Beware of cyberspace
With the Indo-Pak bilateral getting physical lately, it is easy to lose sight of the fact that Pakistan’s cyber defenses need reinforcement. Growing number of economic activities – particularly in banking, manufacturing, transportation and utilities – are being coordinated through online means. Businesses in IT and Telecom sectors, of course, are more exposed.
Currently, there is no urgency to beef up cyber security. Occasional hacking of government websites is embarrassing but short-lived; so are the denial-of-service attacks on news websites. Data breaches at digital intermediaries like Careem don’t seem to pique the public at large. Yes, a catastrophic breach hasn’t been reported – but that will change as more of the population and businesses go online.
Some soul-searching began after some back accounts were hacked or compromised in October last year. (Read: Compromised?” published November 1, 2018). The central bank responded to the incidents by issuing mandatory directives to banks on payment security and related matters. (Read: “How feasible are the new payment security rules,” published December 6, 2018).
Still, there are question marks over securing the country’s soft economic infrastructure from “organised” cyber hackings. Just as in virtually every country, Pakistan’s cyberspace is also under threat. Here, the existing cyber response mechanism is reaction-oriented and lacks necessary coordination among the public and private sectors. (Read: Need for cyber coordination,” published December 4, 2018).
Just because a major portion of population is offline, businesses have limited IT adoption and government departments are slow to digitize doesn’t mean there is no cost of cyber-related incidents. Estimates show that neighbouring India, which faces similar issues when it comes to digitization, loses 0.2 percent of its GDP every year on account of cyber incidents. In the US, which has much higher digitization but also stronger cyber defenses, economic loss due to cyber incidents is about 0.5 percent of GDP.
Organised hackers naturally target organisations on which the larger economy depends. A recent SDPI working paper, entitled “Cyber Security: Where Does Pakistan Stand?” singled out Nadra and the banking industry as two potential targets. The authors called for a national framework on cyber-security, civil-military coordination on risk assessment and responses, and emergency response teams at the level of government institutions and business entities to ensure computer networks can defend against intrusions.
Given the situation, it is important to pay attention to defending against cyber warfare. A ground invasion will be made easier if it is synced with cyber attacks on critical economic and security infrastructure.
There is also the risk of countries with low-grade conflicts being pushed into active warfare by faceless, nameless and borderless third-parties unleashing damaging and embarrassing hacks on “soft” targets. Time to act is now.