——IT Minister says the new rules to strengthen cybersecurity posture
By Ali Imran
ISLAMABAD: Federal Minister for IT and Telecom Syed Amin ul Haque has said that move to strengthen the country’s cybersecurity posture, the Federal Cabinet of Pakistan has given its approval to the Computer Emergency Response Teams (CERTs) Rule 2023.
In a statement, the minister said that the decision comes after a thorough consultation process that involved various stakeholders, with the Ministry of IT and Telecommunication (MoITT) taking the lead in formulating the CERT Rules.
According to an official statement, under section 51, read with section 49 of the Prevention of Electronic Crime Act (PECA), 2016, and in compliance with the National Cyber Security Policy (NCSP), 2021, the Ministry of IT and Telecommunication (MoITT) as a designated organization of the Federal Government to deal with Cyber Security has formulated the CERT Rules in consultation with the concerned stakeholders.
The consultation session with the government bodies and regulatory authorities was started in August 2021. Subsequently, sector regulators carried out extensive consultations with their respective private entities.
IT Minister further said that CERT Rules – 2023 provides a legislative umbrella to handle ever-emerging cyber-security risks and vulnerabilities at the National, Sectoral, and Organizational levels by laying out a working mechanism in the form of technical support, operational facilities, and capacity-building services.
“These Rules further provide a state-of-the-art proactive and integrated risk management process for identifying and prioritizing protective measures regarding cyber-security”.
He said that a CERT council will be established as a forum for a consultative and coordinating process to advise CERTs for the effective implementation f its functions and services.
The definitions and constituencies of National CERT, Government CERT, Critical Information Infrastructure CERT, Sectoral CERT, Federal CERT, and Provincial CERT are discussed separately, he added.
The specific responsibilities, functions, and services of the National CERTs and Sectoral CERTs are also outlined in the rules.
Federal IT Minister said that as far as the impact on Cyber Security Landscape is concerned, CERTs at National and Sectoral Levels will enhance the overall cybersecurity posture and resilience at the national level.
CERTs are responsible for the protection against, detection of, and response to cybersecurity incidents, and will enhance a country’s ability to manage cybersecurity incidents.
Talking about the function of the CERTs, Amin ul Haque further stated that National CERT will serve to build a knowledge base that supports the implementation of National Cyber Security Policy/strategy, as well as an approach for the protection of critical information infrastructures; supporting the building of national culture and ecosystem of cybersecurity, and related awareness raising initiatives for all segments of societies including children, youth, elders and women; supporting the development of related national cybersecurity platforms, such as Security Operation Centers, secure e-government services, national identity and access management frameworks; and further enabling Pakistan to develop and enhance its threat intelligence analysis, incident response and coordination capabilities at national as well as international level.