ISLAMABAD: Pakistan Telecommunication Authority (PTA) while admitting an increase in cyber attacks complexity unveiled Cyber Security Strategy for the telecom sector - providing a strategic framework and road map for the implementation of National Cyber Security Policy during the next five years (2023-2028).

The strategy envisioned to create a secure, resilient, and trusted digital ecosystem for Pakistan’s telecom sector.

The PTA stated that recent years have witnessed a wave of major security breaches that have revealed vulnerabilities in both sophisticated international and national networks.

The likes of Solar Wind, Microsoft Exchange and Moveit exploits serve as stark reminders, breaching even the most advanced layers of security and propagating on a broad scale.

A recent addition to these is the access of hackers to sophisticated AI tools such as ChatGPT or its malicious variants such as WormGPT or FraudGPT, the use of which can enable even script kiddies to create sophisticated payloads to successfully breach multilayered cyber defence.

Over the past decade, Pakistan has found itself on the receiving end of comparable state-sponsored cyber attacks.

This is of significant concern, especially considering Pakistan’s low standing in global cyber security rankings, which renders the nation susceptible to its adversaries aiming to disrupt national stability.

These cyber security threats are not simply a challenge to our digital networks; they pose a profound risk to our national security, economy, and social fabric.

The Cyber Security Strategy for the telecom sector seeks to ensure the security and resilience of the telecom sector in the face of ever-evolving cyber threats. It outlines various challenges and opportunities associated with the protection of critical telecom infrastructure and provide a framework for collaborative action to address these challenges.

The strategy emphasizes the need for a risk-based, integrated approach to cyber security, and identifies key action areas including risk management and governance, cyber defence and incident response, research and development, and public-private partnerships.

The strategy comprises six pillars, each of which addresses a distinct area of cyber security. The strategy stated that it addresses the challenges posed by the increasing interconnectivity of telecom networks, the cyber threats they face, and the need to protect their data and customer information.

The strategy focuses on areas, such as risk management and governance; cyber defence and incident response; research and development; and public-private partnerships.

It emphasizes the need for a comprehensive and integrated approach to cyber security across the telecom sector and lays out a framework for collaborative efforts to protect critical telecom infrastructure and services.

The strategy also identifies key challenges and opportunities for the sector and provides a roadmap for action to ensure the security of the telecom sector.

The strategy also outlines several initiatives and activities that will be undertaken to help protect the national critical infrastructure. These include enhancing public-private partnerships, investing in research and development, and developing a unified national framework for cyber security.

At a high level, following are the expectations from telecom companies to achieve the objectives of this strategy: a. Telecom companies should ensure that all personnel are trained and educated on cyber security practices and procedures, especially on employees’ responsibilities to ward off insider threats. b. Telecom companies should ensure that their networks and systems are compliant with PTA’s regulations and directives, especially to the CTDISR and Cyber Security Framework. c. Telecom companies are obligated to ensure consistent monitoring and timely updates of their networks and systems to mitigate the risk of cyber attacks.

This can be particularly achieved by establishing CERT/SOCs and facilitating round-the-clock monitoring. Employing skilled Level 1, 2, and 3 resources, alongside clearly defined processes, are paramount to this effort.

Additionally, it is crucial for these companies to ensure the integration of their SOC with nTSOC, which will enable an effective, synergized response to any potential cyber attack.

This proactive, unified approach is crucial for enhancing overall cyber resilience in the telecom sector. d. Telecom companies must implement robust measures to protect customer data from unauthorized access.

Prioritizing data privacy is essential to maintain trust among users. e. Telecom companies should ensure that their systems are designed to detect and respond to cyber security incidents promptly. f. Telecom companies should frequently assess their systems and networks to ensure that security flaws are identified and addressed.

In this regard, they need to devise and practice a well-defined three tier audit process, culminating in validation by the PTA cyber security team.

The operators should approach this effort positively, cooperating with external teams to improve their security posture. g. Telecom companies should collaborate with other organizations within the industry and PTA in sharing relevant information about cyber security threats and incidents. Instead of hiding cyber incidences, we should be working on a mutual-trust model to fight this menace jointly. And, h. Telecom companies should provide customers with information about cyber security threats and how to protect themselves from such threats.

Copyright Business Recorder, 2023


Comments are closed.