In a major step to bolster national digital security, the Government of Pakistan has established nine Computer Emergency Response Teams (CERTs) under the CERT Rules-2023. These teams aim to strengthen the country’s cyber governance and expand the nation’s cyber-response capabilities.
Pakistan’s cybersecurity framework has been evolving under the National Cyber Security Policy (NCSP-2021), operational through the Digital Economy Enhancement Program (DEEP). This initiative includes key elements such as a Secure Data Exchange Layer, Digital Identity systems, and e-Citizen services. The National CERT has been functional since 2023-24, guiding the protection of Critical Information Infrastructures (CIIs) such as NADRA, FBR, and telecom systems.
The nine CERTs cover National, Punjab, KP, Balochistan, Sindh, AJK, GB, Telecom, Defense, and Community sectors. The government is now seeking nominations from additional sectors to further strengthen the nationwide cybersecurity framework. A 14-member CERT Council has also been notified to coordinate cyber efforts until a central authority is established. Protection protocols and criminal proceedings under PECA-2016 will be applied to safeguard critical infrastructures.
A MoITT official stated,
“These CERTs form the backbone of Pakistan’s cyber-response ecosystem, ensuring timely mitigation of threats and stronger governance of digital infrastructure.”
A draft National Cyber Security Act is currently under consultation, aiming to provide a legal framework for the growing digital economy and safeguard public and private sector data against cyber threats.