Pakistan finalises national cybersecurity framework to protect government digital infrastructure
Muhammad Naeem:
Islamabad: Pakistan has finalised a new Information Security Framework aimed at strengthening the cybersecurity of government institutions and protecting official digital infrastructure from cyberattacks, data breaches and other online threats.
The framework, prepared by the National CERT, will come into effect after formal approval and will introduce uniform cybersecurity standards for federal and provincial government departments.
Under the proposed measures, government websites and applications currently hosted abroad will gradually be shifted to data centres in Pakistan to improve security, oversight and digital sovereignty. The framework also requires cloud service providers and government data centres to adopt stronger security controls.
Government institutions will be required to deploy modern firewalls, establish security operations centres, implement continuous threat monitoring and maintain backup power systems to ensure uninterrupted protection of critical digital services.
The policy also strengthens the security of official email systems through mandatory safeguards against phishing, spam and malware, while introducing stricter access controls for government social media accounts to prevent unauthorized use.
In addition, every federal and provincial institution will be required to establish a dedicated cybersecurity unit, allocate budgets for cyber protection, conduct regular employee training and carry out annual security audits.
The framework also makes it mandatory for government organisations to immediately report major cybersecurity incidents and data breaches to the relevant national authority, enabling faster investigation and response.
Officials say the new framework will provide a unified approach to securing Pakistan’s public-sector digital infrastructure and enhance the country’s ability to detect, prevent and respond to evolving cyber threats.