ISLAMABAD: The federal cabinet is likely to approve the first "National Cyber Security Policy 2021" and policy directive for the auction of Next Generation Mobile Services (NGMS) spectrum in Pakistan, Azad Jammu and Kashmir, and Gilgit-Baltistan on Tuesday (today).
Federal Minister for Information Technology and Telecommunication Syed Aminul Haque confirmed to Business Recorder that the Cabinet meeting scheduled for Tuesday would consider two agenda items of the ministry.
The Cabinet would deliberate on National Cyber Security Policy 2021 and policy directive for the auction of the NGMS spectrum in Pakistan, Azad Jammu and Kashmir, and Gilgit-Baltistan.
The Ministry of Information Technology and Telecommunication has drafted National Cyber Security Policy 2021, with the guiding principle that regards a cyber attack on Pakistan as an act of aggression against national sovereignty and will defend itself with appropriate response measures and will act in accordance with national and international laws and expect reciprocal respect of national digital sovereignty.
The draft policy envisages developing secure and resilient cyber systems and networks for national cyber security and response.
The policy framework envisaged to secure entire cyberspace of Pakistan including all information and communication systems used in both public and private sectors.
The objective of the policy is to establish a governance and institutional framework for secure cyber ecosystem, create protection and information sharing mechanism (CERTs/SOCs) at all tiers capable to monitor, detect, protect and respond against threats to national ICT/CII infrastructures, protect National Critical Information Infrastructure by mandating national security standards and processes related to the design, acquisition, development, use and operation of information systems, enhance security of government information systems and infrastructure, create an information assurance framework of audits and compliance for all entities in both public and private sectors, ensure integrity of ICT products, systems and services by establishing a mechanism of testing, screening, forensics and accreditation, develop public private partnerships and collaborative mechanism through technical and operational cooperation, create a country wide culture of cyber security awareness through mass communication and education programs, develop and create skilled cyber security professionals through capacity building, skill development and training programs.
To mitigate cyber threats, the country faces today and to improve the national cyber security outlook, it is imperative to undertake the strengthening of national cyber security capabilities through development of essential and well-coordinated mechanisms, implementation of security standards and regulations under a policy and legislative framework, it added.
The guiding principles to achieve policy objectives are; all actions will be driven by the need to protect people and enhance national and public prosperity, respective public and private organizations will be responsible to ensure cyber security of their online data, services, ICT products and systems, in case of any incident, government will lead the national response with support from both public and private sector, will regard a cyber-attack on Pakistan CI/CII as an act of aggression against national sovereignty and will defend itself with appropriate response measures and will act in accordance with national and international laws and expect reciprocal respect of our national digital sovereignty.
To achieve the objectives, an implementation framework shall be developed by a designated organisation of the federal government, dealing with the subject of cyber security.
The Central Entity will also undertake specific actions, which including but not limited to the following: working with Internet Service Providers (ISP) and telecom operators to block malware attacks, by restricting access to specific domains or websites that are known sources of malware (known as Domain Name System (DNS) blocking/filtering), preventing email phishing and spoofing activity on public networks, promoting security best practice through internet governance organisations; such as Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Engineering Task Force (IETF), European Regional Internet Registry (RIPE) and UN Internet Governance Forum (IGF) etc; Work with international law enforcement channels to protect Pakistan citizens from cyberattacks from unprotected infrastructure overseas; Work towards implementation of controls to secure the routing of internet traffic for government departments to avoid illegitimately re-routed by malicious actors; Investing in capabilities enhancement programs of law enforcement agencies (LEAs) and concerned ministries/divisions to enable them for response against state-sponsored and criminal cyber activities targeting Pakistan networks and systems.
The Central Entity will initiate actions, including but not limited to: develop an Internet Protocol (IP) reputation service to protect government digital services (this would allow online services to get information about an IP address connecting to them, helping the service get more informed on risk management decisions in real time), seek to install products on government networks to ensure that software are running correctly and not being maliciously interfered, look to expand beyond the gov.pk domain into other digital services measures that notify users who are running out-of-date browsers.
To achieve this critical objective, the Central Entity will; operate requisite technical platforms to protect National Critical Information Infrastructure and work as nodal organization in the country; Institute processes for identification, prioritization, assessment and protection of Critical Information Infrastructure, ensure secure ICT environment including mobile systems and cloud based solutions through state of the art security measures, mandate implementation of national security standards by all critical sector entities, to reduce the risk of disruption, develop a mechanism for protection of Critical Information Infrastructure and its integration at the entity level through relevant sectoral CERTs, establish and enforce risk management methodologies according to international standards inter alia ISO/IEC 27005:2008 and ISACA RISK IT etc, mandate all operators of national, provincial and organisational Critical Information Infrastructure to hire qualified information security individuals and add an appointment of Chief Information Security Officer (CISO).
To cater for specific need of public sector information infrastructure, the Central Entity will: define and enforce a robust Government Authentication and Data Protection Framework, create vulnerability assessment and patch management process for all government technical systems, work with relevant government entities to ensure mandatory allocation of a certain percentage of ICT project budget for Information Security Assurance, formulate a mechanism for creation and enforcement of staff vetting and clearance scheme across the government, improve security in government outsourcing and procurement through vetting of suppliers and enforcement of security clauses in contracts.
Sources revealed to Business Recorder that the Economic Coordination Committee (ECC) of the cabinet in its meeting held on July 16, 2021 approved the Draft Policy Directives related to the auction of NGMS Spectrum in Pakistan and AJK and GB as submitted by the Ministry of Information Technology and Telecommunication.
The ECC also decided that for the payment of the auctioned licence fee, the method in-vogue in the earlier auction processes will be followed.
The cabinet is likely to approve the policy in its upcoming meeting.
The Pakistan Telecommunication Authority (PTA) is likely to complete the spectrum auction process during the first quarter of the current fiscal year 2021-22, sources added.
A committee under the chair of Dr Ishrat Hussain in its recommendations has reportedly allowed both options for payment in instalments in US dollar at markup rate of LIBOR+ 3 percent per year, as well as in Pak rupees.
Markup rate of one year may be fixed at KIBOR+7 percent in case of payments in instalments in Pakistani rupee, whereas for transactions related to licensing renewal fee, the licensee should choose payment currency at the license signing stage as it would set the basis for markup calculations. Once decided, the payment currency would lock for the full payment tenor. The payments in domestic currency also conform to international best practices, the summary noted.
The government had constituted an Advisory Committee on the release of NGMS Spectrum in Pakistan for the improvement of Mobile Broadband Services amid Covid-19.
Later, not only the composition and TORs of the same Committee were revised but the regions of AJK and GB were also included.
The committee was tasked to examine and evaluate the market assessment report and recommendations of the PTA for the release of maximum NGMS Spectrum in Pakistan, Azad Jammu and Kashmir, and Gilgit-Baltistan.
In addition, it was also asked to examine and finalise the policy directives for the federal government for the release of the NGMS spectrum in Pakistan and AJK and GB. Besides, the mandate of the committee was to oversee the release process conducted by the PTA.
Copyright Business Recorder, 2021