AIRLINK 150.25 Increased By ▲ 13.66 (10%)
BOP 10.08 Increased By ▲ 0.96 (10.53%)
CNERGY 7.42 Increased By ▲ 1.00 (15.58%)
CPHL 71.13 Increased By ▲ 6.47 (10.01%)
FCCL 45.71 Increased By ▲ 4.16 (10.01%)
FFL 14.34 Increased By ▲ 1.30 (9.97%)
FLYNG 37.15 Increased By ▲ 3.38 (10.01%)
HUBC 137.89 Increased By ▲ 12.12 (9.64%)
HUMNL 12.54 Increased By ▲ 1.14 (10%)
KEL 4.46 Increased By ▲ 0.45 (11.22%)
KOSM 4.99 Increased By ▲ 1.00 (25.06%)
MLCF 69.65 Increased By ▲ 6.33 (10%)
OGDC 203.01 Increased By ▲ 18.46 (10%)
PACE 5.28 Increased By ▲ 0.86 (19.46%)
PAEL 44.24 Increased By ▲ 4.02 (10%)
PIAHCLA 13.45 Increased By ▲ 1.22 (9.98%)
PIBTL 8.61 Increased By ▲ 0.99 (12.99%)
POWER 14.88 Increased By ▲ 1.01 (7.28%)
PPL 152.75 Increased By ▲ 13.89 (10%)
PRL 27.02 Increased By ▲ 2.46 (10.02%)
PTC 19.29 Increased By ▲ 1.75 (9.98%)
SEARL 75.06 Increased By ▲ 6.82 (9.99%)
SSGC 30.46 Increased By ▲ 2.77 (10%)
SYM 13.95 Increased By ▲ 1.27 (10.02%)
TELE 6.79 Increased By ▲ 0.85 (14.31%)
TPLP 8.00 Increased By ▲ 1.00 (14.29%)
TRG 61.90 Increased By ▲ 5.63 (10.01%)
WAVESAPP 8.94 Increased By ▲ 1.00 (12.59%)
WTL 1.31 Increased By ▲ 0.15 (12.93%)
YOUW 3.75 Increased By ▲ 0.54 (16.82%)
BR100 12,375 Increased By 1134.1 (10.09%)
BR30 35,477 Increased By 3343.2 (10.4%)
KSE100 116,894 Increased By 9719.8 (9.07%)
KSE30 35,769 Increased By 3120.7 (9.56%)

ISLAMABAD: The Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah has unearthed systematic flaws in security of confidential/classified data of taxpayers and directed the Pakistan Revenue Automation Limited (PRAL) to develop security policies/infrastructure and implement international standards for protection against future cyber attacks on Federal Board of Revenue’s (FBR) website.

The Federal Tax Ombudsman (FTO) in a landmark investigation found that due to incompetence, and ineptitude in the discharge of duties by FBR & PRAL, confidential/classified data of FBR Web portal was hacked.

According to details, tax lawyer Waheed Shahzad Butt has filed a public interest complaint against the FBR/PRAL key position holders, wherein after a comprehensive investigation, FTO Dr Jah concluded that FBR/ PRAL is not using any software to manage its Network Security policies and FBR has filed a false/wrong statement regarding the system disrupted period which is also contrary to the Finance Minister’s stance and using expired certification.

FTO order states: “The above analysis clearly reflects maladministration oozing out of neglect, inattention, delay, incompetence and ineptitude of FBR & PRAL’s functionaries, in the administration and discharge of assigned duties and responsibilities. PRAL data centre is not equipped with any Instruction Prevention/ Intrusion Detection system, a material systematic flaw exposing security of its database. PRAL data centre is not compliant to some credible International Standard and its certification was also expired in December 2020.

Security of taxpayers' data: No action taken against PRAL officials

When contacted Waheed Shahzad Butt told this correspondent that Cyber attack on key data websites, data and data centres of FBR/PRAL pose a threat that can undermine the security capabilities of a state (Pakistan). It can cause significant economic damages including ongoing crucial CPEC activities. Mastermind of this nefarious move and all team members including public servants working in FBR/PRAL must be removed from Government of Pakistan Services and criminal cases must be registered against all of them for not providing security to the confidential/classified data of taxpayers of Pakistan, solely due to their extreme inefficiency, negligence and corrupt practices for not buying the computer soft-wares and using pirated versions.

Waheed further added the hacking took place at a time when the Cabinet Division has also shifted its business online. Same episode has already been unmasked by the FTO in C. No. 507/2013 [2014 PTD 1353 = 109 Tax 1]. The failures in combating cyber threats can lead to a national crisis, as it is an integral part of Pakistan’s defence.

FTO directed the FBR to carry out a complete appraisal of its system’s vulnerabilities in order to avoid any such incident in future. Adopt solutions designed with security as a top priority like Cloud Car which provides protection against widespread system crashes and slow paced operations. PRAL is directed to develop security policies and security infrastructure with the help of efficient security tools like Intrusion Prevention and Intrusion Detection Systems both network-based and host based.

Deploy Comprehensive Security and incident Monitoring (SIEM) Solution in its Data Centre. Implement some credible International Standard (like Tier II, Tier III and Tier IV from Uptime Institute) as protection against any such threat in the future, FTO order added.

Copyright Business Recorder, 2021

Comments

Comments are closed.