Pakistan is upgrading its national cybersecurity system through the Digital Economy Enhancement Project (DEEP), a $77.73 million World Bank-supported initiative. The project aims to modernize and secure the country’s growing digital ecosystem.
Pakistan is moving to strengthen its digital defenses with the creation of a National Cybersecurity Authority, a federal body that will oversee the protection of the country’s most sensitive digital systems and respond to rising cyber threats.
The authority will have responsibility for recommending and enforcing security measures for critical digital infrastructure across Pakistan. This includes government databases, financial platforms, telecom networks, and key national institutions whose disruption could affect millions of people.
The Ministry of IT has already drafted a Cybersecurity Act and circulated it among relevant stakeholders for feedback. Work is also progressing on a National Cybersecurity Policy under the Digital Economy Enhancement Programme, signaling that the government wants cybersecurity to be treated as a core pillar of Pakistan’s digital transformation, not an afterthought.
The decision follows repeated cyberattacks and data breaches in recent years. In a briefing to the National Assembly, the IT ministry acknowledged that various “major incidents” had occurred. While details were withheld from the public due to sensitivity, the ministry admitted that Pakistan’s current systems are not fully equipped to cope with sophisticated threats.
Read more: Pakistan declares ‘Made in India’ mobile phones, devices major cybersecurity threat
One example was the attack on OGDCL, where hackers managed to penetrate the core data centre and delete 21 virtual servers. Operations were only restored after three days using the company’s disaster recovery setup. The incident exposed weaknesses such as limited monitoring tools, shortage of skilled staff, and weak oversight from senior management.
Establishment of Federal Cybersecurity Authority
A strong cybersecurity authority is not just a technical reform — it affects daily life:
• Education Sector:
As schools, colleges, and universities move more services online — from exam portals to student records — they become targets for hackers. A national authority can help set standards so that student data, exam systems, and e-learning platforms are properly secured. This builds trust in digital education, especially as online learning becomes more common.
• Economy and Businesses:
Cyberattacks on banks, e-commerce platforms, fintech apps, and industry databases can cause huge financial losses and shake investor confidence. By enforcing better protection and faster incident response, the new authority can make Pakistan a safer place for digital business, encouraging local startups and reassuring foreign investors that their data and transactions are secure.
• Public Services and Identity:
The government has already declared data of Nadra, FBR, telecom operators and other key institutions as critical digital infrastructure. Plans are underway to extend this status to immigration and passport systems.
Read more: Information Technology made compulsory subject for students from grade 6
Protecting these databases means protecting
- Citizens’ identity
- Tax records
- SIM registrations
- Travel documents from misuse and theft
Until the new authority is fully functional, cyber incident coordination is being handled by the CERT Council, which includes 14 public and private institutions.
But with threats growing in scale and sophistication, the shift toward a dedicated National Cybersecurity Authority signals a recognition that Pakistan’s digital future depends not just on connectivity and innovation — but also on safety, resilience, and trust in the systems people rely on every day.