Cybersecurity Measures Heating up As Six New CERTs launched

To strengthen cybersecurity across the country, the CERT Council has proposed launching six provincial-level Computer Emergency Response Teams (CERTs), one each for Punjab, Sindh, Khyber Pakhtunkhwa, Balochistan, Azad Jammu and Kashmir, and Gilgit-Baltistan.

The summary has been sent to the federal cabinet for approval, and, according to IT Ministry sources, the federal government will notify these CERTs once approval is granted.

Provincial governments have already designated specific departments to assume CERT responsibilities. Punjab has nominated the Punjab Information Technology Board (PITB), while Sindh has selected its Science Department. Khyber Pakhtunkhwa has chosen the KP IT Board, which will work alongside the already functioning KP Computer Emergency Response Center (CERC).

Balochistan has also assigned its Science Department to the role, whereas the governments of Azad Kashmir and Gilgit-Baltistan have similarly designated their own departments to oversee CERT functions.

At the national level, the Ministry of IT and Telecom has established the National CERT, which currently functions as both the Government CERT and the Critical Information Infrastructure (CII) CERT. This arrangement will continue until the Ministry of IT or the relevant authority institutes separate entities to manage government and CII-related cyber emergencies independently.

Once provincial CERTs are officially notified, their representatives will be nominated to the CERT Council. The Council, comprising 16 members, includes officials from key ministries such as Defense, Foreign Affairs, and Interior, and is chaired by the Federal Secretary of the Ministry of IT and Telecom. The Council also incorporates voices from academia, industry, and civil society to encourage collaboration and inclusive decision-making on cybersecurity matters.

Under the CERT Rules, sector-specific CERTs will also be developed across government and private sectors, including divisions, ministries, local governments, and regulatory bodies.

These Sectoral CERTs will be responsible for handling cyber threats and attacks on critical information systems and infrastructure in their respective sectors. They are required to report to the National CERT through the Government or CII CERTs per the regulatory framework established under the CERT Rules.