AIRLINK 74.03 Increased By ▲ 0.03 (0.04%)
BOP 5.00 Decreased By ▼ -0.02 (-0.4%)
CNERGY 4.47 Increased By ▲ 0.05 (1.13%)
DFML 39.71 Increased By ▲ 0.51 (1.3%)
DGKC 86.20 Increased By ▲ 0.11 (0.13%)
FCCL 21.65 No Change ▼ 0.00 (0%)
FFBL 34.25 Increased By ▲ 0.24 (0.71%)
FFL 9.91 Decreased By ▼ -0.01 (-0.1%)
GGL 10.69 Increased By ▲ 0.13 (1.23%)
HBL 113.71 Decreased By ▼ -0.18 (-0.16%)
HUBC 135.80 Decreased By ▼ -0.04 (-0.03%)
HUMNL 11.80 Decreased By ▼ -0.10 (-0.84%)
KEL 4.88 Increased By ▲ 0.04 (0.83%)
KOSM 4.62 Increased By ▲ 0.09 (1.99%)
MLCF 38.54 Increased By ▲ 0.27 (0.71%)
OGDC 135.35 Increased By ▲ 0.50 (0.37%)
PAEL 26.56 Increased By ▲ 0.21 (0.8%)
PIAA 19.24 Decreased By ▼ -1.56 (-7.5%)
PIBTL 6.80 Increased By ▲ 0.12 (1.8%)
PPL 122.99 Decreased By ▼ -0.01 (-0.01%)
PRL 27.66 Increased By ▲ 0.97 (3.63%)
PTC 14.41 Increased By ▲ 0.08 (0.56%)
SEARL 58.99 Decreased By ▼ -0.13 (-0.22%)
SNGP 69.48 Decreased By ▼ -0.02 (-0.03%)
SSGC 10.30 Decreased By ▼ -0.03 (-0.29%)
TELE 8.54 Increased By ▲ 0.04 (0.47%)
TPLP 11.14 Decreased By ▼ -0.09 (-0.8%)
TRG 64.98 Increased By ▲ 0.13 (0.2%)
UNITY 26.31 Increased By ▲ 0.06 (0.23%)
WTL 1.33 Decreased By ▼ -0.01 (-0.75%)
BR100 7,865 Increased By 14.6 (0.19%)
BR30 25,357 Increased By 20.4 (0.08%)
KSE100 75,366 Increased By 159.4 (0.21%)
KSE30 24,181 Increased By 38.2 (0.16%)

ISLAMABAD: The Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah has unearthed systematic flaws in security of confidential/classified data of taxpayers and directed the Pakistan Revenue Automation Limited (PRAL) to develop security policies/infrastructure and implement international standards for protection against future cyber attacks on Federal Board of Revenue’s (FBR) website.

The Federal Tax Ombudsman (FTO) in a landmark investigation found that due to incompetence, and ineptitude in the discharge of duties by FBR & PRAL, confidential/classified data of FBR Web portal was hacked.

According to details, tax lawyer Waheed Shahzad Butt has filed a public interest complaint against the FBR/PRAL key position holders, wherein after a comprehensive investigation, FTO Dr Jah concluded that FBR/ PRAL is not using any software to manage its Network Security policies and FBR has filed a false/wrong statement regarding the system disrupted period which is also contrary to the Finance Minister’s stance and using expired certification.

FTO order states: “The above analysis clearly reflects maladministration oozing out of neglect, inattention, delay, incompetence and ineptitude of FBR & PRAL’s functionaries, in the administration and discharge of assigned duties and responsibilities. PRAL data centre is not equipped with any Instruction Prevention/ Intrusion Detection system, a material systematic flaw exposing security of its database. PRAL data centre is not compliant to some credible International Standard and its certification was also expired in December 2020.

Security of taxpayers' data: No action taken against PRAL officials

When contacted Waheed Shahzad Butt told this correspondent that Cyber attack on key data websites, data and data centres of FBR/PRAL pose a threat that can undermine the security capabilities of a state (Pakistan). It can cause significant economic damages including ongoing crucial CPEC activities. Mastermind of this nefarious move and all team members including public servants working in FBR/PRAL must be removed from Government of Pakistan Services and criminal cases must be registered against all of them for not providing security to the confidential/classified data of taxpayers of Pakistan, solely due to their extreme inefficiency, negligence and corrupt practices for not buying the computer soft-wares and using pirated versions.

Waheed further added the hacking took place at a time when the Cabinet Division has also shifted its business online. Same episode has already been unmasked by the FTO in C. No. 507/2013 [2014 PTD 1353 = 109 Tax 1]. The failures in combating cyber threats can lead to a national crisis, as it is an integral part of Pakistan’s defence.

FTO directed the FBR to carry out a complete appraisal of its system’s vulnerabilities in order to avoid any such incident in future. Adopt solutions designed with security as a top priority like Cloud Car which provides protection against widespread system crashes and slow paced operations. PRAL is directed to develop security policies and security infrastructure with the help of efficient security tools like Intrusion Prevention and Intrusion Detection Systems both network-based and host based.

Deploy Comprehensive Security and incident Monitoring (SIEM) Solution in its Data Centre. Implement some credible International Standard (like Tier II, Tier III and Tier IV from Uptime Institute) as protection against any such threat in the future, FTO order added.

Copyright Business Recorder, 2021


Comments are closed.