The federal cabinet has approved the Computer Emergency Response Team (CERT) Rules 2023.
Federal Minister for IT and Telecom Syed Amin ul Haque has said that, in light of the recommendation received, incorporating the “views and Comments” of the stakeholders and vetting by the Cabinet Committee for Legislative Cases (CCLC), Federal Cabinet, Government of Pakistan, has now approved the CERT Rules 2023.
According to an official statement that, under section 51, read with section 49 of the Prevention of Electronic Crime Act (PECA), 2016, and in compliance with the National Cyber Security Policy (NCSP), 2021, the Ministry of IT and Telecommunication (MoITT) as a designated organization of the Federal Government to deal with Cyber Security has formulated the CERT Rules in consultation with the concerned stakeholders.
The consultation session with the Govt bodies and regulatory authorities was started in August 2021. Subsequently, sector regulators carried out extensive consultations with their respective private entities.
IT Minister further said that CERT Rules – 2023 provides a legislative umbrella to handle ever-emerging cyber-security risks and vulnerabilities at the National, Sectoral, and Organizational levels by laying out a working mechanism in the form of technical support, operational facilities, and capacity-building services.
“These Rules further provide a state-of-the-art proactive and integrated risk management process for identifying and prioritizing protective measures regarding cyber-security”.
He said that a CERT council will be established as a forum for the consultative and coordinating processes to advise CERTs for the effective implementation f its functions and services.
The definitions and constituencies of National CERT, Government CERT, Critical Information Infrastructure CERT, Sectoral CERT, Federal CERT, and Provincial CERT are discussed separately, he added.
The specific responsibilities, functions, and services of the National CERTs and Sectoral CERTs are also outlined in the rules.
Federal IT Minister said that as far as the Impact on Cyber Security Landscape is concerned, CERTs at National and Sectoral Levels will enhance the overall cybersecurity posture and resilience at the national level.
CERTs are responsible for the protection against, detection of, and response to cybersecurity incidents, and will enhance a country’s ability to manage cybersecurity incidents.
Talking about the function of the CERTs, Amin ul Haque stated that National CERT will serve to build a knowledge base that supports the implementation of the National Cyber Security Policy/strategy, as well as an approach for the protection of critical information infrastructures, supporting the building of national culture and ecosystem of cybersecurity, and related awareness raising initiatives for all segments of societies including children, youth, elders and women.
It will also support the development of related national cybersecurity platforms, such as Security Operation Centers, secure e-government services, national identity, and access management frameworks, and further enable Pakistan to develop and enhance its threat intelligence analysis, incident response, and coordination capabilities at national as well as international level.
