Cyber Vulnerabilities of Pakistan

Author Name: Abdullah Rehman Butt & Amna Tauhidi      18 Feb 2020     Cyber

The digital revolution is an intense transformation of the contemporary world. The most important outcome of this revolution is cyber technology, as every type of technology is somehow related to or dependent on it. Cyber technologies were once just thought to be communication and computation only. But now, they have expanded to incorporate every underlying sector that runs our modern-day life, which includes food distribution, banking, transportation, resource management, and most importantly, all aspects of state-governance. Consequently, people from every field and nation are connected to each other, hence making the world a global village. However, this interconnectedness also poses some vulnerabilities. The privacy of an individual is compromised. The relations between states and the relations between a state and its citizens are driven by perception management performed on digital platforms.

Today, critical infrastructure and many public services rely on digital networks that can easily be attacked from any corner of the globe. Because networks are becoming more complex with the passage of time, therefore, vulnerability is also on rise. Recently, an organization named Broimum conducted a study that showed how digital crime revenue grew 1.5 trillion dollars annually in illicit profits. Similarly, as per the calculations, worldwide spending on cybersecurity is also forecasted to reach $133.7 billion in 2022.

Because of known vulnerabilities, the security of cyberspace has become one of the major challenges in the national security, public safety, and economic domains that every nation-state is facing in the 21st century. A state’s digital infrastructure is vulnerable to cyber disruptions and attacks which are easy to organize, difficult to trace, and asymmetric in nature.

In terms of falling prey to cyber-attacks, Pakistan is no exception. Pakistan is ranked 7th in the list of countries vulnerable to cyber-attacks. The cyber-attacks which are frequently observed against Pakistan include data theft, website defacing, and denial of service attacks (DoS).

There are a number of events that provide evidence of the vulnerability of Pakistan’s cybersecurity framework. Pakistan became a victim of a sustained DoS attack for the first time in 2008, as reported by the then Finance Minister, when State Bank of Pakistan’s services was frozen for 21 days straight.

Recent events of cyber-attacks can be traced back to November 2018; the target once again was the banking industry. According to a digital security website, the data of more than 8000 accounts of 10 banks was available for sale in the dark web. Another consecutive cyber-attack took place in December 2018. This time the targets were the ATMs of Habib Bank Limited and Bank Islamic Limited.

A number of reports confirm that many of our state institutions have loopholes regarding their cybersecurity. This vulnerability has resulted in different types of cyber-attacks on the official websites of institutions and their defacing. The affected websites include the official website of the Ministry of the Interior, the website of Government of Pakistan, the official website of the Ministry of Foreign Affairs (MOFA), the website of District Courts Gujranwala, the website of Faisalabad Police Department, and the website of the Lahore High court. The footprints of these cyber-attacks were traced in India. Recently, Government of Pakistan’s passport application tracking web site was hacked on March 2nd, 2019. In this attack, the hackers used the Scan box framework to steal visitor’s data.

Media and political parties in Pakistan have also been in the limelight of cyber threats as websites of Jag TV, CNBC Pakistan and SAMMA FM were hacked and defaced with derogatory images. Likewise, attackers also targeted the websites of PPP, PML-N and JUI-F politicians and defaced them by putting an anti-Pakistan slogan on their homepages.

Pakistan is also vulnerable to cyber-attacks in the military domain. The nature of these attacks may vary according to the objectives of the launching entity. Some are basic espionage, which is defined as “trying to acquire the national secrets or the vital information of the enemy state”. Others are called cyber-weapons aimed at disrupting military command and control systems in case of any conflict.

The aforementioned events depict an increase in the intensity and frequency of cyber-attacks against Pakistan. However, the absence of limitations and regulations in cyberspace is creating difficulties for policymakers in managing the risks related to them at both, national and international levels. The need of the hour is to rethink the role of government in legislation and policy formulation regarding the security of cyberspace and digital infrastructure of Pakistan. Moreover, cyber challenges can also be better tackled by collaboration and consensus-building among national stakeholders to synergize their efforts and chalk out a comprehensive strategy and implementation plan that ensures a balance between the security and legal rights of citizens.

 

The writers are research fellow at Centre for Aerospace and Security Studies (CASS). They can be reached at cass.thinkers@gmail.com.