Assignment No:2

 What is Cyber Security?

 Cyber Security Threats in Pakistan?
 Cyber Attack in Pakistan
 Cyber Security in International Level?
 Bringing current International Cyber Security in Pakistan?
 Conclusion

 What is Cyber Security?

Cyber Security is the activity or practice of defending or protecting computers, servers,
networks, mobile devices, and all other computing equipment from unauthorize access
or malicious attacks. It’s also known as information technology security. It covers different
contexts from computing to mobile devices, and can be divided into few common
categories.
Network Security is the procedure of securing computer networks from intruders or
other hackers.
Application Security is the process of making your application and software protect from
external attacks. The most successful and protected devices are those who secured in the
practice of designing.
Information Security is about protecting your information in terms of integrity, privacy or
sensitivity that is crucial for all the businesses.
Operational Security deals with all the operational processes of the organization or
corporation. In other words, it focuses on the data assets of the company or country
means that how or where data will be stored and who will able to access and maintain
the information.
Disaster Security and business activity describe the methods and techniques in the time
of emergency when unfortunately, data is accessed or hacked by external users or other
computer hackers. It explains the ways to recover from these incidents and provide a
crucial policy for handling these activities.
End-user Education is the ways to educate the end-users and other employees to be
ready for these incidents and provide effective methods of recovering.
In this advance world, cyber security encompasses valuable and important services for
the development of human life and the atmosphere of challenges and threats. Cyber
security is completely designed for building a strong security system for your computer
software’s, networks, information and other computing resources because in this
developing world where every institution is depending on the computer technology, we
can’t neglect the insecurity of these systems without cyber security. In this new era,
countries can protect their information by helping each other or taking deliberate actions
toward the ways to commutatively secure each other systems.
  Cyber Security Threats in PAKISTAN
Cyber security is a big challenge for many countries including Pakistan. Being a nuclear
power and developing country, Pakistan is always a major topic in international
communities because of less secure cyber security. However, Pakistan contributed with
significant role to decrease the global war on terrorism from the last two decades. Due to
geopolitical location and neighboring with the super power countries, the chances of
different internal and external attacks have increased in this technological world.
Government of Pakistan playing an important role to implement strong security system
for all types of external threats to national institutions or sectors. In Pakistan, major E-
commerce and other markets are utilizing different firewall securities to prevent their
sensitive information but in this advance world, expert hackers can break these types of
protections. The problem is that we are living in the 4th industrial revolution where
countries transformed all it’s data into online services. So, Pakistan is also the country
who is deploying the Internet based services at government level that increased the
possibilities of unauthorized access from internal or external attacks. The International
Telecommunication Union (ITU), a specialized agency of the United Nations responsible
for issues that concern ICTs, in its recent publication ‘Global Cybersecurity Index 2017′
ranked Pakistan at 67 out of 193 member countries. In recent years, there have been
millions of cyber-attacks targeting infrastructure and services. In many cases, hackers
used ransom- ware to make money from the victims. It is, therefore vital that we acquire
the capability of not only defending against such attacks, but also the ability to launch
counter cyberattacks. This is easier said than done, because in most cases the attacker’s
identity is difficult to establish. The nature of internet makes it possible to hide behind its
free for all infrastructures. This is especially so when cyber-attacks are state sponsored.
Also because of the asymmetry of attacks, the hackers enjoy anonymity.

 Cyber Attack in Pakistan

The recent cyber-attack that happened is in October, 2018 in Pakistan. In this attack,
hackers entered into the banking security system of Pakistan and they unauthorizedly
accessed it. Hackers have access to thousands of credit and debit card’s data of the
customers. According to PakCERT (Pakistan Computer Emergency Response Time) threat
intelligence report, approximately 20,000 cards were hacked from 22 different Pakistani
banks. Around $ 60,00000 was stolen from different 6,000 accounts.
These kinds of cyber-attacks tell about the security system of our digital market and
corporate organization level. But in fact, Pakistan is having difficulty to tackle many kinds
of cyber-attacks due to weak cyber security and government policies. We must accept
that cyber security is a complex issue and it requires high level of planning and security
strategies.
  Cyber Security at International Level
Many countries are drafting domestic policies to combat cyber-attacks and cybercrime,
but the larger question is what can be done on the multilateral level since the digital world
routinely ignores national boundaries. One measure of the problem is provided by the
2011 Symantec survey on the scale of cyber-crime, showing that the annual cost of cyber-
crime to individuals in 24 major countries is $114 billion. But, so far, international
initiatives are plagued by the lack of agreed upon frameworks, institutions and
procedures. Below, a few examples—far from a complete list—of the organizations and
initiatives dealing with cybersecurity on the multilateral level:

 Perhaps the largest player in the international cybersecurity arena is the

International Telecommunication Union (ITU). A United Nations organization
comprised of 193 UN member states and over 700 private companies and
organizations, the ITU seeks to create guidelines and frameworks for international
initiatives. ITU facilitates the World Summit on the Information Society (WSIS) and
the Global Cybersecurity Agenda (GCA). It also drafts UN General Assembly
resolutions concerning information security and criminal utilization of information
technology. ITU initiatives are voluntary and merely provide guidelines, serving as
a foundation for customary international law, which means they lack a concrete
legal framework. Still, they do serve to raise awareness on cybersecurity issues,
which is an essential prerequisite for international action.

 The Asia-Pacific Economic Cooperation (APEC) is a working group of 21 nations,

which includes Australia, Canada, China, Japan, Mexico, Russia, Taiwan and the
United States. In 2002 APEC created the Shanghai Declaration Program of Action,
which illustrates the potential for intelligence sharing and cybersecurity defense
through regional partnerships. However, there’s still a lack of clear policy
statements to promote cooperation, and the organization has failed to meet
the Bogor goals set forth in 1994.

 The European Network and Information Security Agency (ENISA) is a working

group tasked with protecting the critical information systems of European Union
member states through prevention and reaction to attacks on these critical
systems. The prevention measures are focused on raising awareness and
information sharing.

 The CERT-EU (Computer Emergency Response Pre-configuration Team) is tasked

with responding to cyber-attacks on information systems of EU member states.
But CERTS often get overloaded with calls and, as a result, responses are
 frequently delayed. Such delays and call-center overload illustrate the larger
challenges of providing adequate funding and member state commitment within
this regional organization.

 Cybersecurity is also an issue under discussion within the NATO-Russia Council, as

both sides have expressed interest in possible cooperation. However, there are
frequent disagreements over definitions, language and terminology. Russia
considers “cyber-attacks” to be a military issue while the U.S. sees them as
criminal activity. The U.S. uses the term “cybersecurity” and for what Russia calls
“information security.” The two countries also have very different notions of what
constitutes Internet censorship.

 Bringing current International Cyber Security in Pakistan?

In 21st century, countries and business firms are employing latest innovative technologies
to make information accessible to all, secure and confidential if need be. States have an
especially significant role in his regard to keep record of their citizens. National Database
and Registration Authority (NADRA) is the only organization which registers and stores
the information about the population (Awan and Memon 2016). In Pakistan’s bid to fight
terrorism, information about its citizen is essential. NADRA further relays the information
to other government agencies for their related purposes. This information is sensitive and
faces a threat of being stolen or fabricated. NADRA may be current target for cyber
terrorism to block or sabotage its essential services, hack human confidential information
and use them for their illegal purposes.
Similarly, other information technology-based services include financial services in
Pakistan. Credit cards, accounts information and other financial information can also be
acquired for theft or fabrication. In Pakistan, banking is increasing its user base at a brisk
pace; the resulting threats are also multiplying. Capital markets, which are the buying and
selling financial markets for long-term debt or investment purpose. This type of capital
markets helps organization as well as government to invest their amount by protecting
them from frauds (Awan and Memon 2016). Nowadays, capital markets are upgraded
into computer-based electronic trading systems. Digital market in Pakistan also faced
cyber-crimes in recent years. So, we have plenty of issues regarding to cyber security that
can only solved by bringing international security policies and strategies in country.
For bringing international cyber security in Pakistan is the biggest challenge of our
government. As I have already explained, developing countries are investing much more
on cyber security as compare to other subjects because in the online world without
efficient security system country can face dangerous results. Pakistan has to increase
cyber security budget and to give special focus on this technology. This also require better
relationship with the neighboring countries because mutual cyber security cooperation
of countries cannot be neglected in any way.

 Conclusion
Nowadays, the ratio of cyber-attacks is increasing rapidly. Skilled cyber terrorists may be
able to create an integrity, availability or confidentiality attack on the network or services
of NADRA, E-government and capital markets of Pakistan. This type of cyber activities
may damage or stop the essential ICT services including NADRA, E-Government
websites, Stock exchanges, Mobile banking and money transfer services which will be
having serious impact on the performance of government services and possibilities of
hacking IDs from NADRA servers and also can be used for any other terrorist activities. In
addition, it will create a collapse or crash the economics of Pakistan by hacking and after
that controlling the stock exchange and financial services by adding their own fake figures.
It is therefore recommended that, viewing the present security situation the country,
design and implementation of cyber security policies are very crucial for the NADRA, E-
Government and capital markets services as well.