Pakistan’s national cybersecurity infrastructure has moved from a legislative framework to a fully operational system — monitoring thousands of government websites, issuing real-time threat alerts, and defending national digital assets 24 hours a day.
The primary objective of CERT teams at both the national and sectoral levels is to enhance Pakistan’s overall cybersecurity posture and resilience. CERTs are responsible for protecting against, detecting, and responding to cybersecurity incidents, and will enhance the country’s capacity to manage cybersecurity incidents.
The system is now live. And it is being tested more intensely than ever.
What Pakistan’s CERT System Is and Why It Was Built
The Government of Pakistan promulgated the Computer Emergency Response Team Rules for the creation of computer emergency response teams at the national, provincial, and sectoral levels to respond to threats, protect government data, and safeguard data of private citizens being handled by the government.
The Federal Cabinet approved the Cyber Emergency Response Teams (CERTs) Rule 2023 on July 17, 2023. The Ministry of Information Technology and Telecommunication officially notified the CERT Rules on October 13, 2023.
Six months later, the National CERT was formally constituted. 1The government of Pakistan announced the formation of the country’s first National Cyber Emergency Response Team (CERT) on March 11, 2024.
The Three-Tier CERT Structure
A comprehensive, three-tier approach to cybersecurity has been introduced, encompassing National, Sectoral, and Organizational Computer Emergency Response Teams (CERTs).
National Level: PKCERT / NCERT
Pakistan’s Government formalized the establishment of the National Computer Emergency Response Team (nCERT). The Ministry of IT and Telecom issued a notification converting the PSDP project “Cyber Security for Digital Pakistan” into the nCERT. The nCERT’s role is pivotal in safeguarding digital assets, sensitive information, and critical infrastructure, spanning detection, prevention, and response to cyber threats. Additionally, it aims to promote cybersecurity awareness, conduct research and development, and implement robust policies to protect the nation’s digital landscape.
Sectoral Level: Banking, Telecom, Defence, and Power
Sectoral CERTs cover regulators and CERTs including, but not limited to, Defence, Telecom, Banking, Finance, Power, and the Public sector.
These entities are expected to handle cybersecurity incidents within their respective regulated industries, provide sector-specific threat intelligence, and interface with the National CERT for cross-sector incidents.
Organizational Level: Enterprise and Departmental CERTs
The government of Pakistan approved CERT rules in 2023 which provide a legislative umbrella to handle ever-emerging cybersecurity risks and vulnerabilities at the national, sectoral, and organizational levels by laying out a working mechanism in the form of technical support, operational facilities, and capacity-building services.
The CERT Council: Coordination Across Tiers
The establishment of a CERT Council facilitates coordination between these teams, allowing them to collaboratively address emerging cyber risks. The roles of various CERTs, including Government CERT, Critical Infrastructure CERT, and Provincial CERTs, are explicitly defined within the CERT Rules to ensure clarity in their operations. Until the new national authority is formally established, the CERT Council — comprising 14 public and private sector organisations — continues to function as the primary body for coordinating cyberattack responses and improving national readiness.
The Legal Framework: PECA 2016, CERT Rules 2023, and Cybersecurity Act 2025
The CERT system draws its authority from three legal instruments.
First, the Prevention of Electronic Crimes Act (PECA) 2016 gave the government power to establish cybersecurity bodies. As per the approved CERT rules, the National Security Operations Centre will also be established to facilitate the practical implementation of these regulations.
Second, the CERT Rules 2023 formally created the multi-tier architecture. Third — and most significantly — Pakistan has passed the Cybersecurity Act 2025, establishing a nationwide cyber-defence framework to protect critical digital infrastructure. As part of the broader digital push under the Digital Economy Enhancement Project (DEEP), the Act seeks to support secure digital public infrastructure, cloud-first security frameworks, and identity-management systems.
The National Cybersecurity Authority: A New Apex Body
The Cybersecurity Act 2025 creates a body that sits above the existing CERT structure. The Act will lead to the establishment of the National Cybersecurity Authority (NCA). The authority will spearhead nationwide threat intelligence, incident response, and strategic security coordination. The Act will establish the National Cybersecurity Authority to lead nationwide incident response and threat intelligence, while expansion of the Pakistan Computer Emergency Response Team (PKCERT) and the development of secure digital public infrastructure under DEEP will further strengthen national cyber resilience.
The proposed authority will be responsible for recommending cybersecurity protocols for critical national infrastructure and implementing cybersecurity initiatives across Pakistan. The Ministry of Information Technology and Telecommunications has already drafted the initial Cybersecurity Act and circulated it among stakeholders for consultation.
Operations Update: What PKCERT Is Doing in 2026
24/7 National Cybersecurity Control Room
The Government of Pakistan’s National Cyber Emergency Response Team (nCERT) established a 24/7 National Cybersecurity Control Room at its headquarters in response to a heightened cyber threat environment. Key stakeholders including the Ministry of IT, PTA, NITB, NTC, and provincial IT boards have been directed to nominate focal persons. Dr. Muhammad Yousaf, Director CERT, and Dr. Mujahid Shah, Assistant Director (Incident Management), have been appointed as focal persons for national-level coordination.
1,527 Government Websites Under Surveillance
The monitoring system was developed locally by the National CERT Directorate. Pakistan’s cybersecurity infrastructure has historically relied heavily on foreign tools and platforms. A locally built monitoring system means the underlying architecture, data handling, and alert mechanisms remain within Pakistani institutional control.
The **1,527 websites** now under surveillance represent a substantial share of Pakistan’s official digital presence. Critically, the system does not simply log threats for later review. It issues automated alerts to the relevant institutions in real time, allowing for immediate protective action before an incident escalates into a full breach or extended outage.
300-Website Security Audit Underway
The National CERT launched a nationwide security assessment to identify vulnerabilities in government web systems and reduce the risk of cyberattacks or data breaches. Officials noted that the audit may also uncover outdated systems, weak passwords, and improperly secured databases on some websites. Recommendations have been issued to address these gaps, improve backup systems, and upgrade vulnerable servers. In some cases, authorities may temporarily shut down or upgrade certain websites after the audit is completed to ensure stronger protection against future cyberattacks.
Cyber Warfare Lab: Simulating Real Attacks
NCERT announced plans to establish a Cyber Operations and Defense Emulation Lab under the broader “Cyber Security for Digital Pakistan” project. The initiative, being undertaken in collaboration with the Ministry of Information Technology and Telecommunication, is aimed at improving national preparedness against emerging cyber threats across public, private, and defence sector organizations.
The key development is the creation of a dedicated lab that will simulate advanced cyberattacks, allowing institutions to test their response systems and improve defence strategies in a controlled environment.
The Threat Landscape: What CERT Is Defending Against
The numbers tell the story clearly. Pakistan recorded **410 cybersecurity incidents** in 2024 and **517 in 2025** — a year-on-year increase of more than 25 percent. In the first three months of 2026 alone, 98 incidents have already been documented, with government institutions at every level among the primary targets.
Provincial governments have been particularly exposed, facing 32 attacks in the first quarter of 2026 and 137 attacks across all of 2025. The federal government recorded 111 attacks in 2025, more than double the 47 recorded in 2024. Website defacement — where attackers replace official content with their own — has been one of the most frequently reported incident types, accounting for **42 of the 98** cyber incidents recorded in the first quarter of 2026 alone.
Script injection attacks and data leaks are also within the system’s detection scope. PKCERT issued 53 cybersecurity advisories in 2025. These advisories mainly focused on malware, zero-day vulnerabilities, phishing, and credential theft, along with public awareness alerts on social media threats and cyber hygiene.
Pakistan Information Security Framework: Registering Security Professionals
The National Computer Emergency Response Team (NCERT) has introduced a structured set of criteria for registering cybersecurity professionals who will provide consultancy and audit readiness services under the Pakistan Information Security Framework (PISF). The move is aimed at strengthening the cybersecurity posture of organisations across Pakistan by ensuring compliance with security standards.
Under the new framework, registered consultants will operate across three major domains: IT security, Operational Technology (OT) security, and cloud security. Consultants will be categorized into four tiers: Expert, Senior, Junior, and domain-specific specialists. NCERT also plans to introduce a competency-based evaluation test to further verify the technical skills of registered consultants.
ITU Tier-1 Ranking: Pakistan’s Global Cybersecurity Standing
Pakistan achieved a **Tier-1** ranking in the ITU Global Cybersecurity Index as a reflection of the collective commitment of the government, academia, and youth toward building a secure digital future. Pakistan highlighted its Tier-1 ranking in the ITU Global Cybersecurity Index as evidence of strong collaboration between government, academia, and industry. The country is advancing toward AI-driven cybersecurity, dark-web monitoring, and modern cloud security under its Cloud-First Policy.
Marqa-e-Haq: The CERT System’s First Live Test
Pakistan’s CERT infrastructure was put to its most serious test during the 2025 India–Pakistan conflict known as Marqa-e-Haq. The minister highlighted Pakistan’s cyber defence capabilities, saying government and military systems remained secure during last year’s war with India despite sustained cyber warfare attempts. Multiple institutions, including the IT ministry, the National Telecommunication Corporation, national cybersecurity teams and the armed forces’ cyber command structures, worked together to defend critical systems.
The minister called Marqa-e-Haq a defining moment in which the armed forces, national institutions, and cyber experts stood united with remarkable resilience. Pakistan’s effective and coordinated cyber warfare response during this period demonstrated exceptional national strength and technological capability, adding that Marqa-e-Haq proved the cyber domain is the first line of defence in the modern era.
In April 2026, with the first anniversary approaching, Pakistan’s National Computer Emergency Response Team (NCERT) issued a strict cybersecurity alert on April 23 — directing all ministries to patch systems, enable multi-factor authentication, and coordinate immediately with NCERT on any anomalies detected.
Pakistan’s CERT system is no longer a policy document. It is an active, tested, and expanding national defence capability — and the institutions that depend on it are increasingly aware that in the modern era, the first battles are fought not on the ground but in the network.