NTISB Cautions Govt Departments Using Indian, Israeli IT Products and Services

The National Telecommunication and Information Technology Security Board (NTISB) has cautioned government departments of using Indian/Israeli IT-related Products and Services in departments.

In its latest advisory pertaining to Cyber threats associated with Indian/Israeli IT related Products and Services, NTISB stated that some government Organizations including Critical Information Infrastructure (CII) are using Indian/Israeli-origin IT products and services probably on the pretext of being a low-cost option in comparison with other market competitors.

However, the possibility of the presence of backdoors or malware in these solutions cannot be ruled out and therefore, pose a considerable cyber security concern, it added.

In the recent past, many incidents of such nature in the public sector revealed the involvement of Indian-based threat actors which has not only caused discontinuity of services/loss of data but also became a source of reputational loss for the organizations.

NTISB in its latest advisory suggested to all Federal departments to appropriately safeguard businesses and critical data.

It suggested that IT hardware solutions must not be procured in line with a ban already imposed on goods from these countries by Commerce Division vide SRO 927(1)/2019.

In addition, IT security solutions like Intrusion Detection System/ Intrusion Prevention Systems, Security Information and Event Management, Extended Detection and Response, Mobile Device Management, and DDOS Mitigation Solutions may not be procured from these countries or their partners owing to the strong possibility of the presence of backdoors or malware.

NTISB has also asked organizations to discontinue the use of online software solutions on priority and migrate to alternate solutions keeping business continuity in consideration.

It also recommended the use of offline solutions with associated risk acceptance, without applying updates/patches or connecting to the internet.

According to NTISB, the Vendor/OEM is to render a certificate that no backdoor eavesdropping or remote access mechanism is present and Identification of avenues for unauthorized access/data leakage at any stage may lead to cancellation of the contract along with blacklisting of the firm.

SLA (if applicable) to include relevant security clauses to ensure the safety of businesses and critical data, it added.

In case of critical information infrastructure, code walkthroughs, and detailed security assessments be planned through PTA-approved auditing firms. Furthermore, random penetration testing may also be ensured.

It is worth mentioning that all Government Organizations are responsible for implementing Cyber Security measures in their respective domains, and a cautious approach may be adopted by all.

Follow ProPakistani on Google News & scroll through your favourite content faster!

Support independent journalism

If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.


  • Issuing an advisory note isn’t sufficient. Where’s their role in having a firewalled network for government entities, application testing protocols that govt entities must follow, apprpvals before use of such applications by NTISB. Where is regular 3rd party network, application audits, servers and local machines data leak prevention apps, antivirus solutions?

    You think you issue a pro-national warning and that’s it, your job is done?


  • Get Alerts

    Follow ProPakistani to get latest news and updates.


    ProPakistani Community

    Join the groups below to get latest news and updates.



    >