Digital tools stimulate the functioning of cities and play a vital role in furnishing resilient solutions for future crises. As a result, governments, societies, and communities depend greatly on converging technological platforms, tools, and interfaces that are rapidly decentralising, resulting in a more complex cyber threat landscape and an increasing number of critical failure points. National security concerns, which combine the protection of societies and states with the desire to gain a competitive technological and economic advantage, are putting increasing pressure on personal and sensitive data privacy. Also, individuals are widely exposed to the public and private sectors’ misuse of private data, ranging from discrimination against vulnerable populations and social control to potential bioweaponry. It costs organisations millions of dollars to provide cybersecurity, and the costs are not only monetary: critical infrastructure, societal cohesion, and mental health are all jeopardised. Therefore, there is a need for a robust system that develops a culture aware of the cyber threat peculiarities, supports cyber security, and caters to future cyber threats.
Main Threats Posed by Cyber Dependency
Artificial Intelligence (AI)
Artificial intelligence investments have skyrocketed in recent years as AI could resolve some of the 21st century’s most complex global challenges by providing new information and improving decision-making through data-driven strategies. However, such technology does not come without inherent risk. On the one hand, artificial intelligence (AI) can enhance cybersecurity by analysing massive amounts of data to identify patterns and anomalies that may imply a cyber attack. On the other hand, cyber attackers can use artificial intelligence to boost the complexity and effectiveness of their attacks.
The existence of the “Internet of Things” is made possible by interconnectivity. However, as more physical infrastructure becomes interrelated and interdependent, the potential for systemic failures from intentional cyberattacks or unintentional software grows. For instance, a group of hackers scraped off confidential and personal data from the Security and Exchange Commission of Pakistan’s website due to a lack of a proper cyber security system (Ali, 2022). Also, the country is vulnerable to malware like Gamarue, Skeeya, and Peals, which can install other malware or access private and confidential information from the hacked system (Anwar, 2020).
Cyber Threats Fuels Political Instability
Cyber attacks can be used for political or diplomatic gains, exacerbating a country’s political instability. With rapid technological advancements and greater dependencies on them, the frequency and magnitude of such attacks are most likely to intensify in the future, and external actors such as terrorist groups may also contribute towards such events. For example, in 2016, US democratic Party confidential emails were stolen in a breach and then released to the internet for the public, which also contained information about the US monitoring Pakistani media closely (Zaidi, 2016). In 2022, audio recordings of conversations between key government figures in Pakistan were leaked, highlighting the huge security breach at Prime Minister’s Office (Raza, 2022)
Cyber Vulnerabilities of Digital Pakistan
The fifth domain in which future wars are likely to occur is cyberspace. The digital world is constantly under cyber threat, and crimes such as hacking, bank fraud, money laundering, information theft, state secrets obtained, and even threats to critical infrastructure have emerged as evolving trends in cyber warfare. Economies worldwide are vulnerable to cyber threats driving national security dilemmas. However, nuclear power country like Pakistan is more exposed to such threats. Terrorist attack like the Bacha Khan university attack (2016) is an example of using Information Communication Technology (ICT) which was planned and executed by the preparators while sitting outside the country. The number of internet users in the country is growing. In 2022 it was 82.90 million (KEMP, February). However, most internet users have low information and poor technological knowledge, making it difficult for the government to monitor and regulate the digital world. In the past, Pakistan has experienced serious cyber-attacks on important institutional websites, and hackers have successfully penetrated the cyberspace of critical installations. For instance, a sustained Distributed Denial-of-Service (DDoS) attack happened in 2008 when the State Bank of Pakistan’s services were disrupted for 21 days. Later in November 2018, the banking industry was targeted, with data from 19,864 cards belonging to customers of 22 Pakistani banks being sold on the dark web (Ashraf, 2019).
Furthermore, data theft is a serious problem that the country is dealing with. The National Database & Registration Authority (NADRA) is the country’s only independent agency in charge of government databases and citizen statistics. One of the largest data breaches in Pakistani history occurred when the data of millions of citizens from the Punjab Information Technology Board was compromised (Anwar, 2020). Moreover, terrorist organisations use cyber propaganda to spread their messages. For instance, 37 banned terrorist organisations use more than 400 social media accounts to spread their message and propaganda against Pakistan (Anwar, 2020). According to National Cyber Security Index, Pakistan is ranked 80th out of 162 economies (NCSI, 2022). The Federal Investigation Agency (FIA) has received 29,577 cybercrime complaints in the last two years and made 160 arrests in 2017. Also, every day, 20 cyber-related cases are reported in Karachi (Anwar, 2020). Pakistan lacks private sector support to help establish cybersecurity infrastructure and therefore depends on internal investment. Also, the country approved its first cybersecurity national policy in 2021, which has many loopholes and shows the lag of Pakistan in the cyberspace domain (Khilji, 2021). Overall, the state’s cybersecurity position remains fragile. Therefore, effective coordination and planning between civilian and military agencies are required to formulate, devise, and implement an efficient and resilient cybersecurity framework capable of competing with other developed countries in addressing this challenge.
The Way Forward
The government needs to develop a comprehensive cybersecurity policy that addresses all the current flaws in PECA and other relevant regulations. The policy must protect the NADRA database, Passport and Immigration, the data of all law enforcement and enforcement agency employees, including military personnel, airline travel data, and the data of all respected ministries.
As the nature of cybercrime is global, proper mechanisms for international cooperation must be established.
That state should create a ‘National Cyber Coordination Centre,’ which should work to develop a comprehensive cybersecurity framework, serve as a coordination council between civil and military institutions to safeguard economic assets and be resilient to detract cyber-attacks against institutions of national importance.
Special courts should be established to handle cybercrime cases.
Banks must be mandated by law to adhere to global standards such as PCI, DSS, and State Bank should ensure compliance with international banking standards.
Awareness campaigns regarding cyber threats should be held at the community level to develop a better understanding of cyber vulnerabilities and support for cyber security.
While technological developments have given rise to extensive digital dependencies, they have also driven new challenges and threats posed by cyberspace. Countries worldwide are spending a lot of money to protect the data of individuals, communities, and data of national importance. However, developing nations like Pakistan are still behind in creating a robust cybersecurity system. Multiple cyber attacks have previously breached and exploited the country’s information, damaging vital institutions, social cohesion, and the country’s image. Therefore, there is a dire need for the government to invest in resilient cybersecurity mechanisms to safeguard the country’s national security and interests.
Ali, K. (2022, August 29). Cyber security deficiency led to data theft at SECP, report finds. Retrieved from DAWN: https://www.dawn.com/news/1707294
Anwar, M. W. (2020, December). Cyber Security in Pakistan: Regulations, Gaps and Way Forward. ResearchGate. Retrieved from https://www.researchgate.net/publication/349097228_Cyber_Security_in_Pakistan_Regulations_Gaps_and_Way_Forward
Ashraf, M. (2019, december 31). Cyber threats to Digital Pakistan. Retrieved from The Nation: https://www.nation.com.pk/31-Dec-2019/cyber-threats-to-digital-pakistan
KEMP, S. (February, 16 2022). DIGITAL 2022: PAKISTAN. Retrieved from DATA REPORTAL: https://datareportal.com/reports/digital-2022-pakistan
Khilji, U. (2021, August 21). Cybersecurity policy. Retrieved from DAWN: https://www.dawn.com/news/1641754
NCSI. (2022). National Cyber Security Index. Retrieved from https://ncsi.ega.ee/ncsi-index/?order=-rank
Raza, S. I. (2022, September 26). Leaks reveal massive breach in security at PM Office. Retrieved from DAWN: https://www.dawn.com/news/1712044
Zaidi, H. B. (2016, February 7). Clinton emails suggest US examines Pakistani media closely. Retrieved from DAWN: https://www.dawn.com/news/1237963