The federal government of Pakistan has officially designated the information systems and data of NADRA, IMMPASS, and the Federal Board of Revenue (FBR) as “Critical Information Infrastructures” (CIIs) under the Prevention of Electronic Crimes Act (PECA) 2016 and the CERT Rules 2023. This move aims to bolster the nation’s digital resilience amid escalating cyber threats.
A separate summary proposing similar protection for the Pakistan Telecommunication Authority (PTA) and the broader telecom sector is currently under review by the federal cabinet.
Pakistan’s cybersecurity response is being ramped up under the “Cyber Security for Digital Pakistan” initiative, which is being implemented by the National Telecommunication & Information Security Board. This project has now been officially recognized as the National Computer Emergency Response Team (NCERT), with its soft launch beginning in July 2023. The hiring of key technical personnel and full operational readiness is expected by June 2025.
A CERT Council has been formed under Rule 4(2) of the CERT Rules 2023. It acts as a consultative and coordinating body. The Ministry of IT and Telecommunication (MoITT) chairs the council. Members include representatives from the Ministries of Defence, Interior, and Foreign Affairs. It also includes the PTA, academia, civil society, and industry.
The CERT Council has proposed the creation of Provincial CERTs for Punjab, Sindh, Khyber Pakhtunkhwa, Balochistan, Azad Jammu & Kashmir, and Gilgit-Baltistan. It has also recommended Sectoral CERTs for the Defense, Telecom, and Community sectors. These recommendations are currently awaiting cabinet approval.
Once approved, these regional and sector-specific CERTs will play a pivotal role in enhancing threat detection and streamlining incident response. They will also improve system resilience, thereby strengthening Pakistan’s digital defense against increasingly complex cyber threats.
The designation of CIIs brings with it strict cybersecurity obligations for all relevant organizations and licensees. It also grants legal authority to pursue investigations, prosecutions, and convictions of cybercriminals under applicable national laws.
In the backdrop of intensified India-Pakistan tensions, the cyber battlefield has become a new frontier. Sources have exclusively revealed to Techjuice, hundreds of cyberattacks from Indian actors are targeting Pakistan’s digital infrastructure.
These attacks follow India’s recent military operation—”Operation Sindoor”—targeting terror infrastructure in Pakistan and Pakistan-occupied Kashmir. The operation was carried out in retaliation for the Pahalgam attack.
As geopolitical tensions rise, Pakistan is taking decisive steps to shield its critical digital assets. It is also working to institutionalize its cybersecurity response and legally empower agencies to combat cybercrime.