Who is responsible for Cyber-Security?Posted: November 18, 2014
I recently met the federal minister of IT Ms Anusha Rehman. The minister was extremely courteous. Not only did her office return my telephone call immediately. In fact they traced me to where I was and put me through to the minister. The minister seemed genuinely interested in my research cyber-security. She listened to me patiently and wasn’t in a hurry to dispose me off. She was gracious to personally give me an appointment for the very next day. Before she ended the call, she asked me why I hadn’t contacted her earlier. I responded rather artlessly that I wanted to give her time before her government recovered from the dharnas in the capital city. “Things must go on irrespective of any political activity,” she asserted confidently. I must say I was impressed by her studied nonchalance in face of clear and dangerous political adversity.
The next day I was told to come an hour early because some unforeseen commitments had cropped up. Since I was informed only an hour in advance of the changed program, I had to drive rather fast and had to make an extra effort to skilfully negotiate through the broken road-scape of the once fair city of Islamabad. I was just in time at the IT Ministry located in the building of the Evacuee Property Trust next to the Marriott hotel. I was ushered into the minister’s well pointed office after a fifteen minutes delay because the meeting she was attending had ended later than planned. As I sat down, I noticed an incongruous pile of files on her table. To her credit during our conversation she would point out rather helplessly towards the files and state quite candidly that she hadn’t even been able to put her official mail online. It was a good indication to put my cyber optimism on hold.
To begin the proceedings, I presented my book Cyber CBMs between Pakistan and India to the minister and suggested the need for a cyber-security policy at the national level. The minister responded that “cyber-security hadn’t blipped on the government’s radar.” She also wasn’t “sure who was responsible to draft a cyber-policy.” She wondered whether it was actually the job of the ‘agencies,’ the JS headquarter, the ministry of defence or interior. I thought the policy should actually be made with inputs from concerned ministries but that it should be released from her office. She wasn’t convinced. In fact she thought it was time that she should disassociate herself from cyber policy making. She had more on her plate than usual, ranging from unproductive activity like procuring computers to finalising 3 and 4G policies. It was about time that she mused loudly that she set the definite perimeters to her mandate as the minister of IT.
Her position that she would adopt a hands off approach to cyber affairs startled me. I re-emphasised the urgency for the government to engage with these matters. Pakistan according to the Snowden revelations is the second most spied upon country in the world. I reminded the minister that the Indian Prime Minister Nirendra Modi had been offered big data exploitation tools during his September meeting with President Obama in the White House. I also highlighted that cyber-security was on the top of the agenda during Obama- Xi Jinpeng talks held in Beijing this month. I noticed that by this time during our meeting the minister’s interest in cyber matters had significantly waned and she had lost interest in my point of view. Mildly chastened, I begged my leave and wondered when would our government decide, who exactly was responsible to draft our cyber-security policy. Time is already running out as we are seized with masterly inaction.