential to achieving the goal of risk management and adopting a risk-based strategy.
Each entity and organization will also be responsible for developing and updating its own risk management strategy.
It might take some time for the policy’s implementation mechanism to reach full functionality.
As a result, during this transition period, we will make use of the existing capacities and capabilities that state organizations and institutions have that are conducive to the execution of this policy, and we will continue to use these capabilities and establishments as part of an all-encompassing implementation of government policies.
Sectoral bodies, such as those in banking, telecommunications, education, and regional institutions, would be given the authority to strengthen the country’s Cyber Security posture in order to accomplish the short, medium, and long-term goals.
Capacity building of important stakeholders around specified policies, regulations and protocols should be prioritized and scheduled to accomplish the objectives.
After every three years, or more frequently, if necessary, in response to new global cyber trends or technology developments, the appropriate agency must meet with all interested parties to reevaluate the National Cyber Security Policy 2021.
Improving Pakistan’s standing on international benchmarks and metrics in the ICT sector will need to concentrate on the following.
(i). Determine where Pakistan stands in the global ICT market in terms of business and innovation climate, infrastructure, cost, skill preparedness, and social effect.
(ii). Help the efforts to enhance information sharing with global rating agencies.
(iii). Improve technology to enable digital signatures and electronic transactions, and mandate digital certifications to verify the identity of individuals and companies.
(iv).Inspire the development of a Public Key Infrastructure (PKI) that can grow to meet the needs of the company in the future.
(v).The proliferation of certification service providers is essential to ensuring the safety and credibility of e-commerce, financial technology, and other government-to-citizen services delivered online.
—The writer is a Cyber Security Expert based in Beijing, China.