Federal Minister for IT and Telecommunication Syed Aminul Haque on Wednesday inaugurated the Public Key Infrastructure (PKI) for National Root Certification Authority.
Addressing the ceremony, Haque said that the Electronic Certification Accreditation Council (ECAC) had established the PKI for National Root Certification Authority for the government, public and private sector entities. “It will be the first certification authority that will establish trust and security in electronic transactions within the country. It will be globally recognised as well as through the WebTrust audit and a highly secured PKI for the accreditation of certification service providers (CSPs).”
Haque underlined that the establishment of National Root Certification Authority was a step towards the achievement of accelerated digitisation. “It’s a historic occasion for ECAC and a milestone that has been achieved by the government.” The minister stated that Pakistan had witnessed a dynamic revolution in the sphere of e-commerce and e-governance.
The use of digital signatures was unpredictable as it was unregulated due to the non-existence of the National Root Certification Authority. Other constraining factors were the monopolistic existence of a certification authority in the private sector and the lack of enforcement and implementation in the public sector by the appropriate authorities, he added.
However, there “is enormous use of digital signatures in public and private sectors in the digital contract signing, web hosting, e-mails, e-voting of intermediaries, e-filing and e-office services”.
It is worth noting that currently all the certificates used to secure these services within Pakistan are imported certificates either from foreign certification service providers like VeriSign, DigiCert, Entrust or GoDaddy or through their partners/ resellers in Pakistan. This is a burden on the foreign exchange reserves as well as a security risk.
“As Pakistan embarks on its journey towards becoming a truly digital economy, the establishment of a regulatory framework for ensuring data protection, establishing trust, and maintaining security of all digital transactions, documents and systems is essential,” the minister said.
“PKI is a set of hardware, software, policies, processes and procedures required to create, manage, distribute, use, store and revoke digital certificates and public keys. Manual certificate management processes have not kept up with the evolution of IT environment,” explained SI Global Solutions CEO Noman Ahmed Said.
“As enterprises continue to deploy PKI for new-use cases, PKI governance inevitably becomes necessary. Identity management and access control are crucial for a zero-trust security strategy,” he added.
“PKI is vital to implementing zero trust because it provides a strong user authentication. The diversity of PKI used in a modern enterprise is driving a shift to vendor-agnostic PKI platforms with the ability to monitor and manage digital certificates from different roots, in different environments and with different lifecycles and applications,” Noman expounded.
“This added security allows for a safer transfer of information and data over cloud-based services and the Internet of Things.”
Published in The Express Tribune, December 8th, 2022.
Like Business on Facebook, follow @TribuneBiz on Twitter to stay informed and join in the conversation.
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ