Pakistan takes steps to protect itself from NSA-style cyber attacks
KARACHI: In view of the recent wave of stealing of sensitive official data by US National Security Agency (NSA), the National Telecom & Information Technology Security Board (NTISB) has framed guidelines/ techniques for protecting government business from possible hacking and cyber attacks. “Recent wave of stealing the sensitive official data by US NSA has raised serious concerns warranting the implementation of all policies and guidelines in true letter and spirit,” the Cabinet Division noted in a letter to all ministries, departments and divisions.
“USA being the leading country in the field of communication and IT is using multiple tools mainly through electronic surveillance, ground and air intelligence platforms like satellites, recording telephonic calls, gathering public pulse through e-mails filtering, radio monitoring, communication leaks, vulnerabilities in IT based networks carrying sensitive data and other sophisticated means, covertly or overtly,” the Cabinet Division noted.
All the government departments, ministries, divisions have been directed to study and analyse the guidelines and implement the same for safeguarding their official data.
The government officials and officers have been directed to avoid using private emails for exchange of official correspondence; official data should not be stored/ copied on personal computers and laptops and personal USB, which are connected to internet; no official/ classified information should be placed on internet via any means; uploading of sensitive information on social media should be avoided; uploading of videos and photos of official meetings should be avoided; downloading of software from internet should be avoided; and full compliance of existing policies/ directive, guideline and rules on the subject. Moreover, internet connections must be obtained from National Telecommunication Corporation (NTC) as per policy; official personal computers (PCs) having sensitive data must not be provided with internet connection; contents placed on official websites must be properly scrutinised and approved for uploading; internet usage in government departments be regulated and access be provided with limited user privileges; internet computers be isolated and the network security must be ensured and internet provision be controlled by the highest administrative authority in the ministry, division or department.
All necessary precautionary measures must be adopted for safeguarding the departmental IT system/network infrastructure. According to the guidelines, legal and regulatory framework at national level is also very important. Cyber crime and cyber security laws need to be enacted and enforced as laws are deterrent control to secure cyberspace and hence to protect national security.
The Security Board noted that presence of sensitive/ official data on the web had made the government official entities hostage and vulnerable to hostile ingress and sudden access by unknown intelligent IT mafias, suspected hackers as well as individual secret agents.
Misuse of this information fairly acquired from such an advanced information resource through multiple hacking techniques may invariably cause serious threats to national security.
Pakistan being a frontline state in the war on terror and a key ally to its coalition partners is clearly confronting such threats for which a foolproof mechanism needs to be in place by all government officials to protect and safeguard sensitive government business and national interest.
Over past decade, in a number of such incidents by hostile agencies, hacker groups in an attempt to achieve break through of official security network/ IT centres/ networks of various government departments have been made to fulfil their political or strategically objectives.