Cyber Security Regime in Pakistan, Still a Lot to be Done!

The revolution of ICTs has fundamentally changed societies and sectors and would probably continue to do so in the foreseeable future.

These developments on one side of the coin have given shape to unprecedented economic and social development, however they have also given birth to new type of crimes called ‘Cyber Crimes’.

These types of threats are more vulnerable in a sense that they are not restricted by geographical limitations or national boundaries. Along with encouraging the use of Information and Communication technologies from their inception, economies are looking at ways to counteract the consequences simultaneously.

Technical measures to protect communication networks are being implemented with a support of required legislative measures to prevent and deter cyber attacks.

History of Cyber Crime

The origins of cybercrime can be traced back to early 60’s, the days without Microsoft Windows, the Internet, or even the Personal Computer. In 1964, Stewart Nelson, a student at MIT, used the university’s computer to generate the tones needed to access their long distance phone service also called as ‘Blue Boxing’.

General Types of Cyber Crimes / Attacks

The following table depicts general types of cyber crimes / attacks.

Type	Description / Examples
Financial	Lottery announcements, cheating, credit card frauds, money laundering etc.
Intellectual Property	Software piracy, copyright infringement, trademarks violations, theft of Source code etc.
Email spoofing / Spamming	Sending e-mails that appear to originate from one source but actually is sent by another source.
Hacking	Unauthorized access to computer systems or networks, Stealing information on computer hard disks, making control over websites.
Virus / worm Attacks	Flooding viruses inside a network to produce associated damage to resources.
Denial of Service Attack	Causing the network resource to crash in response to a flood of requests by an attacker resulting in denying authorized users access to the service. A variation to a typical denial of service attack is known as a Distributed Denials of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread.

Cyber Security in Pakistan

Pakistan has developed a strong institutional and legislative framework with regards to Cyber Crimes / Security. However, there is a huge room available when it comes to implementation and execution of security in the cyber world.

Moreover, our telecommunication and Internet service providers have also laid required procedures for securing their infrastructures. Following text highlights the present status of Cyber Attacks / Crimes mitigation at National level.

Electronic Transaction Ordinance 2002

ETO was passed by Government of Pakistan with the objective to recognize and facilitate documents, records, information, communications and transactions in electronic form, and to provide for the accreditation of certification service providers.

The ordinance also addresses Legal and safe trading aspect in order to protect the interests of both the buyers and the sellers in the process of electronic sales and purchases.

Prevention of Electronic Crime Ordinance 2009

PECO was passed by Government of Pakistan with the objective to define cyber crimes and associated fines / punishment for the criminals.

The Ordinance addresses and lays down legislative terms for the following cyber crimes:

• Criminal data access
• Data damage
• System damage
• Electronic fraud
• Electronic forgery
• Misuse of devices
• Misuse of encryption
• Malicious code
• Cyber stalking
• Spamming
• Spoofing
• Unauthorized interception
• Cyber Terrorism
• Waging cyber war

PECO has completed its age as given in the Constitution of Pakistan. The Ordinance was required to be re-promulgated in February 2010 which has not yet been executed.

Currently there’s no cyber law in Pakistan.

National Response Centre for Cyber Crimes – FIA

In order to enforce the Prevention of Electronic Crime Ordinance 2009, Government of Pakistan established an exclusive subsidiary entity under the Federal Investigation Agency (FIA) responsible to deal with all types of electronic offences throughout the country. National Response Centre for Cyber Crimes is working under the following set of defined objectives:

• To enhance the capability of Government of Pakistan and Federal Investigation Agency to effectively prevent growing cyber crimes.
• To build a Computer Forensic Laboratory, equipped with Hi-tech tools for supporting NR3C operations in cyber crime cases.
• To establish a reporting centre for all types of Cyber Crimes in the country.
• Investigation and prosecution of cyber criminals and to cope with high-tech crimes.
• To enforce existing laws to combat electronic crime and to protect consumers.
• Develop and maintain expertise investigations of crimes involving high technology.
• To provide on demand state-of-the-art electronic forensic services and cyber investigator to Law Enforcement Agencies of Pakistan.
• International liaison/coordination with Law Enforcements Agencies of other countries.

The wing has a comprehensive set of procedures available to any citizen of Pakistan for reporting any incident related with Cyber Security / Terrorism.

National Telecommunications and Information Technology Security Board (NTISB)

Previously known as National Communication Security Board (NCSB), the NTISB Wing at the Cabinet Division Serves as Secretariat to the NTIS Board. NTISB performs following functions:

• Advise Federal Government on security aspects of the Policies concerning ICT related services.
• Regulate induction of ICT security systems.
• Periodic inspections of communication centers in the public sectors.
• Administrative control of the Department of Communication security.

It’s apparent that government of Pakistan has done a lot to tackle this new wave of crime. We have NR3C in place as a cyber police, however, it must be noted that they can’t execute anyone without legislation.

It is the need of the hour to legislate a law for cyber world with keeping all the elements in mind.