The approval of the Computer Emergency Response Team (CERT) Rules 2023 by the Federal Cabinet is a significant development in countering the rising cyber threats and hacking attempts faced by public sector entities in Pakistan. These rules establish a CERT council under the Ministry of IT and Telecom, which will be responsible for protecting, detecting, and responding to cybersecurity incidents.
The CERTs established under these rules will play a crucial role in strengthening Pakistan’s ability to manage cybersecurity incidents. The rules define and establish response teams at various levels including national, government, critical information infrastructure, sectoral, federal, and provincial levels. The national team will be responsible for coordinating responses to threats or attacks on critical infrastructure and widespread attacks on information systems within Pakistan.
The national CERT will support the private sector’s critical information infrastructure organizations by playing a coordinating and supporting role. The CERTs will also contribute to the development of national cybersecurity platforms such as security operation centers, secure e-government services, and national identity and access management frameworks. These platforms will enhance Pakistan’s threat intelligence analysis, incident response, and coordination capabilities at both national and international levels. At the provincial level, a sectoral CERT will function under the guidance of the national team through the government unit.
The concerned provincial government will notify the provincial CERT, which will be responsible for ensuring the security of digital assets developed, occupied, and deployed by relevant public sector entities within the province.