Pakistan’s National Cyber Security Policy 2021: What is achieved and what is yet to be achieved

One of the simplest definitions of policy is that it is a deliberate or constructed set of guidelines or systems that can help an entity in achieving certain outcomes, so policy reflects ideas, intentions, and procedures and identifies the desired objectives. From nation-states to small organizations in a country each and every entity has one all-encompassing policy composed of complementing small sub-sets of policies to run, govern and achieve rational objectives.

The state devises different kinds of policies such as security policy, foreign policy, and economic policy, to protect its national interest in the international system. These policies complement each other and gear a nation and state toward a single objective. In this conflicting and competing international system states first of all have to protect their boundaries, nationals, and sovereignty, these objectives are identified in the national security policies of states. In this century of digitalization when all components of national security have a virtual presence, one additional security concern for states is emerging in the form of cyber security threats. So, today many states have started work to secure their cyber security environment.

The first step in this regard for any state is the formulation of ‗national cyber security policy‖. It is important to make policy first as it will establish the desired outcome, guidelines, procedures, and methods the state will have to adapt to secure its cyber security. The three main components in the process of cyber security are; people, processes, and data and information. Any policy to be made for securing cyberspace should address and cater to these three pillars. These three components not only need protection but these three components also make threats. Recently, in a step towards more secure national cyberspace, Pakistan‘s cabinet approved ―national  cyber  security  policy  2021,‖  it  was  drafted  by  the  ministry  of  information  and technology, Pakistan.

This particular policy document came on the surface and was approved in urgency after recent  news  on  ―Pegasus  spyware‖  broke out  internationally,  where  it  was  mentioned  that  the Prime Minister of Pakistan was one of the identified targets of this software. Other than that current government and state institutions have been continuously highlighting the disinformation campaign against Pakistan in cyberspace. Even international organizations and watchdogs for disinformation have launched reports which highlight the disinformation campaigns against Pakistan  by  India.  Pakistan  also  launched  programs  like  ―digital  Pakistan‖,  which  envisions aiding the digital transformation of Pakistani society for its growth and development. It is important to highlight these aspects because they show the dynamics of Pakistan‘s cyberspace where the use of the internet and cyberspace among the population is increasing rapidly, as of today Pakistan despite being a developing county is on no. 4th in freelancing development industry but at the same time threats in this particular domain was always ignored.

Therefore,  the  approval  of  ―cyber  security  policy  2021‖  by  the  cabinet  is  a  positive development as it reflects the understanding of the dynamics of cyberspace and reflects the understanding and resolve to address the prevalent and emerging threats in this domain through different means (public awareness, institutional frameworks, international cooperation, etc).

Though Pakistan has passed many laws and regulations in the last few years for the protection of cyberspace but what is missing was the aim that what Pakistan wants to achieve in its cyberspace. National cyber security policy 2021 aims at forming a policy that will provide Pakistan with new institutional frameworks and governance to secure the ―cyber eco-system‖ of Pakistan. Institutional frameworks to be established will include computer emergency response teams as well as security operation centers. The policy document envisions securing the entire cyberspace of Pakistan, which includes not only the public sector but the private sector and information and communication systems in the country as well.

Moreover, a policy document points out that the policy document does not want Pakistan just  to  have  a  secured  but  ―resilient  cyber  system  and  network‖.  Resilience  is  an  important component because it enables the systems to perform even in case of attack while absorbing the attack.  The  guiding principle  of  current  cyber  security policy is  to  ―protect  the  people‖  at  the same time increase the growth and prosperity of the nation. Other than that attack on Pakistan‘s cyber-space will be considered as a Category-I and Category-II level threat and will be responded to accordingly. This was a much-needed and demanded policy document in Pakistan. It showed what Pakistan wants to achieve in its cyber security, how it will achieve its objectives, but there are certain important points which this policy document missed, as these points are not something new that are coming out as a result.

But, they are the aspects that already exist and have compromised Pakistan‘s cyberspace. As  in  the  document  ―central  entity‖  term  was  used  for  the  organization  responsible  for implementing the policy drafts, but which entity will be that is not given in the whole draft and how long will it take to formulate such an entity. It is important to discuss these institutional frameworks because previously in a ―national cyber-security policy of 2018-2023‖ the command force structure composed of civil and military was proposed but the actual implementation was not seen, and even this subsequent document of policy does not talk about it. Moreover, as people have rights in the physical world they have rights in the virtual world that needs to be protected by the government, or what would be the policy orientation of government towards such laws are not clearly written or defined in this policy document.

National Scholars studying cyber security have also highlighted that policy document does  not  address  the  concepts  like  ―privacy  by  design‖  and  no-legacy‖  and  also  fails  to acknowledge that cyber security is not just the issue of the ministry of information and the Ministry of foreign affairs include a broader set of ministries. It is high time that authorities realize that cyber security is emerging as a concerning issue for Pakistan‘s national security and reactionary and lethargic policy and lack of implantation of these policies and mentioned initiatives in them will compromise Pakistan‘s cyberspace in peace and wartime as well.

http://southasiajournal.net/pakistans-national-cyber-security-policy-2021-what-is-achieved-and- what-is-yet-to-achieved/




ArabicChinese (Simplified)EnglishFrenchRussianSpanishUrdu