ISLAMABAD: In a significant step towards fortifying the nation’s cybersecurity, the Ministry of IT & Telecommunication (MoITT) has officially unveiled the Computer Emergency Response Team (CERT) Rules 2023. These rules are set to bolster Pakistan’s defense against cyber threats that could potentially compromise government data.
Federal Minister for IT and Telecom, Dr. Umar Saif, took to X message (formerly known as Twitter) to underline the urgency of safeguarding Pakistan’s cyberspace. He expressed, “Today we have taken the first step in establishing a National CERT for Pakistan. Our national CERT and subsequent sectoral CERTs will provide the institutional framework and capability to protect Pakistan’s cyber space, and ensure swift responses in case of cyber attacks.”
Dr. Umar Saif further elaborated that this unified approach will lay the foundation for a robust defense mechanism against cyber threats. He announced the establishment of the National Security Operations Center as part of the new regulations, emphasizing its role in practically implementing these rules.
The CERT Rules 2023 stipulate the creation of both National and Sectoral-level Computer Emergency Response Teams, responsible for continuous monitoring and safeguarding of Pakistan’s cyberspace, even on holidays.
The primary duty of the National CERT will be to serve as a liaison between various CERTs, facilitating swift responses to threats or attacks on critical infrastructure data or information systems across the nation. It will be funded by the Ministry of IT and will collaborate closely with Sectoral CERT teams, ensuring timely assistance when required.
Additionally, the Government CERT will play a crucial role in ensuring cybersecurity within the public sector, encompassing federal and provincial levels. It will act as a coordinator between the national and sectoral CERTs, thereby enhancing cooperation and communication among these entities.
To ensure a smooth flow of information and feedback, the Government CERT will regularly report to the National CERT, drawing on data from both federal and provincial CERTs.
Furthermore, a dedicated Critical Information Infrastructure (CII) CERT will oversee and coordinate between the National CERT and Sectoral CERTs, adding an extra layer of protection to critical information infrastructure.
Sectoral CERTs will encompass government and regulatory authorities, with local government CERTs falling under the jurisdiction of the respective provincial CERTs. The establishment and composition of these CERTs will adhere to the guidelines outlined in the CERT Rules 2023.
With the introduction of these rules, Pakistan is taking a commendable stride towards safeguarding its cyberspace and critical data against the ever-evolving threats in the digital realm. The establishment of these CERTs promises to enhance the nation’s resilience against cyberattacks and bolster its overall cybersecurity infrastructure.