Federal cabinet has approved Computer Emergency Response Teams (CERTs) Rule 2023. These rules are in compliance with National Cyber Security Policy 2021. They will provide a legal umbrella for establishment and operations of proposed CERT Council – which will be a forum to coordinate, control and consult National CERT and other regional and sectoral CERT team.

Pakistan’s cyber security governance is being run under exclusive national cyber security frameworks, as seen in the best practices worldwide. For the protection of cyber frontiers of a country, frameworks are arranged in an institutionalized manner. In such systems, chief information security officers (CISO) directly report to chief executive. Cyber risk officers can be assigned for risk management who have dedicated security budget and performance evaluations of cyber security measures, which are entirely independent of the ICT domain, across the country or globally.

Federal Minister for IT & Telecom Syed Amin Ul Haque has said “These Rules further provide a state-of-the-art proactive and integrated risk management process for identifying and prioritizing protective measures regarding cyber-security”.

The specific responsibilities, functions and services of these CERT teams are also outlined in rules.

This CERT Council will also establish, oversee and operate multiple Security Operation Center (SOC) across Pakistan. These SOCs will continuously monitor and improve processes, technology and cyber security posture of digital Pakistan while preventing, detecting, analyzing, and responding to cybersecurity incidents.

These recent developments highlight Pakistan’s vision on cyber; not only restricted to securing assets but also emphasizes establishing resilience through a robust and continually improving digital ecosystem as well as establishing independent cyber authority to ensure the cyber security of Pakistan.

Tier 3 believes establishing this CERT Council is the need of time. It will serve as a central body at the federal level, mainly responsible for coordinating and implementing cyber security measures at national, provincial, and all organizational levels