In a recent cybersecurity advisory, the government has issued a cautionary note to all sectors, particularly information technology (IT) and financial institutions, regarding the use of “Indian origin” artificial intelligence (AI) and information and communication technology (ICT) products. The advisory highlights potential concealed threats posed to critical information infrastructure (CII) within the country. The government has urged regulatory bodies and ministries to refrain from utilizing such Indian-made AI products and services due to concerns related to cybersecurity and data privacy.
Cybersecurity Advisory Raises Alarm
The government’s cybersecurity advisory, which has been shared with federal and provincial ministries along with sectoral regulators, highlights the global proliferation of AI products and services across various industries, including finance and banking. However, it specifically points out the engagement of the fintech sector and certain banks in Pakistan with Indian-origin companies offering IT products, cyber security solutions, and AI technologies.
Given these concerns, the government has advised federal, provincial ministries, and regulators to sensitize their affiliated organizations and licensees about the risks associated with Indian-origin products and solutions. Simultaneously, the government has directed these entities to explore suitable economical alternatives by consulting with the Pakistan Software House Association (P@SHA) to identify local technical companies.
Concealed Threats to CII
The advisory identifies two critical factors that contribute to the perceived threat posed by Indian-made products and solutions. Firstly, it raises concerns about the possibility of “backdoor or malware” in these products that could be used for collecting data traffic analysis, logs, and personal identifiable information (PII). Secondly, it suggests that Indian-made products could serve as a means for direct ingress into Pakistan’s CII with passive monitoring capabilities.
This cautionary advisory follows previous incidents, including allegations of India using zero-day security vulnerabilities to spy on Pakistan and China. Additionally, Pakistan’s intelligence agencies identified a significant security breach involving Indian hackers targeting government officials and military personnel. These incidents have heightened concerns about cybersecurity and underscore the need for ongoing vigilance and enhanced cybersecurity measures within the country.