Who is responsible for Cyber-Security?

Featured image

I recently met the federal minister of IT Ms Anusha Rehman. The minister was extremely courteous. Not only did her office return my telephone call immediately. In fact they traced me to where I was and put me through to the minister. The minister seemed genuinely interested in my research cyber-security. She listened to me patiently and wasn’t in a hurry to dispose me off. She was gracious to personally give me an appointment for the very next day. Before she ended the call, she asked me why I hadn’t contacted her earlier. I responded rather artlessly that I wanted to give her time before her government recovered from the dharnas in the capital city. “Things must go on irrespective of any political activity,” she asserted confidently. I must say I was impressed by her studied nonchalance in face of clear and dangerous political adversity.

The next day I was told to come an hour early because some unforeseen commitments had cropped up. Since I was informed only an hour in advance of the changed program, I had to drive rather fast and had to make an extra effort to skilfully negotiate through the broken road-scape of the once fair city of Islamabad. I was just in time at the IT Ministry located in the building of the Evacuee Property Trust next to the Marriott hotel. I was ushered into the minister’s well pointed office after a fifteen minutes delay because the meeting she was attending had ended later than planned. As I sat down, I noticed an incongruous pile of files on her table. To her credit during our conversation she would point out rather helplessly towards the files and state quite candidly that she hadn’t even been able to put her official mail online. It was a good indication to put my cyber optimism on hold.

To begin the proceedings, I presented my book Cyber CBMs between Pakistan and India to the minister and suggested the need for a cyber-security policy at the national level. The minister responded that “cyber-security hadn’t blipped on the government’s radar.” She also wasn’t “sure who was responsible to draft a cyber-policy.” She wondered whether it was actually the job of the ‘agencies,’ the JS headquarter, the ministry of defence or interior. I thought the policy should actually be made with inputs from concerned ministries but that it should be released from her office. She wasn’t convinced. In fact she thought it was time that she should disassociate herself from cyber policy making. She had more on her plate than usual, ranging from unproductive activity like procuring computers to finalising 3 and 4G policies. It was about time that she mused loudly that she set the definite perimeters to her mandate as the minister of IT.

Her position that she would adopt a hands off approach to cyber affairs startled me. I re-emphasised the urgency for the government to engage with these matters. Pakistan according to the Snowden revelations is the second most spied upon country in the world. I reminded the minister that the Indian Prime Minister Nirendra Modi had been offered big data exploitation tools during his September meeting with President Obama in the White House. I also highlighted that cyber-security was on the top of the agenda during Obama- Xi Jinpeng talks held in Beijing this month. I noticed that by this time during our meeting the minister’s interest in cyber matters had significantly waned and she had lost interest in my point of view. Mildly chastened, I begged my leave and wondered when would our government decide, who exactly was responsible to draft our cyber-security policy. Time is already running out as we are seized with masterly inaction.


National Cyber Security Policy of Pakistan

Policies are important. These give directions to all matters of national importance. Lack of state policies reflect an absence of aim and direction. Nothing can be more disconcerting than a non-existent national cyber policy.
The digital revolution and the pervasiveness of the Internet has not only made communication fast, it has also increased manifold the risk of cyber attacks. It is perhaps a sign of times that cyber warfare is now recognized as an existential threat to nations. In the US policy makers talk of the possibility of a cyber pearl harbor and an extreme response to such an attack. Like all other digitally linked countries, Pakistan is vulnerable to malicious cyber activity. According to the Snowden revelations of 2013, Pakistan is the second most spied country in the world. This may or may not be the most accurate description of how precarious Pakistan is on the digital front.
Unfortunately Pakistan has no national cyber policy. The only area that has merited attention so far has been cyber crime. The Federal Intelligence Agency (FIA) has a designated body the National Response Center for Cyber Crime (NR3C) that is responsible to investigate electronic crime. The activity of this unit is hampered because of insufficient legislation to persecute digital criminals. The only existing piece of cyber legislation, the Prevention and Control of Cyber Crimes Ordinance (PECO), lapsed in 2009. The Electronic Documents and Prevention of Cybercrimes Act, 2014 is pending before the parliament. Compared to this Indian IT Act was promulgated in 2008. The Indians also have a national Computer Emergency Response Team (CERT) to respond to computer related emergencies. Pakistan regretfully has none. The Indians have copied the American model by creating the office of the cyber security coordinator. In the US, the cyber security coordinator reports directly to the President. The Department of the Homeland Security (DHS) is responsible for cyber security in the US. Critical infrastructure is of primary interest in the US and other advanced nations. A number of cyber policies have been prepared and released for public consumption in the US. The Presidential Policy Directive 20 (PPD-20) provides the framework for national cybersecurity by establishing principles and processes. Other documents include National Security Presidential Directive (NSPD)-54/Homeland Security Presidential Directive (HSPD) 23. The policy directives on cyber security of critical infrastructure are covered by the Executive Order (EO) 13636 Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and Resilience.
Billions of dollars are spent on cyber security in the US. The National Security Agency (NSA) and the national Cyber Command (Cybercom)are responsible for the offensive and defensive aspects of cyber security of USA. Pakistan needs to do a lot of work to put its cyber house in order and it will have to begin by scripting policies on national cyber security policy.


Canada in Fall

canadian fallCanada in autumn or fall as the North Americans like to call it is a very beautiful place. I spent ten days of October in Mississauga, Toronto and made a number of interesting observations. The leaves had turned yellow and red of the most vibrant hues. It was as if the Almighty Himself had used the most lavish paint strokes to give the entire place a surreal quality. One of the most amazing experiences were walks in the woods, where the country’s national symbol, the maple leaf, strewn in the walkways swished under the feet to break the eerie silence of the canopied woodlands.

Just before I was leaving for Canada, there was a terrorist attack, which had left two soldiers dead. The killers were recent converts to Islam with criminal history. I knew that this would give the press enough ammunition to blast Islam and its adherents. Mercifully, nobody checked me for my Muslim identity or my Pakistani nationality. Instead the lady at the immigration asked me if I had traveled to West Africa and if I had come in contact with anybody suffering from Ebola. I reassured her that it was not the case and she smiled and let me pass.  The national press was not so condescending. A debate raged on whether terrorism should be condemned out rightly or with reservations.  The funeral of the two servicemen, a corporal and a warrant officer was celebrated with a great deal of fanfare and entire pages were devoted to patriotic fervor and the fallen soldiers were lionized as heroes. Another news item that made headlines during this time was about a CBC anchor Jian Ghomeshi, an Iranian, who had sexually abused a number of women apparently against their consent. The publicity given to the errant person was out of proportion to what he deserved. My niece disagreed. Her point of view was that a person exploiting female rights must be thoroughly exposed and criticized. I thought that the sordid details that were being repeated ad nauseum in the news reports could best be avoided. Canadians like most advanced western countries champion human rights. I visited the University of Waterloo to meet a professor, who is the director of the peace and conflict studies. He proudly showed me around and informed me that recently anointed Nobel Laureate Malala’s father Ziauddin Yusofzai had been invited to deliver a lecture in the town hall. Malala has been bestowed the honorary citizenship of Canada and she is a celebrity. “Why don’t you like her?” my North American siblings asked me. “I do but I can’t force the average Pakistani to appreciate her from the West’s point of view” was my feeble response.

While Pakistanis imitate traditional customs in weddings in Canada with full gusto and enthusiasm, the contradictions within the diaspora are enormous. The first generation sits glued to the Pakistani TV channels believing everything been shown by them to garner cheap popularity ratings and feeling both relieved and sorry that the country they had left behind is in such a mess. Their children on the other hand have severed all links with Pakistan. They are not concerned of what happens there. What alarms the parents the most is that the children question the very belief system that they hold dear. They speak think and converse in English like any young Canadian kid. One day the conversation centered round the difference between ‘specially’ and ‘especially.’ On a whim I asked a niece what was the word for it in Urdu. I thought there was a fairly straightforward answer. Pat came the reply, “What do you call a phone in Urdu.” Implying thereby that there was no word for it in Urdu and therefore an English word had to be used. Thereafter this became the standard reply for all inexplicable things #whatdoyoucallaphoneinurdu. Other contradictions were visible in the celebration of Halloween. 21st of October is the annual event, when houses were adorned with scary figures, ghosts, ghouls and pumpkin cutouts are used as jack o’ lanterns. The imam in the Friday sermon declared the event a pagan celebration but this certainly did not deter the Muslim children join with others to dress up in costumes and to ring doorbells of neighbors to ask for candies. The first generation of fresh of the boat (FOB) elders just fretted and recited astaghfar as the kids reveled in Rome as the Romans.

As my ten days came to an end in Canada, I boarded the PIA flight from Toronto to Islamabad for an approximately 14 hours long trans-Atlantic flight back home. I mused at the success of my countrymen, who had made Canada their home. They had indeed found heaven on earth and escaped the dust and flies and rampant corruption of our motherland. They are now the citizens of the first world. They have a passport that can take them anywhere without visa hassles and frustrations of being part of a country that breeds terrorism. Happy for them I struggled with the inflight entertainment system that refused to function and the reading lights that did not turn on, despite repeated effort, I tried to go to sleep and hoped that I would wake up in the proverbial naya Pakistan, one of whose proponents has since returned to Canada to rest and recuperate and enjoy the benefits of a welfare state.

Canada in fall is beautiful and Pakistan in its fall can be precarious for the Pakistanis.