By Ms. Maryam Raza, Research Intern at Center for Global & Strategic Studies (CGSS), Islamabad
The impacts of cybersecurity threats are associated with the non-conventional nature of the security paradigm. The 21st century is the century of information, technology, and artificial intelligence (A1). However, technological advancement has increased the threats of cybersecurity that are inflicting negative impacts on the individual, organizational, and state levels. The cybersecurity threats in Pakistan are one of the most unpredictable security challenges to Pakistan that have emerged due to the lack of attention given to this significant security domain previously. In this regard, cyber-based technologies are pertinent to assess and adapt. The cybersecurity domain is pervasive, and there is a need to access the emerging challenges in this area and then adopt such policies that will help to deal with them. This paper aims to examine the evolving cyber challenges to Pakistan, cybersecurity threat management, and how AI will help to curb the implications of cyber threats, build resilience, deterrence, and will provide a way forward.
What is Cyber Security:
cybersecurity is a non-traditional security threat connected with the non-conventional side of the security paradigm. Cybersecurity is defined as, “An act of securing the cyber-based technologies and networks. A body designed to protect devices from damage, harm, and cyber-attack”. Cybersecurity is a means to secure data, networks, software, devices, and programs from unethical use or attack.
Types of Cyberthreats:
Due to rapid digitalization and technological advancement, the cyber domain is subject to several security threats across the globe. Based on their nature, these threats can be divided into the following categories:
- Crypto Jacking
- Back doors
- Domain name system
- Bonnet Software
- Ransomware attack
- Warms and viruses
- Rootkits and Bootkits
- Man in the Middle
- Unpatched software
- Intellectual property theft
- Rogue software
Cyber Security Challenges to Pakistan:
As explained earlier, the emergence of non-traditional security threats such as cybersecurity and climate change, etc. has transformed the nature of the concept of security. In the past, issues related to the economy or territory were considered the most important agenda of national security however, the idea of national security has gone beyond the traditional approach. Now the states have to deal with both traditional and non-traditional security threats that have provided inclusive grounds for the assessment of these threat to both individuals and society. The world has now become a global village in which everybody is interlinked with each other. Thus, advanced threats are most intrinsic to examine.
Computer-based technologies where on one hand are pervasive for the development of a state there on the other hand they are perceived as a threat to states security. Cyber threats are considered now as the perils impacting the main pillars of the national security of any state thus, there is a dire need to build resilience and deterrence to combat such challenges. In this globalized world, cyber-based technologies are an important part of our society and the exposure to these web-based machines has provided an exclusive playground for cybercrime committers to test their skills bringing down websites by launching cyber-attacks, stealing data, or committing fraud. Cybercrime is, thus, a term that describes any illegal activity committed by using a computer as its primary means of commission and theft.
The lack of cyber management system within the banking sector of Pakistan is also creating a huge loss to the state. In 2018, 19,864 cards of 22 banks were hacked and were sell out on dark website by the hackers, according to an analysis of Pakistan’s Computer Emergency Response Team, PakCERT. Noticing this unusual transaction of Rs 2.6 million done by Cyber attackers Bank Islami blocked its international payment scheme for some time. It was a coordinated cyber-attack in which the payment network of Bank Islami and the international payment scheme was compromised. Hackers on the dark web made these transactions on international ATMs using cards issued by the bank.
In 2019, the mobile phones of some senior Pakistani officials were hacked for covert surveillance. A special type of malware known as “Pegasus” was used for this odious crime. As per the official reports, it was said that the software was allegedly developed by Israeli spyware company the NSO Group. It is assessed that India is now getting more involved in cyber-attacks on Pakistan with the support of Israel. The malware could infiltrate a phone by making a missed call on the targeted WhatsApp number and turn on the phone’s camera and microphone as well as gain access to messages, emails, contacts, and passwords. The malware also has the capability of determining GPS location.
While Pakistan’s negligence over the emerging cyber threats is continued, the system grinds to a halt. It can also hamper the military based data and directly menace the conventional nature of national security of Pakistan. The official websites are highly vulnerable and there is a paucity of resource management to counter these cyber-attacks. It is the responsibility of the government and main institutions to examine the gravity of this issue and start taking meaning full steps at the national level. Nevertheless, Pakistan Information Security Association (PISA), is working in this domain to establish the educational indicators and awareness in the society. Pakistan is observed to be the second-largest country on which cybercrimes can be done easily after Iran.
On the other side, the cyber laws do not that regulate to tackle the perils. The cyber-attacks are mostly based on data breaches whether it is personal or official. These breaches are held on both large and small scale by hackers or cybercriminals.
When little Zainab’s tragic case stormed the media in 2018, an astonishing debate took hold of the media discourse. The reports turned out that the dark cyber world is connected with this crime. In which the perpetrator of this heinous crime was the head of a child pornography ring. The predators were paid by the cryptocurrency in the form of bitcoins and other digital sources entrenched in the dark web. Before that, the rape cases of a massive number of children in Kasoor city were also evidence of the association with the dark web. This envisaged the blockchain they are having at a greater level and their tentacles are all over this web. It includes not just kidnap, rape, and murder cases but also online bullying, women and children smuggling, physical torture for pleasure, rape, assaults, and many more.
Cyber Security Threat Management:
The cyber threats today can be done anywhere in the world and to any extent. It includes various types like malware, blackmailing, theft, ATM skimming, sim cloning by lethal soft wares, etc. Cyber based technologies are now linked with a major part of economies and national security. Recently, Pakistan has faced many cyber-attacks that also exposed the vulnerability of our system. There is a stark need of protecting the websites from outside attacks. It is the need of the time that these threats should be properly managed and addressed and also countermeasures should be taken to protect the data.
Unfortunately, Pakistan is at its lowest in this field. Though Pakistan has the talent to overcome these issues it needs proper management to meet the advanced needs and bypass the weaknesses. A whole new advanced biometric system was introduced in all banks. It was for each bank account as well as for ATMs in Pakistan but still, no management would take responsibility in case of any harm. Last year another cyber-attack takes place in which the website of the Foreign Ministry of Pakistan was hacked by Indians. Also, many important and highly sensitive websites of Pakistan which include NADRA, military organization, sensitive database companies, banks, or multinational corporation’s websites were vulnerable that the attackers find it easy to hack the sites.
Lacking in Policy Making: –
Pakistan has some special cyber laws that are not implemented effectively in Pakistan the reason behind this is the lack of a cybersecurity management system. Sufficient legislation is deficient in assessing and countering cyber threats. Pakistan passed a cybercrime law in 2016 named the “Prevention of Electronic Crimes Act, 2016”. However, the act does not cover many crucial aspects of cybersecurity. The clauses were ambiguous. In this aspect, Pakistan needs more robust cybersecurity regulations that require companies and organizations to protect their computer systems and information from cyberattacks. The regulations should mandate all the small and large government and private departments, to secure their computer systems and information and computer system from unethical attacks and breaches. Such measures are particularly important since the systems of almost all organizations are now connected to the internet and are becoming dependent on big data analytics and AI. This makes them an easy target for hackers.
The Role of AI in cyber defense:
Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. Specific applications of AI include expert systems, natural language processing (NLP), speech recognition, and machine vision. There are three cognitive skills in AI programming: learning, reasoning, and self-correction.
Three Skills of AI Program:
This aspect of AI programming focuses on acquiring data and creating rules for how to turn the data into actionable information. The rules, which are called algorithms that provide computing devices with step-by-step instructions for how to complete a specific task.
This process is based on AI programming focuses on choosing the right algorithm to reach the desired outcome.
This dimension is designed to continually fine-tune algorithms and ensure they provide the most accurate results possible.
Role of AI in cyber defense
Cyber protection is the discipline that will profit almost everyone from the introduction of AI. Where the weakness and sluggishness of conventional techniques from the protection of cyber-attacks, the usage of AI will help a lot in the defense system of Pakistan and to create a deterrence but as compared to other states such as India Pakistan is lagging to secure its data with the help of AI.
AI is made up of a complex algorithm and thus enables us to understand better than human beings. AI tries to defend the system by weighing patterns of behaviors that indicate a threat against predictive logic. Nevertheless, AI and machine language (ML) both can go a long way to help mitigate the effects of cyber-attacks. But still the fastest technological advancement AI could be used to bypass and dismantle cybersecurity systems faster than the other tools can keep up.
However, the new approaches may robust the outright implementation of the security paradigm. Also, it will provide more resilience to the growing challenges and constrain the fears. Socially cautious use of AI approaches to mitigate more associated problems and risks are therefore necessary. There is a reciprocal process, as analyzing AI responses can enable people and countries to improve their understanding and readiness to deal with cyber threats. When AI can observe successful responses to a cyberattack, it becomes self-healing and dynamically replicates the best defense strategies developed by human analysts.
In a nutshell, the solution to Pakistan’s cybercrimes is connected with the advanced technology and evolution of the theme of AI. Cyber-attacks are being held by the opponent state India in many fields from military data-based attacks, NADRA database attacks to the dark web to make the state fragile from inside. As it is said, if a country is weak from the inside it is easy to break it from the outside. The national security of Pakistan is now seen as the comprehensive security by the amalgamation of Non-Traditional security threats (NTS), perils related to the wellbeing of individuals or society.
Nowadays the cyber-attacks are increasing rapidly. Skilled cyber-terrorist may be able to attack the E-government, stock exchange, banking system, sensitive data breaching, mobile banking, money data transferring, services of NADRA, capital market of Pakistan, financial system, and many more sectors. Organizations and institutions are highly dependent on this. The cybersecurity board is obligatory to control and mitigate these cyber threats. Strong and powerful cyber laws and policies are needed in all fields like national cyber force, research centers. Also to add in the compulsory course for the students The national security of Pakistan is in the transforming phase thus it requires massive efforts to mitigate the daunt full effects of the NTS threats on the state, society, and individuals. There is a stark need for comprehensive and sound lawmaking policies with a regulatory body in this domain. Thus, it is therefore recommended by assessing the current security situation of the state that to design and implement proper cybersecurity policies are important for NADRA, E-commerce, and many other online systems associated with the integrity of Pakistan’s national security. A profound view of the cyber world of partnership is also important because it is a global issue not a single state is immune from it. In the future, AI will be playing an intrinsic role to curb the devastating impacts of cybercrimes.