The Cyber Governance Policy has officially been drafted. The aim of the draft is to realize the full potential of information and communication technologies for socio-economic development by assuring availability, confidentially and integrity of the critical infrastructure and information system, as well as providing reliable secured and resilient cyber-space for all.
The cyber governance policy is being formulated in consultation with all the relevant stakeholders and a draft on a cybersecurity framework has also been shared by the Law Enforcement Agencies.
The elements that are being considered for the Cyber Security Policy include: transparency in both policy-making and implementation; public trust—safety vs surveillance (civil liberties); practicality and manageability of structure; technical soundness, completeness and adequacy; balance between safety and development/growth/economic considerations; continued funding and sustainability; international compatibility (diplomatic connotations)
It is reported that all the above mentioned are to carefully considered through a tiered approach for cybersecurity structure for which institutional setups at the national and sectoral level will be proposed to the federal government.
The major blocks of the cyber governance/security policy draft include vision, scope, objectives, governance model, institutional structure and functions, standards, cross structure collaboration model and processes, risk assurance framework, capacity building, R7D and indigenization, Model for international collaboration, Awareness, and Legislative cover for the institutional model/operationalization of PECA 2016.
Furthermore, the government of Pakistan through the proposed draft cybersecurity policy is also considering the option of establishing a specialized and autonomous body for cybersecurity, under an appropriately high-level reporting mechanism.
Overall, the draft clearly lays out the roles and responsibilities of policy formulation on the subject. The compliance of user and organization is to be ensured through relevant sectoral CERTs/Cybersecurity apparatus across various sectors. Furthermore, legislative and regulatory requirements have also been spelled out by the federal government. The cyber governance policy draft is yet to be presented to the cyber governance policy committee after which they will consult the telecom industry as well as other cross-domain stakeholders. In the end, the draft will be presented in detail to the Senate and National Assembly Standing committees.
