Prime Minister Imran Khan will chair a meeting of the federal cabinet today, which will reflect upon a 20-point plan including the National Cybersecurity Policy 2021.
The Ministry of Information Technology and Telecommunication has drafted National Cyber Security Policy 2021, to mitigate cyber threats the country faces today and to enhance the
national cybersecurity perspective, it is essential to venture the strengthening of national cybersecurity abilities through the advancement of vital and well-coordinated mechanisms, execution of security laws and ordinances drafted under a policy and legislative framework.
The goal of the national cybersecurity policy is:
• To establish an administration and institutional framework for a safe cyber ecosystem.
• To create safe and information sharing mechanisms (CERTs/ SOCs) at all levels that are capable to – monitor, detect, protect and respond against threats to national ICT/ CII infrastructures.
• To protect National Critical Information Infrastructure by directing national security standards and strategies related to the design, acquisition, development, use and operation of information systems.
• To improve the security of government information systems and infrastructure.
• To build an information assurance framework of audits and compliance for all commodities in both public and private sectors.
• To ensure the integrity of ICT products, systems and services by establishing a mechanism of testing, screening, forensics and accreditation.
• To develop public-private coalitions and collaborative mechanisms through technical and operational cooperation.
• To create a countrywide culture of cybersecurity awareness through mass communication and education programs.
• To develop and generate skilled cybersecurity professionals through capacity building, skill development and training programs.
• To encourage and aid indigenization and development of cybersecurity solutions through R&D Programs involving both public and private sectors.
• To provide a framework on national-global cooperation and affiliations on cybersecurity.
• To Identify and process legislative and regulatory actions under the authorization of relevant stakeholders assigned in the policy.
To achieve the aforementioned goals and effectively implement National Cyber Security Policy, it is essential to introduce proper frameworks and laws for cyber governance. These will be prepared in consultation with stakeholders, and will include the following:
• Formulation and processing of National Cyber Security Policy and CyberSecurity Act.
• Rules and legislation for national cybersecurity framework.
• National Cyber Security /Governance Operations and information sharing mechanism for – incident handling, management capability and furnishing evidence.
• Compliance, screening, accreditation and risk management regulations for – Critical Information Infrastructure, public-private partnerships, capacity building, cybersecurity awareness, R&D programs and global cooperation.
• Digital Certifications for the genuineness of individuals and businesses.
• Sharing of confidential information between public and private organizations, safeguarding the privacy of citizens and ensuring data protection.
• Standardization of Digital and Network Forensics processes and Infrastructure for Cyber Governance in connection to this policy and PECA 2016.
• Compliance for auditing and ensuring the national cybersecurity standards across Pakistan.
The implementation mechanism provided for this policy may require substantial time to be completely operational. During this provisional period, the capacities and abilities which state organizations and institutions currently have, and are supporting the implementation of this policy, will be utilized.
The Pakistan Telecommunication Authority as per Telecom Act 1996, Telecommunications Policy 2015 and PECA 2016 will execute a telecom sector technical platform (sectoral CERT, as mentioned in the draft) in partnership with the telecom industry.