According to the latest United Nations data, as of Monday, May 05, 2022 the current population of Pakistan is 228.81 millions. According to the United Nations Human Development Index Report, Pakistan is Ranked on 154 among 189 countries for education with a Literacy Rate of 59.10%.(adults age 15 and above). Pakistan GDP Annual Growth Rate is 5.79. Pakistan has a growing semi-industrialized economy that relies on manufacturing, agriculture and remittances.
In March 2013, former CIA contractor Edward Snowden revealed that Pakistan was among the countries most targeted for surveillance by the U.S. National Security Agency (NSA).
Past Cyber Attacks in Pakistan
In 2019, the mobile phones of some senior Pakistani officials were hacked for covert surveillance. The malware infiltrated a phone by making a missed call on the targeted number and turn on the phone’s camera and microphone as well as gained access to messages, emails, contacts, and passwords. The malware also had the capability of determining the GPS location.
Multimillion-dollar Pakistani vehicle-for-hire and parcel delivery company in Karachi was attacked. Almost 400+ million files up to 200+ gigabytes were leaked. The server location was found to be in Boydton United States.
Problems in Pakistan Cyber Security
The laws regulating the Pakistani cyber-space are very minimal and can be easily evaded by someone with a little knowledge of the computer systems.
Unregulated cyber-space has fuelled the impact of terrorism, where terrorist organizations use the digital information medium to spread violence, terror and extremism with quite ease. The case of Naureen Leghari who was a 2nd year student in medical college. She joined the IS through extensive use of Social Media and was later apprehended by Pakistan authorities.
Cyber Propaganda is the use of cyber-space to spread violence, anti-state agenda and narrative of extremism by individuals, political and religious groups. The rise of Tehreek Labaik Pakistan (TLP) to promote religious violence has twice put Pakistan in difficult times both in 2017 and 2018.
Lack of Awareness of Public
The most critical problem that Pakistan faces in cyber-domain is the lack of understanding of the public on how to use the internet/social media platforms.
Economic Disruptions in the cyber-domain is considered as the most critical because the purpose of such cyber-attacks is to target the economic system of any country, which can create panic among the public.
Cyber-theft is the stealing of money targeting internet- based trading and banking companies. Pakistan witnessed such kinds of attacks most recently in November 2018, when people were deprived of millions of rupees using unauthorized online transfers. Pakistani authorities were helpless to explain the incidents. Until now no criminal is identified
Police in Pakistan say the use of digital currencies, including bitcoin, for international terror financing, as well as crimes such as extortion and ransom, is on the rise as authorities move to crack down on illegal methods of money transfer.
At the same time, The Pakistani province of Khyber Pakhtunkhwa is planning to build two hydroelectric-powered pilot “mining farms” to capitalise on a global cryptocurrency market.There is a gap between policy makers, policy and crypto industry in Pakistan.
Ransomware are virus softwares that are used to infect target computers and encrypting its data unusable until a specified ransom is paid-off to the unidentified attackers to decrypt the data for using again. Most of the time the attackers demand the money in crypto-currencies which makes then difficult almost impossible to track down the attackers. No such attacks are reported in Pakistan but it still can be a threat to Pakistan.
These attacks are also known as “cyber-to-physical effect,” when the hacker/attacker reaches the real world from his virtual computer world results in a catastrophic consequences.
Sabotage in the domain of cyber-warfare is considered as the attack, where the target of attackers is the computer systems controlling critical infrastructures, such as Nuclear Weapons, Nuclear Power Grids, Electric Distribution Systems etc. Pakistan luckily has not faced such kind of attacks.
Data breaches have emerged as critical failures in information and communication systems. Example is data breach of delivery app in Karachi.
Relying on Foreign Equipment’s
The use of foreign equipment in the domain of information and communication technology is one of the most ill researched areas in cyber-space. Most of the computer systems used around the world is developed by major powers and used in the critical infrastructure of many countries. The use of such systems can be exploited if the manufacturers leave a back door, backchannel, RAT (Remote Access Trojan), etc. in computer equipment. Pakistan like most of the countries around the world relies on foreign computer equipment’s from small microprocessors, embedded systems to heavy- duty industrial computer system, which can at some time in the future pose a threat to the national security.
Challenges for Cyber Security in Pakistan
With regards to setups responsible for cyber security in the county, only selective Cyber Security Incident Response Teams (CSIRTs) are operational at organisations level in public and defence sectors. There is a void which needs to be bridged in terms of requisite legislation, implementation framework and lead organization, mandated for national cyber security.
Although, to undertake academic research, National Center for Cyber Security was established in 2018, but gap between supply and demand of talented cyber security experts still exists. Pakistan relies heavily on imported hardware and software & is vulnerable to foreign exploitation through imbedded malwares, backdoors and chipsets.
Technologies for Cyber Security
The old IT world is dead and cybersecurity professionals in Pakistan have to deal with new threats created by the IoT, the Cloud, mobile, and wearable technologies. Data that was initially contained in systems is now traveling through data centers, routers, and other hosts. Cybercriminals have become smarter and they are using:
- Spying software
- MiM (Man-in-the-Middle) to listen to data conversations: A man-in-the-middle (MitM) attack is when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MitM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data.
- Memory-scraping malware or RAM Scrapping malware is a malware that scans the memory of digital devices, notably point-of-sale (POS) systems, to collect sensitive personal information, such as credit card numbers and personal identification numbers (PIN) for the purpose of exploitation. It examines memory to search for sensitive data that is not available through other processes. In order to avoid weakness in the face of memory-scraping malware, it’s suggested that users use a secure web browser with a memory sandbox or simply avoid putting secure data on a computer in the first place.
In such a scenario, anti-virus and firewalls among other tool-based security approaches won’t cut it. According to a recent report by Gartner, by the year 2020, over 60 percent of digital businesses will have collapsed due to the inability of their cybersecurity professionals to protect the new technology.
The cloud has a major impact on the revolution of security technology. More and more businesses and government agencies are embracing the cloud technology every day to store vital information. The cloud provides for more security approaches and techniques.
Mechanisms such as virtualized firewalls, virtualized intrusion detection, and preventions systems, and virtualized systems can now be used from the cloud. For example, most businesses have increased their data center security by using IaaS services.
The shortcomings of using usernames and passwords are well known, and there is a need for a more robust and secure form of authentication. One of the recent technologies is the use of authentication hardware.
For example, Intel is now using this technology where it combines a variety of hardware-enhanced factors simultaneously to validate a user’s identity. Hardware authentication is particularly important in IoT where networks need to make sure that anything trying to gain access to it is permitted to do so.
After a person’s credentials have been compromised, a cybercriminal who has them can penetrate a network and engage in malicious behaviour. Such a behaviour can trigger a red flag to the existing system defenders if they are using UBA (user behaviour analytics). This technology uses big data analytics in order to detect any unusual behaviour. This technology is important, and it helps address blind spots in a business security system.
AI and Machine Learning
This technology is able to collect data from the global information network and use it to adapt to any new types of threat. As such, hardware and software is becoming more intelligent without human input and is becoming increasingly adept at pre-empting security threats and adapting as needed. Pakistan needs to start university level programs for Cyber Security and Artificial Intelligence to train their new cyber space force.
The National Association of Software and Services Companies (NASSCOM) says the consistent growth in cybercrimes and rapidly increasing demand in the Indian cybersecurity segment will require 1 million cybersecurity professionals by 2020. Which is 0.1% of its population (1billion).
Its appropriate for Pakistan to at least train 0.1% of its population as a cyber security professionals that is 21600 individuals.
- As of 2019 report, the country has 2,60,000engineers registered with the PEC in various fields.
- Pakistan should start a training program, recruit some of the country’s most talented and innovative young individuals and then teach them Cyber Security & Defence Strategy.
- Establishment of labs in various domains of Cyber Security in universities to meet diverse end users’ requirements.
- Conduct training programmes and workshops for skill force production and sustainable labs growth.
- Cyber Specialists must identify the immediate and future cyber threats and collaborate with policy makers to formulate a cybersecurity strategy accordingly
- Agile legislation in synch with technology. The legislation in Pakistan is not synch with Technology. By the time, the legislation is finalised for any particular technology for example, 3G the new technology 4G is already in the market and needs to be dealt with.