The near-total inundation of society by digitisation has wide-reaching effects on various aspects of human activity and culture. The threat does not arise from computers but from states and non-state actors with hostile intent. Economic and critical infrastructure networks vulnerable to digital attacks are considered a threat to national security.
In 1991, the US used a computer virus known as AF/91 during the Gulf War against Iraq. It was able to disable the country’s air defence system. In 2005, a hacker with the alias ‘Titan Rain’ carried out a cyber-attack against the US. In 2007, Russia carried out a cyber-attack against Estonia, obtaining access to the country’s websites and various ministries and organizations. These examples highlight the varied and broad range of impact that cyber-attacks can have on nations. There are different categories and types of cyber-attacks. Some types of cyber-attacks are: Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks simply incapacitate networks by overloading them with overwhelming dummy activity, whereas other attacks such as Man-in-the-middle (MitM) attack, Phishing attacks, Drive-by-download attack, Password Attack, SQL Injection Attack, Cross-site scripting (XSS) attack, Eavesdropping attack, and Malware Attack can cause greater levels of damage from stealing critical information, taking entire networks offline or even destroying invaluable data.
Alex Stamos, Facebook’s former chief security officer, tweeted that ‘While it is rarely discussed publicly, India and Pakistan have been embroiled in continuous offensive cyber and information operations against each other for years. This might be a situation where that low-level invisible war becomes a destabilising factor.’ There have been multiple reports of both countries having their official government agency websites hacked and defaced, as well as documented instances of official information being stolen and put up for sale online. The Centre for Strategic and International Studies (CSIS) published a report, Economic Impact of Cybercrime – No Slowing Down, that concluded that losses due to cybercrime amounted to US $600 billion in just 2018 — a whopping 1 percent of global GDP. This does not touch upon the major threats in the security and defense domains due to the weaponisation of digital attacks.
Attacks on digital infrastructure pose a serious threat to Pakistan, which needs to able to properly address the increasing number of cyber-crimes. In Pakistan, there are about 194 million cellular network subscriptions and 124 million broadband internet users, which means that society relies on technology to a great extent in everyday life. According to the FIA (Federal Investigation Agency,) cases of cybercrime have consistently gone up over the years. Pakistani banks have expanded their operations from traditional in-person services to digitally enabled branchless banking, where ATM fraud has been steadily on the rise, as well as identity theft to perpetrate financial crime. Attention needs to be paid to non-traditional threats to national security. As the country’s reliance on technology increases, it is becoming increasingly vulnerable. Different types of cyber-crimes have been known to affect Pakistan’s communication systems.
There is also the issue of sophisticated spyware being deployed to infiltrate and compromise communications of critical importance and steal over 13 billion pieces of communications, completely shattering any notion of privacy in communication and online activity. This issue has raised serious concerns about Pakistan’s national security as compromised officials and organisations pose serious security risks. In this regard, Israel puches far above its weight in the realm of digital security and attacks. It spends a huge amount of resources and effort on its own cyber warfare capabilities, reaping benefits from it. Stuxnet — the first known cyberweapon — designed by Israeli and US intelligence, was able to infiltrate and hamper Iran’s nuclear programme. Isreal is currently ranked as one of the top five countries in the world when it comes to cyber warfare capability and has manufactured extremely powerful spyware that was sold to at least 14 countries, as per NSO group’s (the spyware manufacturers) response to questioning by a European Parliamentary committee investigating the matter.
Pakistan should sign the international treaties such as the Budapest Convention on Cybercrime to make its cyber defence stronger. These will help the country to develop its digital infrastructure and improve its defensive capabilities against digital attacks and tackle rampant cybercrime. To enforce the laws related to cybercrime, a bill called ETO (Electronic Transactions Ordinance) was passed in 2002 and then an electronic and cybercrime bill was passed in 2007 and the third set of laws passed in Pakistan pertaining to digital crimes was the Prevention of Electronic Crimes Act, 2016 (PECA). The government has also established a response cell named National Response for Cyber Crime in Pakistan. In addition, a dedicated effort was initiated to bolster cyber security and enhance cyber warfare capabilities under the aegis of the PAF with the setting up of the Cyber Security Academy, and the Cyber Centre of Excellence planned under the National Aerospace Science and Technology Park (NASTP) initiative. This future-oriented strategy will help Pakistan to develop robust digital infrastructure and capabilities that are resistant to cyber-attacks and disruptions and expand its technological reach.
Ujala Siddique is a researcher at the Centre for Aerospace and Security Studies (CASS), Lahore. She can be reached at firstname.lastname@example.org