The Islamabad Safe City project is on high alert after authorities discovered potentially suspicious foreign software in the system. The National Computer Emergency Response Team (National CERT) has ordered immediate audits of all software and hardware used by government agencies to prevent any risk to the country’s critical infrastructure. Agencies have also been advised to adopt a “Zero-Trust” security approach and closely monitor their technology supply chains.
Technology Behind Safe City Surveillance
The concerns first arose after online debates about the origins of the Safe City software. Investigations by TechJuice revealed that the Israeli-developed BriefCam software was in operation in Islamabad’s surveillance system between June 2021 and October 2022. BriefCam, acquired by Canon Inc. but still operating from Israel, is known for video analytics, facial recognition, and license plate tracking. In occupied East Jerusalem, it has been used to monitor nearly 100 sites in Palestinian neighborhoods.
In Islamabad, BriefCam was reportedly used to identify suspects, read vehicle number plates, and issue e-challans, with data linked to NADRA’s biometric database, giving it access to the identity records of virtually every Pakistani citizen.
Over 4,000 wanted persons were reportedly submitted to NADRA for facial recognition matching, sparking questions about legal authorization and transparency.
Legal and Oversight Concerns
Since October 2022, the system has been upgraded to Extreme C, a platform with real-time facial recognition and Huawei hardware, significantly enhancing surveillance capabilities. Neither the initial deployment of BriefCam nor the replacement with Extreme C was publicly announced.
The National CERT advisory warns that non-transparent vendors and unverified software or hardware could pose serious threats, from system failures in electricity and banking to the potential leakage of sensitive government data. Authorities have been instructed to check vendor ownership, inspect hardware for unauthorized devices, and test software in isolated environments before deployment.
Experts say the global supply chain has become a new battlefield, with attackers exploiting trusted vendors’ manufacturing and distribution to infiltrate state systems. Even small weaknesses in hardware deliveries or software updates could allow backdoors for espionage or sabotage.
National CERT has set strict timelines, asking software to be tested within a week and hardware within two weeks, while emphasizing that any compromised devices must be isolated and preserved for investigation.
Officials also stressed the importance of transparency in vendors’ ownership and delivery processes. Any suspicious activity, such as tampered seals, delivery delays, or unusual external data traffic, should be reported immediately. This step is considered crucial to prevent potential threats that could affect communication devices, industrial control systems, and national security operations.
While these measures may seem strict, experts argue they are necessary in today’s interconnected world where even trusted technology can be used to infiltrate critical systems. By implementing a thorough audit and monitoring system, agencies aim to safeguard national infrastructure and citizens’ data from cyber threats.
