ITU Cybersecurity Index 2024: Pakistan Ranked Among Top Tier Countries

International Telecommunications Union (ITU) has ranked Pakistan (score 96.69/100) among top tier countries for cybersecurity in 2024.  Out of a maximum score of 20, Pakistan received 20 for legal measures, 18.21 for technical measures, 20 for organization measures, 20 for capacity development and 18.48 for cooperative measures, according to the Global Cybersecurity Index 2024 report released by the ITU. 

Pakistan Cybersecurity Scores 2024. Source: ITU

Pakistan's tier one cybersecurity ranking is a big improvement from its 79th rank (score 64.88 from 100) it got in the cybersecurity ranking by the ITU in 2020. Four years ago, Pakistan scored 15.97 on legal measures, 12.26 on technical measures, 11.01 on organizational measures, 17.25 on capacity development and 8.38 on cooperative measures. 

Increasing penetration and rapid growth of the Internet user base in Pakistan has brought in a lot of user complaints of bullying and fraud, necessitating government action, including new legislation and capacity building to fight cyber crimes. 

Pakistan Telecom Indicators as of July 2024. Source: PTA

Back in 2018, Pakistan launched its National Center for Cyber Security (NCCS) as a joint project of Higher Education Commission (HEC) and the Federal Planning Commission. The Center includes several Research and Development (R&D) Labs at Pakistani universities. These universities have been given the mandate to establish NCCS affiliated Labs in different specialties of cybersecurity under the Center's secretariat.  Earlier this year, Pakistan's economic coordination committee (ECC), a ministerial level body, allocated $36 million for work on cybersecurity measures. 

Like many other nations, the cybersecurity threats in Pakistan include hacking, identity theft, cyber-bullying, cyberstalking, spoofing, financial frauds, digital piracy, viruses and worms, malicious software, money laundering, denial of service attacks, electronic terrorism, vandalism, and pornography. 

Pakistan has passed a cybercrime bill and established a National Response Center for Cyber Crime (NR3C).  NR3C has expertise in Digital Forensics, Technical Investigation, Information System Security Audits, Penetration Testing and Training. Since its inception, it has been involved in capacity building in various departments including Police, Intelligence, Judiciary and Prosecutors. Cyber Scouts is the latest initiative of NR3C, in which, selected students of different private/public schools are trained to deal with computer emergencies and increasing awareness of cyber threats amongst their fellow students, teachers and parents.


Comments

Riaz Haq said…
Cyber Warfare And Emerging Technologies: Securing Pakistan’s Future – OpEd – Eurasia Review

https://www.eurasiareview.com/22102024-cyber-warfare-and-emerging-technologies-securing-pakistans-future-oped/


As technology continues to evolve, future wars will likely be fought not by humans alone but with machines playing a central role. However, human control may still influence the operations of these machines, especially in cyber warfare.

Today, states have a variety of methods to attack each other that go beyond conventional warfare. These include cyber operations alongside military, economic, or political strategies. With emerging innovations and recent technological advancements, cyberspace has become a new domain of warfare, presenting complex threats. From a national security perspective, cyber warfare—the use of information technology to infiltrate a country’s classified databases or strike its essential systems—is one of the most menacing forms of conflict.

The frequency and intensity of cyber warfare are increasing, fueled by the advancement of technologies such as artificial intelligence (AI) and quantum computing (QC). These technologies not only amplify the number of cyber threats but also increase their sophistication. To secure its place as a dominant force in cyberspace, Pakistan must begin mastering these cyber realms today. By positioning itself as a hub of AI and QC, Pakistan can make a significant global impact.

Cyber Warfare
Cyber warfare refers to computer and network operations intended to control or disrupt vital ICT resources in a state or government, aiming to cause harm or espionage. In many countries, the dependency on technology has made cyber threats more frequent.

A historic example is the Morris Worm, the first major hacker attack that affected up to six thousand computers, causing losses ranging from one hundred thousand to millions of dollars. It targeted Unix operating systems, deleting files and slowing down operations. Another significant incident was the Stuxnet Worm, used by the United States against Iran’s nuclear program. Stuxnet not only destroyed nearly 1,000 uranium enrichment centrifuges, delaying Iran’s nuclear ambitions, but it also infected Windows computers and networks, spreading rapidly through a USB drive.

AI and Quantum Computing in Warfare
AI and QC are shaping the future of technology and warfare. AI, which processes vast amounts of data and runs algorithms to identify patterns, is highly advanced and adaptable. However, its potential use in weapon technology raises serious concerns. QC, with its unparalleled computational power, can perform calculations simultaneously by leveraging quantum mechanics.

Both AI and QC pose serious threats to national security because of their autonomous capabilities and the difficulty of preventing them from being exploited. AI systems, which can simulate human intelligence, are revolutionizing problem-solving and innovation but are also susceptible to cyberattacks. Data breaches in centralized servers, which house sensitive information, can expose AI systems to these attacks, allowing hackers to target critical infrastructure like power grids or classified databases.

In military operations, the integration of AI—especially in autonomous weapon systems—could surpass conventional forces in terms of both damage and risk. However, for a country like Pakistan, AI has the potential to strengthen cyber defenses and augment intelligence capabilities, providing a vital edge in defense strategies. Properly managed, AI could defend against emerging cyber threats while significantly improving data analysis and cybersecurity efforts.
Riaz Haq said…
Russian FSB Hackers Breach Pakistani APT Storm-0156

(Russian) Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure (Pakistan's), and stole the same kinds of info it targets in South Asian government and military victims.

https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156

Hackers operating on behalf of Russian state intelligence have breached hackers operating out of Pakistan, latching onto their espionage campaigns to steal information from government, military, and defense targets in Afghanistan and India.

In December 2022, Secret Blizzard (aka Turla) — which the Cybersecurity and Infrastructure Security Agency (CISA) has tied to Russia's Federal Security Service (FSB) — gained access to a server run by another advanced persistent threat (APT), Storm-0156 (aka Transparent Tribe, SideCopy, APT36). It soon expanded into 33 separate command-and-control (C2) nodes operated by Storm-0156 and, in April 2023, breached individual workstations owned by its fellow hackers.

Since then, researchers from Microsoft and Black Lotus Labs say, Secret Blizzard has been able to leech off of Storm-0156's cyberattacks, accessing sensitive information from various Afghani government agencies and Indian military and defense targets.

---------------------

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/

In this first of a two-part blog series, we discuss how (Russia's) Secret Blizzard has used the infrastructure of the Pakistan-based threat activity cluster we call Storm-0156 — which overlaps with the threat actor known as SideCopy, Transparent Tribe, and APT36 — to install backdoors and collect intelligence on targets of interest in South Asia. Microsoft Threat Intelligence partnered with Black Lotus Labs, the threat intelligence arm of Lumen Technologies, to confirm that Secret Blizzard command-and-control (C2) traffic emanated from Storm-0156 infrastructure, including infrastructure used by Storm-0156 to collate exfiltrated data from campaigns in Afghanistan and India. We thank the Black Lotus Team for recognizing the impact of this threat and collaborating on investigative efforts. In the second blog, Microsoft Threat Intelligence will be detailing how Secret Blizzard has used Amadey bots and the PowerShell backdoor of two other threat actors to deploy the Tavdigbackdoor and then use that foothold to install their KazuarV2 backdoor on target devices in Ukraine.

Popular posts from this blog

Pakistani Women's Growing Particpation in Workforce

Pakistan's Saadia Zahidi Leads World Economic Forum's Gender Parity Effort

Pakistan Among World's Largest Food Producing Countries