Govt issues draft Computer Emergency Response Teams rules

Javed MirzaWeb Editor

31st Aug, 2021. 04:06 pm
U.S. conducts cyber-attack on Iran

KARACHI: To ensure national and economic security by augmenting information, communication and cyber-security landscape through agile information sharing, timely incident handling and active collaborations, the Ministry of Information has notified draft Computer Emergency Response Teams (CERT) rules.

The National Computer Emergency Response Teams (CERT) is a national initiative to handle ever-emerging challenges in multiple levels and domains of cyber-security risks and vulnerabilities at the national level; and establish an integrated risk management process for identifying and prioritising protective measures regarding cyber-security.

“The aim is to work towards adopting a coherent approach for embedding cyber-security as an integral part of the government’s policies across all domains to tackle vertical domains of cyber-security,” the draft notes.

The draft rules for the establishment of National CERT is the baseline document that defines objectives, roles, services and structure of the National CERT.

“The objective is to develop a national infrastructure for coordinating response to any threat against or attack on any critical infrastructure, information systems or critical infrastructure data, or widespread attack on information systems in Pakistan; develop a capability to support incident reporting across a broad spectrum of constituencies and sectors within Pakistan, including the government, military, critical services and infrastructures, telecommunication, commercial, academic, banking and finance, etc,” the draft noted.

The National CERT aims at supporting the conduct of incident, vulnerability and artifact analysis, infrastructure security assessments, and forensic investigations and disseminate information about reported vulnerabilities and share relevant mitigation strategies with appropriate constituents, partners, stakeholders and other trusted collaborators through a national-level cyber alert system.

CERT will also provide an automated process for collecting, correlating, analysing and sharing computer and network security information across the federal government and important constituencies; help sectoral CERTs, organisations and institutions within Pakistan to develop their own incident management capabilities. It will collaborate with other CERTs and international fora and bodies for information sharing, participation in cyber drills and support for cyber/computer security incidents.

The National CERT will serve as the national point of contact (PoC) and central entity for all matters under relevant clauses of Prevention of Electronic Crime Act (PECA) Section 49 Computer Emergency Response Team and Section 51 that empowers the federal government to make rules for the establishment of the National CERT; and relevant clauses of the National Cyber Security Policy (NCSP) 2021.

The National CERT is designated as a functional unit of the federal government till its establishment as an independent functional unit.

Adsence 300X250