‘Fortifying Telecom Sector’: PTA unveils cyber security strategy 2023-2028

ISLAMABAD:  In a monumental stride towards ensuring the security and resilience of Pakistan’s rapidly evolving telecom sector, the Pakistan Telecommunication Authority (PTA) has officially launched its Cyber Security Strategy 2023-2028.

Aligned with the National Cyber Security Policy – 2021, this ambitious five-year plan is designed to fortify digital security in the country’s telecom landscape.

The National Telecom Cyber Security Strategy is an initiative to ensure the security and resilience of the telecom sector. It addresses the challenges posed by the increasing interconnectivity of telecom networks, the cyber threats they face, and the need to protect their data and customer information. The strategy focuses on areas, such as risk management and governance; cyber defense and incident response; research and development; and public-private partnerships.

It emphasizes the need for a comprehensive and integrated approach to cyber security across the telecom sector and lays out a framework for collaborative efforts to protect critical telecom infrastructure and services.

The strategy also identifies key challenges and opportunities for the sector and provides a roadmap for action to ensure the security of the telecom sector.

The strategy also outlines several initiatives and activities that will be undertaken to help protect the national critical infrastructure. These include enhancing public-private partnerships, investing in research and development, and developing a unified national framework for cyber security. The strategy also calls for increased public awareness and education to help people recognize, prevent, and respond to cyber threats.

The strategy is built on six foundational pillars, each targeting a specific aspect of cyber security, such as legal framework, cyber resilience, proactive monitoring and incident response, capacity building, cooperation and collaboration, and public awareness. Collectively, these pillars represent a holistic approach, ensuring a resilient and secure digital infrastructure across Pakistan’s telecom sector.

At its core, the strategy emphasizes a multi-stakeholder approach, fostering active collaboration between public and private sectors, regulatory bodies, telecom operators, private security firms, academia, and civil society. This inclusive strategy aims to create a united and comprehensive front against cyber threats.

According to PTA, following are the expectations from telecom companies to achieve the objectives of this strategy:

1. Telecom companies should ensure that all personnel are trained and educated on cyber security practices and procedures, especially on employees’ responsibilities to ward off insider threats.
2. Telecom companies should ensure that their networks and systems are compliant with PTA’s regulations, directives, and Cyber Security Framework.
3. Telecom companies are obligated to ensure consistent monitoring and timely updates of their networks and systems to mitigate the risk of cyberattacks.
4. Telecom companies must implement robust measures to protect customer data from unauthorized access. Prioritizing data privacy is essential to maintain trust among users.
5. Telecom companies should ensure that their systems are designed to detect and respond to cyber security incidents promptly.
6. Telecom companies should frequently assess their systems and networks to ensure that security flaws are identified and addressed. In this regard, they need to devise and practice a well-defined three tier audit process, culminating in validation by the PTA cyber security team. The operators should approach this effort positively, cooperating with external teams to improve their security posture.
7. Telecom companies should collaborate with other organizations within the industry and PTA in sharing relevant information about cyber security threats and incidents. Instead of hiding cyber incidences, we should be working on a mutual-trust model to fight this menace jointly.
8. Telecom companies should provide customers with information about cyber security threats and how to protect themselves from such threats.
9. Last but not least, telecom companies need to devise their long term (strategic i.e. 3-5 years), medium term (2-3 years), and short term (yearly) plans to achieve the objectives defined in this strategy.

PTA is dedicated to progressively enhance the cyber security posture of Pakistan’s telecom sector over the next five years. This initiative is not just a step forward in cybersecurity but it is also a leap towards a more digitally secure and resilient Pakistan. The strategy is available at https://pta.gov.pk/en/media-center/single-media/cyber-security-strategy-for-telecom-sector-2023-2028-121223.