As Khyber Pakhtunkhwa advances into the digital era, there is a need for a provincial Cyber Security framework which can help KP government in capacity building by leveraging technology & technical support, ensuring the confidentiality, availability, and integrity of the digital assets of KP government.
In 2018, KPIT board established KP Cyber Emergency Response Center (KPCERC) to address the provisional and national Cyber Security challenges to build capacity by leveraging expertise and skills in domains of cybersecurity.
It is a state of the art project to enable and empower Khyber Pakhtunkhwa in Cyber Security and its affiliated domains through awareness, training and technical assistance for mitigating the risks associated with digital transformation in order to ensure safe cyberspace for the citizens.
KPCERC is mandated to ensure the health and quality of digital application, services & digital assets used, managed or deployed by the government departments across KP. KPCERC is accomplishing these by designing & deploying a Cybersecurity framework which aims to train skilled human resources, contribute towards empowering the government departments across KP along with industry by providing advisory in the cyber and information security area.
Empowering the government departments of KP with technology support is fundamental by establishing and leading the Cybersecurity framework for the province along with establishing Security Operation Centre (SoC) & Cyber Emergency Response Team (CERT) & guidelines for Cyber Emergency Incidence Response (CSIR).
Trained human resource is fundamental to address the challenges of cybersecurity. There have been a number of training programs and degrees offered across Pakistan to address this. Most of the training programs are offered as higher education degree programs; however, there is a dire need to educate our young graduates with the rapidly evolving Cybersecurity.
Khyber Pakhtunkhwa has one of the highest youth ratios in the region, the province houses a number of universities with a special focus on IT education. However, universities train students on the skill sets which are either outdated or lack practical orientation.
The industry, on the other hand, demands practical orientation and hands-on experience. To cover this gap, students are inclined towards market worthy certifications which can enhance their skill set and train them on evolving technologies which universities are slow in following up.
The training program is designed to address both short and long term requirements of the industry. Customized role-based training programs for government employees and students are designed to ensure maximum utility and employability of the trainees.
KPCERC helps identify and respond to various cyber risks and help the government develop a mitigation & business continuity plan. KPCERC team is experienced security consulting that specializes in tackling and solving the most challenging information security issues.
During the past year, KPCERC has worked on establishing the first public sector CERT by working on various initiatives in training & awareness, governance, infrastructure, vulnerability assessment & penetration testing and incidence response.
KPCERC aims to build the capacity of graduates in general and government employees in particular by providing expertise and skills in domains of cybersecurity. KPCERC aspires to train and provide technical support and services in the domain of cyber security through customized training, workshops, and drills. KPCERC has developed 8 different curriculum tracks for Cyber Security training program at a basic, intermediate and advanced level.
KPCERC is developing an Online Cybersecurity program for capacity building for govt. employees. This is the first indigenous online Cybersecurity training course for government employees and will include over 150 video demos on end-user security management. A state of the art training lab is setup powered by a mini datacentre to facilitate customized cybersecurity training.
The platform is deployed with multiple VMs hosting Cyber Security frameworks/applications/penetration testing tools to facilitate in vulnerability testing & penetration testing. The lab can simulate a Security Operation Center (SOC) with state of the art information protection strategies and can help in understanding and training students on proactive and preventative defense-in-depth cybersecurity technologies.
Standardization and adaptation of best practices are critical for quality service delivery, KPCERC is devising guidelines and frameworks for information & application management and standardization of ICT based services in government departments in KP. Till date, SOPs for Email Services, Deployment, and Management of Applications are defined.
KP Web Standardization Framework and Framework for Cyber Security is being reviewed. KPCERC is working on customized Cybersecurity framework in line with world best frameworks such as NIST. One of the key functions of KPCERC is to ensure the security of all IT assets in government by carrying out vulnerability assessment and penetration testing of digital assets used by government departments.
KPCERC team participated in an OIC-CERT Cybersecurity Drill in Sep 2018 and ranked first in National Cyber Drill held on Nov 2018 among 30 participating teams. KPCERC has collaborated with national agencies like NADRA and MoIT for Security assessment & Penetration testing of E-Voting System and recommendation on Data Protection Law respectively.
Cyber Security awareness campaign has been launched on social media and website for the general public on different topics. October is being recognized as the Cyber Security Awareness Month internationally. KPCERC has also adopted this convention and launched extensive campaigns in the month of October.
- An educational series to inform people about Cybercrime law was started; the objective of this campaign was to make public aware of the Cyber Crime law. All clauses defined in Prevention of Cybercrime Act (PECA 2016) were summarized and designed in infographics. Each section was also translated in Urdu for the audience. This effort is first of its kind in Pakistan
- Cyber Security guidelines and best practices were also shared on social media for public awareness which includes ways to help protect online, avoid online scams and identity theft attempts.