Professional Documents
Culture Documents
Threats of Cyber Security and Challenges For Pakistan: Jawad Awan and Shahzad Memon
Threats of Cyber Security and Challenges For Pakistan: Jawad Awan and Shahzad Memon
Threats of Cyber Security and Challenges For Pakistan: Jawad Awan and Shahzad Memon
Abstract: With the growing volume and sophistication of cyber-attacks, the volume of these attacks reaches to
thousands daily. Cyber security researchers have been working for many years to prevent computers,
databases, programs, systems and networks from unauthorized access, attack, change or destruction.
In addition, it is also a critical issue in discussions of government and security policy makers in current situation
of security round the globe. E-Government services, capital markets, corporations, and other businesses
collect processes and store a large amount of confidential information on computers and transmit that data
over internet for professional purposes. In recent years, Lithuania and Iran are one of the cases those are
practically affected with cyber-attacks. Pakistan has played an important role to stop in global war on
terrorism after 9/11. As a nuclear state and its geopolitical position, the possibilities of various internal and
external security concerns raised during last decade including cyber security. Government of Pakistan is
implementing defence policies which shall stop the entry of terrorists in country and supervise territorial
borders. Critical defence measures for important cyber services of the country such as NADRA (National
Database and Registration Authority), E-Government services and capital markets also requires attention of
government in current security situation. These services are using firewalls and other technologies to protect
systems, however; there are many possibilities by which the terrorists can use cyber as a source to attack,
control and stop the essential ICT services. This paper discusses the Cyber challenges in current unstable
situation of security in Pakistan.
1.0 Introduction
Modern communities have dependent on cyberspace that offers valuable and essential services for the
functionality of human life and the environment as well as the challenges and threats. Cyber Security is a field
which focuses on protecting computers, databases, programs and networks from unauthorized access, change
or destruction. Cyber security aims to offer as well as involves the ability to have influence on the actions and
rules of cyberspace; this requires adequate knowledge for the stability, limitations and vulnerabilities of ICT,
and improving the critical operating factors in cyberspace. In this modern world, this may require innovative,
mature participation among developing countries at various levels of development. However, the analysis of
organizational-related cyber security issues increased the attention of some researchers but little attention has
been paid by researchers in cyber-security and national development, mostly within the countries opinion,
those have to create their nation’s security policies .Cyber security is big challenge for many countries
including Pakistan.
This paper contributes a concise overview of cyber security threats which can seriously affect the Pakistan’s
essential IT services. In addition, it concludes with some recommendations to cyber security policy makers of
Pakistan which can be adopted to prevent the cyber boundaries of country.
425
Jawad Awan and Shahzad Memon
2012), malware (Stuxnet, Flamer virus) hits Iran’s atomic organization and nuclear facilities before escaping
and wreaking havoc on the public Web. Also from another 16th October 2014 report, a phishing campaign
(APWG 2013) has targeted a wide variety of recipients while employing the Dyre/Dyreza banking malware,
which targets sensitive user account/login credentials and send the captured data to malicious actors.
Dyre/Dyreza banking malware is new challenge for developed nations and mostly targeting senders,
attachments, exploits, themes, and payload.
3.0 Essential IT Services in Pakistan
Most of the countries are deploying online services and Pakistan is the one of those developing countries, in
which most of the organizations are deploying information technology services into their infrastructures as
well as higher authorities are taking interest to deploy these types of technology and services into their
infrastructures. NADRA (National Database and Registration Authority) is a centralized national ID database of
Pakistan, which is shared among banks, passport offices, Election Commission Departments, Mobile networks
and FBI (Federal Bureau of Investigation) etc. NADRA is the only organization which registers and stores the
information about the population. According to the report(Threat Track Security 2014), NADRA is on of the top
ranking organizations in the world because of use of state of the art technologies for its services. At present
time, European countries are using SCAP (Security Content Automation Protocol) algorithm for their NVD
(National Vulnerability database) in which data enables automation of vulnerability management, security
measurement, and compliance(APWG 2013). It is noticed that hackers had tried to hack confidential
information (CyberSecurity - Stanford, CA, USA 2014, Pro Pakistani 2013). NADRA may be current target for
cyber terrorism to block or sabotage its essential services, hack human confidential information and use them
for their illegal purposes.
Directorate General of
Immigration & Passports,
Ministry of Interior
E-government is the leading component for modernization and it helps to improve the on-going stress by
increasing their efficiency and modifying to the pressure of modern information society. E-Government is
enabling government organizations to offer efficient and fastest services to their constituents.
Figure2.Iluustrates some of active E-Government services in Pakistan.
Federal Board of
Revenue
Khyber
Pakhtunkhwa Police Excise and Taxation
Services and narcotics
426
Jawad Awan and Shahzad Memon
Capital markets, which are the buying and selling financial markets for long-term debt or investment purpose.
This type of capital markets helps organization as well as government to invest their amount by protecting
them from frauds. Nowadays, capital markets are upgraded into computer-based electronic trading systems.
These trading systems include stock exchanges, investment banks, treasury departments and government
departments. Figure 3 shows the some of online business and financial services used in Pakistan.
According to security professionals (Threat Track Security 2014), expected cyber threats in year 2015 are
illustrated in following figure 4. The maximum number will be APTs and minimum numbers of threats are
mobile infectors. In addition, 23% are targeted malware attacks, Zero-day attacks and insider threats share
13.5%.
Fig: 4 Top threats expected in 2015 [Chart generated from data (Ten, Manimaran & Liu 2010)]
427
Jawad Awan and Shahzad Memon
The percentage of Network threats which are possible in 2015 are illustrated in figure 5. In which, the 28% are
RCP ( Remote Procedure Call) and SQL injection are the second most with possibility of 23% while others are
25%, Browser 17% and cross-site scripting are 7%.
It is also found that most of cyber services were infected in the year of 2015 as illustrated in above figures.
Furthermore, policy makers of Pakistan have to design a framework for the security purpose.
428
Jawad Awan and Shahzad Memon
was presented by minister of IT and Telecommunication (PPF 2015) in which following important issues were
discussed in that bill.
Development of legalization with new investigative power previously not available such as search and
seizure of digital forensic evidence using technological means
Production orders for electronic evidence, electronics evidence preservation orders , partial
disclosure of traffic data
A real time collection of data under certain circumstances and other enabling powers which are
necessary to affectively investigate cyber crime cases
The very technical nature of the new powers that are necessary to investigate and prosecute these
crimes require their exercise to be proportionate with the civil liberty protections afforded to citizens
under the constitution
This can only be achieved through strengthening existing protections and establishing new safeguards
especially against abuse of these new and intrusive powers
The introduction of this new legalization will effectively prevent cyber crimes and will also contribute to the
national security by providing and enabling a secure environment for investments in ICT, eGovernmnet and
eCommerce systems. In addition, it also includes specific safeguards to balance against these intrusive and
extensive procedural powers to protect the privacy of citizens. However, it is not completely effective in case
of exposing of citizens to the unmitigated threats posed by cyber criminals both at home and abroad. It is a
first serious initiative taken by government to prevent cyber crimes as well as to contribute to the cyber
security of the nation. However, it needs to add additional tasks which shall protect not only government but
also citizens of Pakistan.
7.0 Conclusion
Nowadays, the ratio of cyber attacks is increasing rapidly. Skilled cyber terrorists may be able to create an
integrity, availability or confidentiality attack on the network or services of NADRA, E-government and capital
markets of Pakistan. This type of cyber activities may damage or stop the essential ICT services including
NADRA, E-Government websites, Stock exchanges, Mobile banking and money transfer services which will be
having serious impact on the performance of government services and possibilities of hacking IDs from NADRA
servers and also can be used for any other terrorist activities. In addition, it will create a collapse or crash the
economics of Pakistan by hacking and after that controlling the stock exchange and financial services by adding
their own fake figures. It is therefore recommended that, viewing the present security situation the country,
design and implementation of cyber security policies are very crucial for the NADRA, E-Government and capital
markets services as well.
References
An Osterman Research White Paper 2015, How Spamhaus Cost-Effectively Eliminates Spam,Malware and
Botnet Threats, An Osterman Research White Paper.
CyberSecurity - Stanford, CA, USA 2014, 25 May 2014-last update, The Third ASE International Conference on
Cyber Security [Homepage of CyberSecurity - Stanford, CA, USA], [Online]. Available:
http://cybersecurity2014.scienceengineering.org/ [2014, December 25].
Department of Homeland Security 2014, October 28, 2014-last update, Phishing Campaign Linked with “Dyre”
Banking Malware [Homepage of US-CERT], [Online]. Available: https://www.us-cert.gov/ncas/alerts/TA14-
300A [2015, January 25].
Elmaghraby, A.S. & Losavio, M.M. 2014, "Cyber security challenges in Smart Cities: Safety, security and
privacy", Journal of Advanced Research, vol. 5, no. 4, pp. 491-497.
429
Jawad Awan and Shahzad Memon
Jang-Jaccard, J. & Nepal, S. 2014, "A survey of emerging threats in cybersecurity", Journal of Computer and
System Sciences, vol. 80, no. 5, pp. 973-993.
Javed Mirza 2013, Pakistan takes steps to protect itself from NSA-style cyber attacks, Thenews, Pakistan.
Paul Lewis, Julian Borger and Rory McCarthy Paul Levis, Dubai murder: fake identities, disguised faces and a
clinical assassination, 2010th edn, The Guardian, UK.
Peter Beaumont and Nick Hopkins 2012, US was 'key player in cyber-attacks on Iran's nuclear programme', The
Guardian, U.K.
PPF 2015, January 17, 2015-last update, Cyber bill introduced [Homepage of PPF], [Online]. Available:
http://www.pakistanpressfoundation.org/information-technology/79047/cyber-bill-introduced/ [2015,
January 25, 2015].
Pro Pakistani 2013, September 16, 2013-last update, Official Website of NADRA E-Sahulat Gets Hacked, User
Data Compromised [Homepage of Pro Pakistani], [Online]. Available:
http://propakistani.pk/2013/09/16/official-website-of-nadra-e-sahulat-gets-hacked-user-data-compromised
[2015, January 16].
Reddy, G.N. & Reddy, G. 2014, "A Study of Cyber Security Challenges and Its Emerging Trends on Latest
Technologies", arXiv preprint arXiv:1402.1842, .
Sebastian Bortnik 2012, Trends for 2013: astounding growth of mobile malware, WeliveSecurity:Security news,
views and insight from the ESET experts, ESET Latin America.
Ten, C., Manimaran, G. & Liu, C. 2010, "Cybersecurity for critical infrastructures: attack and defense modeling",
Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, vol. 40, no. 4, pp. 853-
865.
Threat Track Security 2014, December 12, 2014-last update, Spammers Accelerate Dyre Distribution
[Homepage of Threat Track Security], [Online]. Available: http://www.threattracksecurity.com/it-blog/
[2015, January12, 2015].
430