BAFL 51.82 Decreased By ▼ -0.69 (-1.31%)
BIPL 22.37 Decreased By ▼ -0.43 (-1.89%)
BOP 5.63 Decreased By ▼ -0.05 (-0.88%)
CNERGY 4.96 Decreased By ▼ -0.13 (-2.55%)
DFML 18.84 Decreased By ▼ -0.51 (-2.64%)
DGKC 79.66 Decreased By ▼ -1.14 (-1.41%)
FABL 32.51 Decreased By ▼ -0.59 (-1.78%)
FCCL 19.84 Decreased By ▼ -0.39 (-1.93%)
FFL 10.61 Increased By ▲ 0.04 (0.38%)
GGL 13.53 Decreased By ▼ -0.09 (-0.66%)
HBL 124.52 Decreased By ▼ -5.65 (-4.34%)
HUBC 119.55 Decreased By ▼ -3.07 (-2.5%)
HUMNL 7.92 Decreased By ▼ -0.13 (-1.61%)
KEL 4.49 Increased By ▲ 0.04 (0.9%)
LOTCHEM 27.82 Decreased By ▼ -0.10 (-0.36%)
MLCF 41.76 Decreased By ▼ -0.94 (-2.2%)
OGDC 125.24 Decreased By ▼ -0.37 (-0.29%)
PAEL 22.04 Increased By ▲ 0.69 (3.23%)
PIBTL 6.25 Increased By ▲ 0.13 (2.12%)
PIOC 116.05 Decreased By ▼ -1.95 (-1.65%)
PPL 113.96 Increased By ▲ 0.11 (0.1%)
PRL 30.11 Decreased By ▼ -1.69 (-5.31%)
SILK 1.25 Increased By ▲ 0.15 (13.64%)
SNGP 70.12 Increased By ▲ 0.72 (1.04%)
SSGC 13.56 Decreased By ▼ -0.16 (-1.17%)
TELE 9.51 Increased By ▲ 0.27 (2.92%)
TPLP 15.13 Increased By ▲ 0.38 (2.58%)
TRG 97.42 Increased By ▲ 4.57 (4.92%)
UNITY 28.26 Increased By ▲ 0.76 (2.76%)
WTL 1.71 Increased By ▲ 0.05 (3.01%)
BR100 6,781 Decreased By -34.3 (-0.5%)
BR30 23,966 Decreased By -279.4 (-1.15%)
KSE100 66,012 Decreased By -211.3 (-0.32%)
KSE30 22,048 Decreased By -75.1 (-0.34%)

ISLAMABAD: The Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah has unearthed systematic flaws in security of confidential/classified data of taxpayers and directed the Pakistan Revenue Automation Limited (PRAL) to develop security policies/infrastructure and implement international standards for protection against future cyber attacks on Federal Board of Revenue’s (FBR) website.

The Federal Tax Ombudsman (FTO) in a landmark investigation found that due to incompetence, and ineptitude in the discharge of duties by FBR & PRAL, confidential/classified data of FBR Web portal was hacked.

According to details, tax lawyer Waheed Shahzad Butt has filed a public interest complaint against the FBR/PRAL key position holders, wherein after a comprehensive investigation, FTO Dr Jah concluded that FBR/ PRAL is not using any software to manage its Network Security policies and FBR has filed a false/wrong statement regarding the system disrupted period which is also contrary to the Finance Minister’s stance and using expired certification.

FTO order states: “The above analysis clearly reflects maladministration oozing out of neglect, inattention, delay, incompetence and ineptitude of FBR & PRAL’s functionaries, in the administration and discharge of assigned duties and responsibilities. PRAL data centre is not equipped with any Instruction Prevention/ Intrusion Detection system, a material systematic flaw exposing security of its database. PRAL data centre is not compliant to some credible International Standard and its certification was also expired in December 2020.

Security of taxpayers' data: No action taken against PRAL officials

When contacted Waheed Shahzad Butt told this correspondent that Cyber attack on key data websites, data and data centres of FBR/PRAL pose a threat that can undermine the security capabilities of a state (Pakistan). It can cause significant economic damages including ongoing crucial CPEC activities. Mastermind of this nefarious move and all team members including public servants working in FBR/PRAL must be removed from Government of Pakistan Services and criminal cases must be registered against all of them for not providing security to the confidential/classified data of taxpayers of Pakistan, solely due to their extreme inefficiency, negligence and corrupt practices for not buying the computer soft-wares and using pirated versions.

Waheed further added the hacking took place at a time when the Cabinet Division has also shifted its business online. Same episode has already been unmasked by the FTO in C. No. 507/2013 [2014 PTD 1353 = 109 Tax 1]. The failures in combating cyber threats can lead to a national crisis, as it is an integral part of Pakistan’s defence.

FTO directed the FBR to carry out a complete appraisal of its system’s vulnerabilities in order to avoid any such incident in future. Adopt solutions designed with security as a top priority like Cloud Car which provides protection against widespread system crashes and slow paced operations. PRAL is directed to develop security policies and security infrastructure with the help of efficient security tools like Intrusion Prevention and Intrusion Detection Systems both network-based and host based.

Deploy Comprehensive Security and incident Monitoring (SIEM) Solution in its Data Centre. Implement some credible International Standard (like Tier II, Tier III and Tier IV from Uptime Institute) as protection against any such threat in the future, FTO order added.

Copyright Business Recorder, 2021

Comments

Comments are closed.