The government has involved a security agency to conduct a comprehensive cyber-security audit and vulnerability assessment of the foreign developed Sandvine Inc Web Monitoring System (WMS).

According to official documents, Pakistan Telecommunication Authority (PTA) directed telecom operators in 2017 to deploy a suitable solution capable of mitigating grey traffic and blocking web content. Based on PTA technical requirements, the telecom operators committee issued RFP in July 2018. Western-made solutions were offered by different vendors, where three vendors who offered Sandvine based equipment (Sandvine Inc, US based company) participated in the proof of concept and passed the criteria. No vendor offering, other than Sandvine participated in POC, maintained the documents.

Furthermore, the agreement between telecom operators and the vendor was signed in December 2018. PTA has rejected the perception about limiting the freedom of expression of internet users through the WMS system while terming it incorrect and baseless.

Some concerns were raised about possible security vulnerabilities of the foreign-made system. Therefore necessary written guarantees were acquired from the selected vendor and the OEM ensuring that there are no backdoors or cyber-security risks in the system. In addition to written guarantees, it was also decided that necessary measures will be taken for comprehensive cyber-security audit and vulnerability assessment by a joint team of security agency and PTA.

According to PTA, other than many western countries, Sandvine equipment is also deployed in many Muslim countries including Pakistan. The Muslim countries where Sandvine is deployed are:

  • Algeria,
  • Bahrain Djibouti,
  • Egypt,
  • Indonesia,
  • Iraq,
  • Kuwait,
  • Lebanon,
  • Libya,
  • Malaysia,
  • Morocco,
  • Pakistan,
  • Qatar,
  • Saudi Arabia
  • Sudan,
  • Tunisia,
  • Turkey
  • UAE