ISLAMABAD: Pakistan has announced plans to set up a federal Cybersecurity Authority to counter rising digital threats, as the government moves to strengthen protection of critical national infrastructure.
The move comes as part of broader efforts under the National Cybersecurity Policy to provide a framework for nationwide digital protection.
The authority will recommend cybersecurity measures for critical national infrastructure and oversee the implementation of cybersecurity initiatives across the country.
The Ministry of Information Technology (MoIT) has prepared an initial draft of the Cybersecurity Act and is currently consulting stakeholders on its provisions.
The initiative follows recent admissions by MoIT that Pakistan has faced several major cyberattacks and data leaks in recent years.
In a report recently submitted to the National Assembly, the ministry cited limited resources, technical expertise, and weak monitoring systems as factors that have allowed many cyber incidents to go undetected or unreported.
Among the high-profile breaches cited was an attack on the Oil and Gas Development Company Limited (OGDCL), where unauthorized access to the company’s core data center led to the deletion of 21 virtual servers. Operations were restored after a three-day recovery from the disaster recovery site.
The ministry identified several root causes for such breaches, including insufficient human resources, inadequate funding, lack of senior management oversight, and the absence of a comprehensive governance structure and cybersecurity policies.
Despite these challenges, progress has been made in key areas. Projects such as the Secure Data Exchange Layer and digital identity initiatives are underway, and institutions like the National Database and Registration Authority (NADRA), the Federal Board of Revenue (FBR), and telecom operators have been designated as critical digital infrastructure. The government is also moving to classify immigration and passport systems as critical infrastructure.
Until the establishment of the National Cybersecurity Authority, the existing CERT Council—comprising 14 public and private institutions—continues to coordinate responses to cyberattacks and enhance cybersecurity readiness. Work is also ongoing on the Pakistan Information Security Framework 2025, officials said.
The federal government’s steps signal a renewed commitment to strengthening cybersecurity as Pakistan seeks to secure its digital economy and protect sensitive information from escalating cyber threats.
