Cyber Security Challenges in Pakistan

The growth of technology and dependency on cyberspace offers valuable and essential services for human life’s functionality and the environment as well as the challenges and threats. Cybersecurity is a field that emphasizes protecting computers, servers, information, programs, and networks from unauthorized access, any change or destruction. Cyber Security involves the protection and safeguard of the rules of cyberspace, which requires adequate knowledge for the limitation, counter-attacks, and vulnerabilities of ICT, and should know how to improve the critical operating factors in cyberspace.

In this modern era of technology, it requires innovation, research and active participation among developing countries at different levels of interest and development. Little attention has been paid by researchers in cyber-security and national development, largely among the countries' opinion, those have to produce their nation’s security policies. Cybersecurity is a massive challenge for several countries as well as Pakistan. Besides, it is also a critical issue in discussions of government and security policymakers in the current situation of security around the globe. E-Government services, capital markets, corporations, and other businesses collect processes and store a large amount of confidential information on computers and transmit that data over the internet for professional purposes. The government of Pakistan is implementing defense policies that shall stop the entry of terrorists in-country and supervise territorial borders. Critical defense measures for important cyber services of the country such as NADRA (National Database and Registration Authority), E-Government services and capital markets also require the attention of the government in the current security situation.

Introduction

Modern communities have dependent on cyberspace that offers valuable and essential services for the functionality of human life and the environment as well as the challenges and threats. Cyber Security is a field that focuses on protecting computers, databases, programs, and networks from unauthorized access, change or destruction. In this modern world, this may require innovative, mature participation among developing countries at various levels of development. However, the analysis of organizational-related Cybersecurity issues increased the attention of some researchers but little attention has been paid by researchers in Cybersecurity and national development, mostly within the countries' opinion, those have to create their nation’s security policies. Cybersecurity is a big challenge for many countries including Pakistan. This paper contributes a concise overview of Cybersecurity threats which can seriously affect Pakistan’s essential IT services. Also, it concludes with some recommendations to cybersecurity policymakers of Pakistan which can be adopted to prevent the cyber boundaries of the country.

Literature Review

Due to an increase in the adoption of internet-based services to increase the interactions, the governments are in the process of transformation of their major services to online services. The internet-based services deployment at the government level has just increased the possibilities of sabotage systems security from internal or external sources. Based on published reports (Department of Homeland Security 2014, Reddy, Reddy 2014, Jang-Jaccard, Nepal 2014, Elmaghraby, Losavio 2014, Sebastian Bortnik 2012, APWG 2013, An Osterman ResearchWhite Paper 2015) and a conference held at USA(Cybersecurity - Stanford, CA, USA 2014), it is acknowledged that intelligent cyber terrorists may be able to create an integrity, availability or confidentially attack cyber services or government database-related services.

The resilience, reliability, and security of the nation’s cyber assets and government services is also a big challenge for organizations as well as the growing number of serious attacks on confidential information which is also one of the most serious economic and national security threats. In (Paul Lewis, Julian Borger and Rory McCarthy Paul Levis 2012), cyber services offering organization has a big challenge which stores confidential information after the murder of Hamas leader Mahmoud al-Mabhouh, where three of the European identities used by the killers in the murder and were stolen from Britons living in Israel. The New York Times Reported (Peter Beaumont and Nick Hopkins 2012), malware (Stuxnet, Flamer virus) hits Iran’s atomic organization and nuclear facilities before escaping and wreaking havoc on the public Web. Also from another 16th October 2014 report, a phishing campaign(APWG 2013) has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware, which has targeted the great number of sensitive login credentials and uploaded the information to malicious actors. Dyre/Dyreza banking malware is a new challenge for developed nations and mostly targeting senders, attachments, exploits, themes, and payload.

Essential IT Services in Pakistan

E-government is the leading component for modernization and it helps to improve the on-going stress by increasing their efficiency and modifying the pressure of modern information society. E-Government is enabling government organizations to offer efficient and fastest services to their constituents Illustrates some of the active E-Government services in Pakistan. Capital markets, which are the buying and selling financial markets for long-term debt or investment purposes. This type of capital markets helps the organization as well as the government to invest their amount by protecting them from frauds.

Current threats and attacks

Pakistan is also a developing country where the implementation of cyber services is under development. In this way, securing confidential information is the top priority of organizations. Such as, social websites provide a platform where users feel free to interact and share personal information with their friends. But cyber-criminals are creating a target to those sites to steal user personal data as well as locations.

According to security professionals (Threat Track Security 2014), expected cyber threats in the year 2015. The maximum number will be APTs and minimum numbers of threats are mobile infectors. Besides, 23% are targeted malware attacks, Zero-day attacks and insider threats share13.5%. The percentage of Network threats that are possible in 2015 are illustrated in figure 5. In which, the 28% are RCP (Remote Procedure Call) and SQL injection are the second most with the possibility of 23% while others are25%, Browser 17%, and cross-site scripting are 7%.

Cyber threats and policies in Pakistan

In 2014, from the report (APWG 2013), it is informed that cyber hackers started to attack Pakistani websites contains confidential information related to security forces and the federal government by launching distributed denial of service (DDoS) attacks. According to expert consultants, FIA (Federal Investigation Agency) can barely deal with such attacks as a result of it needs trained/experts’ people that trace or stop these cyber-attacks. According to the official report of the National Response Centre for Cyber Crime (Javed Mirza 2013), an FIA division responsible for dealing with cybercrimes, cannot trace such attacks that are executed by hackers through proxies, such as TOR, free software that enables online anonymity and resists censorship.

Cyber Protection Policies in Pakistan

Currently, Pakistan has no existing law that may comprehensively deal with the growing threat of cyber-crimes. The available crime justice legal framework in Pakistan is inadequate and ill-equipped to address the sophisticated online threats of the cyber age. This new age impaired both existing crimes when conducted with the use of internet and has given birth to a new type of criminals and cybercrime such as hacking (Illegal access of data), interference with data and ICT systems, specially cyber rerated electronic forgery and frauds, cyberattacks on critical ICT infrastructures, unauthorized interception conducted by civilians, Identity theft and use of malicious code viruses to spy on ICT systems. These digital crimes cannot deal effectively with or punished through the use of existing legalization. These unique and unprecedented crimes require a completely new and comprehensive legal work that will focus on the online conduct of individuals/organizations. A Tanzanian delegation suggested that Pakistan has to establish Cyber Crime Unit (CCU) to tackle cybercrimes and it needs to develop relevant legislation and formulate Computer Emergency Response Team (CERT) to facilitate the implementation.

The dignitaries of the delegation discussed in his discussion that $445 billion are lost annually because of cyber-crimes and electronic thefts in online security. Furthermore, it is noticed that800 million data records from developing countries have been are hacked into. In this regard, developing countries such as Pakistan need to recommend policies to control crimes alongside the developed nations (APWG 2013). In January 2015 national assembly of Pakistan,

“The Prevention of Electronic Crime Bill, 2015 was presented by Minister of IT and Telecommunication (PPF 2015) in which the following important issues were discussed in that bill.

Development of legalization with new investigative power previously not available such as search and seizure of digital forensic evidence using technological means

Production orders for electronic evidence, electronics evidence preservation orders, partial disclosure of traffic data.

A real-time collection of data under certain circumstances and other enabling powers which are necessary to effectively investigate cybercrime cases

This can be achieved through making betterments in existing protections and establishing new safeguards especially against abuse of these new and intrusive powers.

The introduction of this new legalization will effectively prevent cybercrimes and will also contribute to national security by providing and enabling a secure environment for investments in ICT, eGovernment and eCommerce systems. Also, it includes specific safeguards to balance against these intrusive and extensive procedural powers to protect the privacy of citizens. However, it is not completely effective in case of exposing citizens to the unmitigated threats posed by cybercriminals both at home and abroad. It is the first serious initiative taken by the government to prevent cybercrimes as well as to contribute to the cybersecurity of the nation. However, it needs to add additional tasks that shall protect not only the government but also the citizens of Pakistan.

Conclusion

Nowadays, the number of cyberattacks is increasing at a very high rate. Skilled cyber terrorists could also be able to produce an Associate in availability or confidentiality attack on the network or services of NADRA, E-government, and capital markets of Pakistan. This type of cyber activities may damage or stop the essential ICT services including NADRA, E-Government websites, Stock exchanges, Mobile banking, and money transfer services which will be behaving serious impact on the performance of state services and prospects of hacking IDs from NADRA servers and can also be used for the other terrorist activities. Also, it will create a collapse or crash the economics of Pakistan by hacking and after that controlling the stock exchange and financial services by adding their fake figures. It is therefore recommended that viewing the present security situation the country, design, and implementation of cybersecurity policies are very crucial for the NADRA, E-Government and capital markets services as well.