KARACHI:
In a crucial move towards enhancing cybersecurity and protecting national data from potential theft, the Pakistan Telecommunication Authority (PTA) has authorised 22 companies to conduct mandatory cybersecurity audits for telecom and power companies, according to Malahat Obaid, Director of Public Relations at PTA. Emphasising the significance of indigenisation, PTA Director General of Cyber Vigilance, Dr Muhammad Mukaram Khan, said that “Cybersecurity is something that cannot be outsourced” while speaking at the fifteenth international conference on Information Security 2023.
PTA has introduced a comprehensive audit regime, making it mandatory for all telecom operators to conduct third-party cybersecurity audits. “We have introduced a complete audit regime, whereby we have forced all telecom operators to conduct their third-party audit,” he said according to a press statement by the event organiser, Total Communications.
Khan urged participants from the technology and corporate sectors to trust local expertise and companies, stressing that indigenisation and self-reliance are keys to establishing an independent cybersecurity infrastructure. By promoting the use of local cybersecurity solutions, Pakistan aims to reduce the risk of data breaches and leakages associated with imported security systems. While the local cybersecurity system may initially be less sophisticated than international brands, Khan expressed confidence that it will soon be at par with global standards.
Working in line with the Cybersecurity Policy of 2021, PTA is developing a robust cybersecurity strategy for the nation. On the other hand, National Electric Power Regulatory Authority (NEPRA) Chairman, Tauseef H Farooqi, revealed that NEPRA has already rolled out cybersecurity regulations in September 2022 for over 300 licenses in power generation, distribution, and transmission sectors. NEPRA plans to conduct spot checks and surprise audits of cybersecurity measures to ensure compliance and protect the nation’s multi-billion-dollar assets and infrastructure.
As the electricity sector plays a crucial role in running the country and supporting business operations, enhancing the level of security at the national level is vital. The cybersecurity audit of power firms will help fortify the sector against cyber threats.
To promote information sharing and bolster cybersecurity preparedness, sectoral Computer Emergency Response Teams (CERTs) and Security Operations Centres (SOCs) have been established in the telecom and power sectors. These entities will eventually connect to a national-level CERT, further strengthening cybersecurity at the countrywide level.
Chief Operating Officer of HBL, Sagheer Mufti stressed the importance of collaboration among different sectors of the economy to mitigate cybersecurity risks effectively. He underscored the need for the right use of resources and extensive human resource training to combat human error, which contribute to over 80% of data leakages.
Chief Technology Officer & Director Centre of Information Technology at IoBM, Imran Batada highlighted that Pakistan currently ranks around 79-80 in global cybersecurity, primarily due to increased cyberattacks in the country. He highlighted the importance of implementing existing excellent policies to improve the nation’s cybersecurity level.
Speaking to The Express Tribune, ICT Expert, Kapeel Kumar welcomed the cybersecurity audits being undertaken, deeming them essential in elevating the country’s cybersecurity posture. Not only will these audits identify and address security vulnerabilities in the telecom and power companies’ networks, but they will also contribute significantly to safeguarding the country’s economic security, he said. By preventing cyberattacks that could disrupt communications, cause power outages, or disrupt other critical services, the audits play a vital role in protecting crucial infrastructure.
Given the rising threat landscape, the audits come at a timely juncture, prompting Pakistan to fortify its critical infrastructure against potential cyber threats, said Kumar. However, conducting these audits will pose challenges, considering the complexity and vast amounts of data involved in the telecom and power sectors, he warned.