Govt Creates High-Level Cybersecurity Body to Assess Cyber Risks, Protect State Systems

The federal government has constituted a National Committee for Information and Communications Security (NCICS) to strengthen the security of critical information infrastructure and information systems amid growing cyber threats and risks to national security.

According to a notification issued by the Cabinet Division, hostile agencies continue to pose persistent threats to Pakistan’s communications and cyber networks through espionage, denial, and disruption. These risks necessitate an immediate assessment of vulnerabilities and the development of a robust and sustainable information security framework.

The committee will be chaired by the Secretary of the Ministry of Information Technology and Telecommunication (MoITT) and will include the Chairman of the Pakistan Telecommunication Authority (PTA), the Director General of the National Computer Emergency Response Team (NCERT), an additional secretary from the Establishment Division, a representative of the country’s premier intelligence agency, and the Secretary of the National Telecommunication and Information Security Board (NTISB), who will serve as the secretary of the committee. Authorized representatives from provincial governments, Gilgit-Baltistan, and Azad Jammu and Kashmir will also be members of the body.

In addition, co-opted members may include representatives from the Finance Division, the Ministry of Foreign Affairs, and other sectors or academia, as deemed necessary by the chairman to address specialised cybersecurity requirements.

The mandate of the NCICS includes assessing and monitoring the information systems of federal ministries, divisions, and organisations to identify vulnerabilities, conduct gap assessments, evaluate existing information security processes, and recommend risk-mitigation measures to enhance the overall security posture.

The committee has also been tasked with analysing completed cybersecurity and IT audits, undertaking gap assessments in critical sectors such as health, energy, civil aviation, and transportation, and formulating compliance mechanisms linked to organisational performance indicators. It will establish a Federal CERT under NCERT in line with the CERT Rules, 2023, with the option of integrating managed security service providers.

To ensure effective implementation, tier-down committees will be formed covering information security operations, human resource restructuring, financial planning, and the security of foreign missions. The Cabinet Division will serve as the secretariat of the NCICS, which will submit quarterly progress reports to the competent authority.