In today's interconnected world, where digital boundaries transcend physical borders, securing a country's digital airspace has become crucial for national security. While physical borders have long been defended, the need to safeguard the virtual landscape has emerged as a pressing concern as it plays an integral role in national security and critical infrastructure.
Pakistan is experiencing rapid technological advancement and has a growing digital landscape. Safeguarding the nation's digital airspace is of utmost importance. From cyber threats that can disrupt essential services to the potential compromise of sensitive citizen data, the vulnerabilities are vast.
The digital airspace, analogous to the national airspace, encompasses the virtual domain where data flows, communication takes place, and information is exchanged. It is the foundation upon which modern societies are built, facilitating everything from government operations to economic activities and social interactions. However, with increased reliance on digital systems comes a multitude of threats that can compromise national security and critical infrastructure.
Cyber threats and attacks pose significant risks to a country's stability and sovereignty. They can range from disruptive distributed denial-of-service (DDoS) attacks that paralyse government networks to sophisticated data breaches that expose sensitive citizen information. The consequences of such breaches are far-reaching, potentially undermining public trust, compromising national defence strategies, and facilitating espionage or sabotage by malicious actors.
Recently, Twitter users in Gilgit Baltistan reported the site was incorrectly displaying their location to be India, rendering access to official Pakistani government accounts difficult. This geolocation anomaly in Gilgit Baltistan highlights the vulnerabilities within the digital airspace. This incident raises questions about the flaws in the government's efforts to protect the digital space and the potential manipulation or influence of third-party systems.
To address these challenges, there is a growing need for a dedicated governing body focused on securing the nation's digital airspace. Such an entity would be responsible for formulating and implementing robust cybersecurity measures, coordinating efforts between various stakeholders, and advocating for digital rights and protection. By treating digital airspace as a critical national asset, Pakistan can proactively safeguard its digital infrastructure, mitigate cyber threats, and maintain sovereignty in the virtual realm.
On the other hand, securing the digital border and airspace is not without its challenges. Limited resources, both financial and technological, pose significant obstacles to the effective implementation of cybersecurity policies. Additionally, a lack of political will and awareness further hampers progress in this vital area. Overcoming these challenges necessitates public education and awareness campaigns to empower individuals with the knowledge and tools to contribute to the protection of the digital frontier.
Here we will talk about how important a country’s digital airspace is and how its protection is as vital as protecting a nation’s physical borders.
Geolocation glitch or political motive?
It has come to light that Twitter has blocked access to the Government of Pakistan's official account in Gilgit-Baltistan (GB) and changed the region's location to parts of India. Twitter users in GB have reported that they are unable to access the government's official account, and when they turn on the location feature, tweets sent from the region are marked as originating from India-held Kashmir (IIOJK).
The issue was brought to the public’s attention when several Twitter users in GB complained about the inability to access the government's account from the region. They received a message stating that their account has been withheld in India in response to a legal demand. This raised concerns among the users and sparked a debate about whether it was a geolocation glitch or a deliberate political move.
Asad Baig, a digital rights activist, who has also worked substantially on cyber security, acknowledged the issue and emphasised the need for investigation. "If it's a mistake, it should obviously be corrected immediately. If it's anything other than that, the Government of Pakistan should take it up with Twitter, and maybe also other appropriate forums," he told The Express Tribune while pointing out that the incident raises questions about the governance of the internet and the influence of a country's laws over digital platforms.
Twitter users in GB shared their experiences, expressing frustration over the incorrect geotagging. Shabbir Mir Shina, a Twitter user from Gilgit, tweeted, "While I'm in Gilgit, with my location on, Twitter locates me in Jammu & Kashmir. And yes, @GovtofPakistan isn't accessible either. This means India intruded into Pakistan's digital space, influencing @elonmusk and his Twitter." Another user, Karim Shah Nizari, reported that he was unable to add Pakistan's location to his tweets and could only select "Jammu and Kashmir". He also noted that the official Twitter accounts of the Pakistani government, inaccessible in Indian-held Kashmir, were also not working in GB.
Shabbir told The Express Tribune that people are stating this as propaganda, but this is the reality. “This is done from Twitter’s end or any other social media. When we enable location and try to tag location we see these issues. This is probably due to the influence that India has on Twitter,” he said.
The Gilgit Baltistan government's information department issued a press release dismissing the claims as "baseless" and stating that there were no restrictions on internet freedom, media, and expression in the entire region. However, this response seemed to miss the point, as the issue was not about local restrictions but rather Twitter's suspension of the government's account. The Pakistan Telecommunication Authority (PTA) investigated the matter and concluded that there was no widespread problem, attributing any sporadic issues to a small number of iOS devices.
Twitter’s location policy says, “All geolocation information begins as a location (latitude and longitude), sent from your browser or device. If you have chosen to attach location information to your Tweets, your selected location label is displayed.”
It further states, “When you use the in-app camera on Twitter for iOS and Android to attach a photo or video to your Tweet and toggle on the option to tag your precise location, that Tweet will include both the location label of your choice and your device's precise location (latitude and longitude), which can be found via API. Your precise location may be more specific than the location label you select.”
Ensuring Cybersecurity: Key Threats to Pakistan's Digital Airspace
This incident raises concerns about the vulnerability of a country's digital airspace and the potential for political manipulation. Asad Baig highlighted the need for strong cybersecurity measures and robust implementation of cyber policies to safeguard national interests.
The incident in Gilgit Baltistan serves as a reminder that securing a country's digital borders and airspace is crucial in the face of increasing cyber threats. It requires collaboration between digital rights activists, governments, and other stakeholders to advocate for robust cybersecurity measures and protect the integrity of digital infrastructure. Additionally, public awareness and education play a vital role in empowering individuals to contribute to securing the digital border.
Pakistan, like any other nation, faces various threats to its digital infrastructure and must take proactive measures to safeguard it. Baig shed light on some of the key threats and the urgency to address them effectively.
Baig emphasised that the absence of digital borders makes critical infrastructure vulnerable unless adequately secured. "That's the thing, there are no 'borders' digitally speaking, which is why the 'critical infrastructure' of any country is so vulnerable unless it is properly secured," he said, adding that critical infrastructure extends beyond defence and includes communication systems such as airlines, power grids, and telecommunications.
Discussing the risks posed by cyber threats and attacks, Baig highlighted their potential impacts on national security and critical infrastructure. He explained, "Given that governments are substantially going digital, cyber attacks can be extremely dangerous, and can cause disruption to the working of government services to the loss of critical citizenry data." Baig cited a previous incident where a significant portion of the National Database and Registration Authority's (NADRA) database was exposed online, creating the potential risk of unauthorised access to sensitive citizen data.
When it comes to threats to a country's digital airspace, Baig outlined several common risks. These include Distributed Denial of Service (DDoS) attacks, data theft, and website defacement. DDoS attacks involve overwhelming a system or network with a flood of incoming traffic, causing service disruption. Data theft refers to unauthorised access and extraction of sensitive information, which can have severe consequences for national security and individual privacy. Website defacement involves altering the appearance or content of a website, often for malicious or political purposes.
To advocate for robust cybersecurity measures and protection of the digital border, Baig stressed the importance of collaboration between digital rights activists, governments, and other stakeholders. He stressed the need for public education and awareness, especially among government officials and staff members, to bring about a behavioural shift in cybersecurity practices.
Looming threats on the horizon
It is essential to explore the diverse range of threats, examine their potential impact, highlight real-world examples, and raise awareness about the need for proactive measures to mitigate cyber risks.
Cyber attacks come in various forms, targeting vulnerabilities in digital infrastructure and systems. From sophisticated nation-state actors to organised cybercriminal groups, the threat landscape is continuously evolving. Countries like Pakistan must remain vigilant to protect their sensitive information, infrastructure, and national security interests.
One of the primary concerns is the potential impact of cyber attacks on essential services. Attacks targeting power grids, transportation systems, healthcare facilities, and financial institutions can disrupt daily operations, leading to significant economic and societal consequences. Such disruptions can compromise public safety, hamper critical services, and result in substantial financial losses.
Examining real-world examples gives us further perspective on the gravity of cyber threats. The Stuxnet worm, which targeted Iran's nuclear facilities, demonstrated the potential of cyber attacks to disrupt critical infrastructure on a large scale. This attack highlighted the vulnerability of industrial control systems, raising concerns about the potential for similar attacks on countries like Pakistan that rely on such systems for key sectors.
Another example is the NotPetya ransomware attack, which caused widespread damage to businesses globally. While not specifically targeting a nation's infrastructure, it showcased the potential for cyber attacks to have far-reaching consequences beyond individual organisations. The attack disrupted operations, paralyzed systems, and resulted in significant financial losses.
These examples serve as stark reminders of the need for proactive measures to mitigate cyber threats. Cybersecurity must be a top priority for governments and organisations alike. It involves adopting robust defence mechanisms, such as implementing multi-layered security protocols, conducting regular vulnerability assessments, and establishing incident response plans.
Moreover, fostering international cooperation is crucial in combating cyber threats. Given the global nature of cyber attacks, collaboration among nations is essential for sharing threat intelligence, coordinating responses, and establishing international norms and guidelines for responsible behaviour in cyberspace.
Raising awareness about cyber threats is also imperative. Educating the public, organisations, and policymakers about the potential risks and best cybersecurity practices can enhance preparedness and response capabilities. Promoting a culture of cybersecurity, including regular employee training, encourages individuals to remain vigilant and actively contribute to the collective defence against cyber attacks.
“Public education, more importantly, the education of public office holders, and government officers and staffers is a massive challenge,” Baig said. “If you read the cyber security policy of Pakistan, you'll realise that a complete behavioural shift is needed, in addition to the monetary resources, for its implementation. This would require a concentrated effort, but again, not much is being done right now,” shared Baig.
The diverse range of cyber threats faced by countries like Pakistan necessitates a comprehensive and proactive approach to cybersecurity. By exploring these threats, understanding their potential impact, and highlighting real-world examples, we can raise awareness about the need for robust measures to mitigate cyber risks. Building resilience, fostering international cooperation, and promoting a cybersecurity-aware culture are key steps in safeguarding essential services and critical systems from the perils of cyber attacks.
The Need for Robust Policies: Strengthening Cybersecurity Measures
In Pakistan, it is essential to assess the existing cybersecurity policies and their efficacy, identify gaps and areas for improvement, advocate for comprehensive cybersecurity measures, and emphasise the importance of proactive measures, incident response, and international collaboration in ensuring cyber resilience.
A crucial starting point is assessing the existing cybersecurity policies in Pakistan. While the country does have cybersecurity frameworks in place, their effectiveness and implementation need to be evaluated. It is essential to determine whether these policies align with international best practices, address the unique challenges faced by Pakistan, and provide a solid foundation for a resilient cybersecurity posture.
Baig stressed that protecting a country's digital infrastructure requires the implementation of robust cybersecurity practices. While Pakistan has a cybersecurity policy, Baig lamented its lack of effective implementation, particularly in the public sector. He stated, "It's extremely essential to have an adequate cyber security policy. In Pakistan, we do have a policy, but its implementation is almost non-existent, mainly in the public sector."
However, Baig acknowledged that securing Pakistan's digital border and airspace presents significant challenges, primarily due to limited resources and the need for political will. He highlighted the resource constraints faced by federal and provincial departments and the necessity for strong monitoring of cybersecurity implementation practices.
Pakistan faces the challenge of allocating resources to cybersecurity initiatives, particularly in a resource-constrained environment. Additionally, Baig underscored the need for political will to prioritise cybersecurity and drive its implementation across government departments and agencies.
Identifying gaps and areas for improvement in current cybersecurity frameworks requires a comprehensive review of existing policies in order to pinpoint deficiencies, inconsistencies, or outdated provisions. Additionally, it is crucial to assess the readiness of public and private organisations in implementing cybersecurity measures and determine whether there is a need for capacity-building initiatives.
Pakistan has enacted laws and regulations to protect its digital space and ensure cybersecurity within its borders. These laws aim to safeguard digital infrastructure, combat cyber threats, and regulate online activities. Here are some key legal frameworks related to digital space in Pakistan:
Prevention of Electronic Crimes Act (PECA) 2016: PECA is the primary legislation in Pakistan for addressing cybercrimes and protecting its digital space. It criminalises various offences, such as unauthorised access to data, cyber terrorism, cyber stalking, and identity theft. PECA also establishes procedures for investigation, prosecution, and international cooperation in cybercrime cases.
Pakistan Telecommunication (Re-organisation) Act 1996: This act regulates the telecommunications sector in Pakistan and provides the legal framework for managing digital communications, networks, and services. It includes provisions related to the protection of user data, privacy, and the authority of the PTA to monitor and regulate the sector.
Data Protection Laws: Pakistan is in the process of finalising its data protection legislation. The Personal Data Protection Bill is currently under consideration and aims to establish a comprehensive framework for the protection and processing of personal data in the country. Once enacted, it will provide safeguards for individuals' privacy and regulate the collection, storage, and processing of personal data by entities operating in Pakistan.
Cyber Security Strategy: The National Cyber Security Policy and the National Response Center for Cyber Crimes (NR3C) have been established to develop a comprehensive cyber security strategy, coordinate cyber defence efforts, and enhance capabilities for addressing cyber threats and incidents.
Advocating for the development and implementation of comprehensive cybersecurity measures is essential to strengthening Pakistan's cyber defences. This includes the formulation of clear and enforceable laws, regulations, and standards that cover various sectors, such as critical infrastructure, government systems, and data protection. A comprehensive approach should also consider the promotion of cybersecurity awareness and education to empower individuals and organisations to adopt secure practices.
Proactive measures are key to staying ahead of cyber threats. Establishing robust cybersecurity frameworks involves implementing risk assessment mechanisms, conducting regular vulnerability assessments, and adopting proactive defence strategies. This includes investing in advanced threat detection systems, encryption technologies, and incident response capabilities. By actively identifying vulnerabilities and taking preventive actions, Pakistan can enhance its cyber resilience and minimise the potential impact of cyber attacks.
Furthermore, incident response capabilities are crucial for effective cybersecurity. Developing a robust incident response framework enables prompt detection, containment, and recovery from cyber incidents. This involves establishing dedicated teams, implementing response protocols, and conducting regular drills and simulations. By having a well-defined incident response plan, Pakistan can minimise the impact of cyber attacks and ensure the swift restoration of affected systems.
International collaboration plays a vital role in strengthening cybersecurity measures. Cyber threats transcend national boundaries, making cooperation and information sharing essential. Pakistan should actively engage in international initiatives, share threat intelligence, and collaborate with other countries to combat cyber threats collectively. By participating in forums, contributing to global cybersecurity norms, and forging partnerships, Pakistan can benefit from the collective expertise and enhance its cyber defences.
Pakistan needs robust cybersecurity policies to protect its digital infrastructure effectively. By assessing the existing policies, identifying gaps, and advocating for comprehensive cybersecurity measures, the country can strengthen its cyber defences. Proactive measures, incident response capabilities, and international collaboration are crucial components in ensuring cyber resilience. By prioritising cybersecurity and adopting a comprehensive approach, Pakistan can effectively mitigate cyber threats and safeguard its digital landscape.