Pakistan is preparing to form a federal Cybersecurity Authority to strengthen national digital security and protect critical systems. The decision comes at a time when cyberattacks are increasing and national institutions face growing vulnerabilities. The move aims to improve coordination, enhance digital resilience, and introduce stronger cybersecurity governance across the country.
Cybersecurity Authority to Strengthen National Protection
The new authority will propose security measures for critical national infrastructure. It will also oversee implementation of cybersecurity initiatives at the federal level. This step aims to reduce risks and improve Pakistan’s response to evolving digital threats.
The Ministry of Information Technology has completed the initial draft of the Cybersecurity Act. The draft has been shared with stakeholders for review and consultation. This process will help develop a stronger, more inclusive framework.
National Cybersecurity Policy Already in Motion
The National Cybersecurity Policy serves as the foundation for Pakistan’s digital protection strategy. Work on its implementation continues under the Digital Economy Enhancement Programme. The policy introduces guidelines for safeguarding public systems, securing data flows, and improving institutional readiness.
The government recognises the need for urgent upgrades as cyber threats continue to grow. That acknowledgment has shaped the current push for a dedicated cybersecurity institution.
Rising Cyber Threats and Institutional Weaknesses
Recent years have brought several cyberattacks and data breaches targeting key national organisations. The Ministry of IT previously confirmed that Pakistan has experienced major cyber incidents. Due to the sensitive nature of these breaches, full details were shared only in restricted briefings.
The ministry noted several challenges that hinder effective cyber defence. These challenges include limited technical expertise, weak monitoring systems, and a lack of dedicated cybersecurity personnel. Many cyber incidents remain undetected or unreported because institutions lack proper mechanisms.
Recent Cybersecurity Breaches Highlight Systemic Gaps
Several major breaches underline the need for stronger cybersecurity governance. One significant incident involved the Oil and Gas Development Company Limited. Attackers gained access to the core data centre infrastructure and deleted multiple virtual servers. The system was restored after a three-day recovery effort from the disaster recovery site.
The ministry identified key issues contributing to such breaches. These include insufficient funding, inadequate governance structures, and limited cyber-specific human resources. The gaps in oversight and management commitment further increase risks.
Protecting Critical Digital Infrastructure
Progress continues on Secure Data Exchange Layer and digital identity projects. Key databases from Nadra, the Federal Board of Revenue, and the telecom sector are now classified as critical digital infrastructure. Their protection has become a government priority due to rising risks.
The process of declaring Immigration and Passports systems as critical infrastructure is also underway. These steps aim to safeguard important national records and identity data.
CERT Council Continues Until the Authority Is Formed
Until the Cybersecurity Authority is fully established, the CERT Council remains Pakistan’s main coordination platform for cyber incidents. The council includes 14 public and private institutions and focuses on incident response and cooperation. Its role is vital as government bodies continue to face ongoing digital threats.
Pakistan Information Security Framework 2025 in Progress
Work is advancing on the Pakistan Information Security Framework 2025. This framework will guide organisations in managing cyber risks, improving digital resilience, and aligning with global standards. It will support institutions as they prepare for stronger national regulations and oversight.
A Crucial Step for Digital Security
The plan to create a federal Cybersecurity Authority marks an important shift in Pakistan’s digital governance. With rising cyber threats, the new institution will help strengthen defences, improve coordination, and protect critical information systems. The ongoing consultations and policy updates show that Pakistan is moving toward a more structured and resilient cybersecurity framework.
