Pakistan has embarked on a brave journey to walk beside other countries in the digital game, issues pertaining to cybersecurity, data privacy, and governance have hindered its progress.
According to the report ‘Transforming Digital Government in Pakistan’, Pakistan ranked 94th globally and 18th out of 38 Asia Pacific countries on the Global Cybersecurity Index (GCI), straggling behind countries like Bangladesh, Sri Lanka, and India.
The low ranking is attributed to recurrent cyberattacks during the last five years. In 2020, a number of Pakistani officials became victims of hacking attempts via WhatsApp. Before that, the websites of several ministries, including the Ministries of Defence, Inter Provincial Coordination, and Power and Water, were hacked on 14 August 2017.
The private sector is also no stranger to such attacks. For instance, the banking sector had undergone a severe cyberattack from undisclosed entities in 2018 that had exposed more than 19,000 cards from various banks at the same time, as per a report published by the local cybersecurity company PakCERT. Many banks then blocked transactions on international cards for weeks and even months to protect the remaining customer base from prolonged exposure.
Lack of Trust
In terms of trust, the government has not fared well in ensuring the safety of citizens’ personal data. The National Database & Registration Authority (NADRA) – Pakistan’s largest database of highly personal data – was often reported to have been attacked in the past, concurrently exposing the credentials of millions of citizens. Furthermore, the large-scale integration of portals and websites in the NADRA has multiplied the occurrences of such attacks.
The Pakistan Information Technology Board (PITB) also suffered a major data breach in 2018 that exposed the information of many citizens. Such incidents have shaken Pakistani’s trust in online platforms and “prevent them from using services that require the exchange of sensitive personal data,” according to the report.
Regarding understanding the population and its requirements to establish a threshold for trust, the report explains that winning “citizens’ trust requires robust data privacy mechanisms in government’s public monitoring initiatives”. To that effect, the government has taken giant strides by introducing the Prevention of Electronic Crimes Act (PECA), 2016, which stipulates punishments for reprobates or criminals accused of illegally accessing private data. The Federal Investigation Agency (FIA) also legislates punishments under the PECA filing through its National Response Centre for Cyber Crime (NR3C).
Additionally, a few developments have been made in Khyber Pakhtunkhwa and the Punjab where separate cyber emergency response teams have been formed to address issues related to cybersecurity under the domains of the provincial governments.
The Government of Pakistan has the potential to achieve a lot in the digital space by revamping relevant institutions to enhance the privacy of its citizens and win their prolonged trust.