Heavy reliance on computers and the internet has altered the life of a common man in a number of ways. It is perceived that the world which is apparently so large has dwindled to a number of devices and gadgets. The use of technology is a common practice as from communicating through e-mail to carrying out transactions electronically, going to places for study to e-learning and flourishing businesses through e-business, everything comes under one thing. And for now, even governments, militaries, and national security organisations are dependent on computer networks.

This dependency of nation-states on the internet has urged the attention of a number of state and non-state actors to intervene and exploit the vulnerabilities in cyberspace. As cyberspace has become the new place for terrorists and criminals for the glorification of their acts such as recruitment of fellow terrorists, motivating others using several platforms, providing tools for communications and trainings of the potential recruits and broadcasting of illegal and violent content all in real life with anonymity in a much cheaper way.

Knowing the fact that there is a dark side of surfing the internet where criminals, terrorists, pedophiles and hackers can carry out their activities illegally. These activities are carried out in Dark Web, Dark Net or Deep Web where data and information are password locked and where the user is required a special software (TOR in most cases) to operate and where the data is trapped behind pay walls. Taking the advantage of their anonymity, individuals and groups can use cyberspace to threaten and harass citizens, specific groups, communities and even countries as well. The growing use of cyberspace for such illegal and criminal activities has already warned states to look in to the matter with serious concentration.

The notion of Digital Pakistan is intriguing and is a subject worth paying attention to. A brain child of Prime Minister Imran Khan, Digital Pakistan wants to unleash the full potential of women and young people in the economy by using e-governance as a tool to promote inclusion and do away with various forms of graft. Simultaneously, accepting the fact that there are certain areas in cyber security domain that needs attention. With this one can perceive the high risks entangled with cyber security and if these vulnerabilities are not addressed and mitigated on time can make ones present unstable and future disastrous. Cyber has become the fifth domain in which future wars are likely to happen. The lethality of wars in cyberspace becomes obvious when unlike nuclear policies, those states who do not possess nuclear arsenals will not be harmed is not the case anymore. Because there is no exemption from cyber attacks in any case whether you are prepared for it or not.

Though Pakistan has not yet faced severe cyber-attacks on its critical infrastructure, however it is likely possible that in near future the threat will be visible and enhanced with the digitalization of everything. It might be an early prediction for Pakistan but not at all a new thing for other states that have been through this phase and have experienced massive attacks in their countries. It won’t be a right approach to close the eyes in front of a storm that is ahead of us. Even our regional rival i.e. India recently suffered a cyber-attack on Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India, in September and was confirmed by Nuclear Power Corporation of India Limited (NPCIL). One thing that is worth noting is that the initial reports suggested KKNPP and other Indian Nuclear Power Plants Control Systems are stand alone and not connected to outside cyber network and Internet.

This physical isolation of a computer or a local network from the Internet to prevent any outside breach is called an “air gap.” However, this security strategy can leave a nuclear plant quite vulnerable. Some other notable incidents that shook the world include a Distributed Denial-of-Service (DDoS) attack planned in retaliation to the removal of WWII memorial in Tallinn, Estonia. Afterwards another attack in Iran was planned that targeted SCADA systems and is believed to be responsible for causing substantial damage to Iran’s nuclear program.

Even Pakistan herself became a victim of a sustained DDoS attack when State Bank of Pakistan’s services were halted for straight 21 days in 2008 and later in November 2018 again banking industry was targeted which according to reports state that the data from 19,864 cards belonging to customers of 22 Pakistani banks has been put on sale on the dark web in which Bank Islami was the only bank that came to the limelight. Later in December major skimming attack took place when ATMs of Habib Bank Limited (HBL) were targeted. Most recently, an APT organisation “Rattlesnake” targeted Pakistan Navy with an ultimate goal to steal confidential information. The attackers used collision hijacking method of the new LNK file path to deliver false shortcut files by mail or other means. Later, a news revolving around stated the use of dark web by a paedophile who confessed uploading videos of minors after raping 30 children in Pakistan. There are many other incidents experienced by states such as Iran, Russia, China, America and Pakistan.

In a nutshell, when everything will be digitalized and connected to the Internet, the risk of data breaches will also increase. As predicted, the number of threats and attacks with different techniques is likely to increase ten times in the future. Pakistan is already considered as the seventh worst country with regards to cyber security and the status will remain there if adequate pre-emptive actions are not taken. Since, there is a need for Pakistan to establish national Cyber Emergency Response Team (CERT) to cater upcoming cyber threats and a profound and revised policy against cyber-attacks must be made. Moreover, there is a need to understand cyberspace and care about cyber security more than anything.

This is not only helpful in countering national cyber threats in Digital Pakistan but also it will help in countering regional threats as in India-Pakistan conflict, there’s a long-simmering online war, and some very good hackers on both sides. Also, there is a need to develop a culture that supports cyber security and is aware of the peculiarities and vulnerabilities that can be exploited and used against the state and individuals anywhere anytime.

Mubeen Ashraf

The author holds an M.Phil degree in Defence and Strategic Studies. She can be reached Mubeen.0727@gmail.com