Sustainable Development Policy Institute
 
 
Research Program
Search
Site Map
List of Publications
Resource Centre
Annual Reports
SD Conferences
Membership
Vacancies
Internship Program
SDPI in the Press
Project Websites
Online Bulletins
Information and Communications
Updated January 2007

54th Meeting of the Study Group on Information Technology and Telecommunications

Date: November 23, 2006
Chair: Dr. Ijaz Shafi Gilani
Coordinator: Brig (Retd) Mohammad Yasin

up Agenda
To discuss Cyber Criminology: Risks, Pakistan’s Present Capability to Counter, Policy Issues, Appropriateness of Legislation, Future Outlook.

Available technologies integrated with information superhighways now connect millions of computers. These technologies also facilitate economic espionage, support assault on the personal, corporate and global privacy and confidentiality. Organized gangs of cyber criminals are able to infiltrate information systems, manipulate data and block computer networks.

In the absence of comprehensive policies and appropriate legislation, hackers, cyberpunks, sniffers, computer terrorists and information warriors can inflict significant damage on individuals, corporations and countries.

Federal Investigating Agency (FIA) has done a good deal of work in acquiring the technology and the capacity to identify and counter cyber crimes. The Ministry of Information Technology and Telecommunication (MoIT) have drafted cyber laws which will be processed for parliamentary action. Unfortunately there is lack of awareness on the risks and remedies.

To discuss the above very important issues and offer policy advice to the relevant agencies, SDPI’s Study Group met on November 23, 2006. The following speakers gave presentations as mentioned against each and initiated the discussion:

Speakers

Topic

Barrister Zahid Usman Jamil
Jamil and Jamil Barristers-at-Law, Karachi

Policy Issues, Appropriateness of Legislation

Ammar Jaffri, Project Director, National Response Centre for Cyber Crimes, FIA

Cyber Criminology: Risks, Present Capability to Counter, Future Outlook

up Risks and present capability

  • The number of Internet users is growing very rapidly. Estimates show that in 2006, there are 3.5 billion users, 70 percent information is now digital and there are 750 billion pages on the web. This creates potent threats and vulnerabilities to cyber crime, especially against financial institutions and sensitive agencies.
  • The following are some of the factors that facilitate cyber crime:
    • Legacy of hired cyber criminals who specialize in this profession.
    • Unemployed IT professionals make money through this activity.
    • Owners of cyber cafes in Pakistan exploit the unemployed youth and give them free access to the Internet to prepare fake credit cards.
  • In Pakistan banks and government departments, lack secure systems and some that possess it are satisfied with outdated technology. Government websites are an easy target for the hackers.
  • Vrious agencies in Pakistan, use security systems in isolation. An integrated national plan is needed. In this regard public key infrastructure (PKI) can play an effective role.
  • A negligible number of software companies in Pakistan hold international certification. They also lack secure systems.
  • Regional and global cooperation in this field can reduce this menace.
  • There is no law in Pakistan which makes reporting cyber crimes mandatory.
  • When an organization’s system is hacked, international security standards fix responsibility on the senior management.
  • There is a dire need of creating awareness of the risks involved.

up National Response Centre for Cyber Crimes (NR3C) Established in FIA

The following are the main functions of NR3C:

  1. It is a reporting centre for all types of cyber crimes in the country. It provides necessary technical support to all sensitive government organizations to facilitate in making their systems secure.
  2. It provides timely warning of cyber threats to all concerned and advises on recovery techniques after the actual cyber attacks. For this purpose, it monitors global security and intelligence information. It also liaises with relevant national and international organizations.
  3. NR3C endeavors to remain current with technology through its R and D program and cooperation with friendly countries.
  4. It builds capacity of the government and other agencies in handling cyber crime and having secure systems.

up Policy issues, appropriateness of legislation

  • Post 2002 era (Electronic Transactions Ordinance 2002) saw the following positive developments:
    • Electronic documentation and records were recognized.
    • Electronic digital form of authentication and identification were given legal sanctity.
    • Messages through email, fax, mobile phones etc were recognized.
    • It positively impacted international trade and finance in Pakistan.
  • Draft Electronic Crimes Acts 2003 and 2004 lacked comprehensiveness and clarity.
  • For effective international coordination, the following set up should be established:
    • A global coordination centre
    • Regional coordination centres
    • National coordination centre
  • The Electronic Crime Bill 2006 is expected to be a significant improvement on previous acts. This bill should be opened up for public debate before it is tabled in the parliament.

up Discussion

There was a frank discussion on the subject in which the following useful points came out:

  1. International best practices and laws should be adopted.
  2. There should be close collaboration between public and private sector to control cyber crime and implement cyber crime laws.
  3. Some participants suggested the establishment of special courts to hear cyber crime cases, but majority was of the opinion that this would amount to a parallel judicial system. Instead all judges should make themselves aware of such crimes and of relevant laws.
  4. The government needs to be proactive in controlling cyber crimes and implementing laws.
  5. It is important to create secure backup/duplication of sensitive information and data.
  6. Technology and cyber security procedures should be standardized in Pakistan.
  7. Defence services need to have fool proof security system and must proactively build their capacity, acquire and master the technology.

up Recommendations of the Study Group

The Study Group, after in depth discussion, made the following recommendations for consideration by the government:

  • To curb ever rising cyber crime, a comprehensive policy on cyber security should be formulated and laws should be legislated.
  • National information security framework so formulated should include best practices/laws adopted by advanced countries and the UN.
  • The Federal Investigation Agency (FIA), presently dealing with cyber crime related issues should organize systematic awareness campaigns in collaboration with the Ministry of Information Technology and Telecommunications.
  • Capacity building programs for stakeholders, like government departments, banks, internet service providers, police and defence services should be planned and implemented.
  • Cyber crime being a global phenomenon, effective liaison and cooperation should be established with regional and international cyber security organizations.
  • Networks to share cyber security information between relevant organizations should be established. Arrangements like public key infrastructure and computer forensic need to be considered.
  • Reporting of cyber crime cases should be made mandatory.
  • Laws should be made to force internet service providers to retain customer information for a set period and on demand share it with FIA and police.
  • Draft Electronic Crime Bill 2006 prepared by the MoIT should be widely disseminated for stakeholders’ comments/feedback.

 

 
 

SDPI homepage | Top of this page

Copyright © 2003 SDPI - All Rights Reserved