On March 25, Pakistan’s National Computer Emergency Response Team (National CERT) issued a critical cybersecurity advisory, highlighting the potential for hostile actors to exploit supply chain vulnerabilities to target essential national infrastructure, including the power, banking, and defence sectors. The advisory called for immediate system-wide audits and the implementation of stricter cybersecurity measures.
The advisory comes in response to reports of suspicious foreign software discovered in the Islamabad Safe City project, which has led to heightened scrutiny of national infrastructure systems. National CERT mandated that software testing must be completed within one week and hardware inspections within two weeks. The directive emphasizes the need for stringent monitoring of vendors, logistics systems, and supply chains to identify potential vulnerabilities.
According to the advisory, minor lapses in hardware or software procurement or delivery could lead to significant system failures. The alert stresses that global supply chains are increasingly targeted for cyber sabotage and espionage. Institutions were urged to isolate compromised hardware, keep evidence and blacklist vendors in the instance of suspicious activity. It cautioned to remain vigilant against unverified software updates that could introduce hidden backdoors into critical systems.
The advisory also pointed out the dangers of depending on single suppliers, which could lead to systemic vulnerabilities. A breach in one entity might disrupt entire sectors, such as the national power grid or banking network. To counter such risks, organisations have been directed to adopt zero-trust security models, implement tamper-proof mechanisms for transporting sensitive equipment, and promptly report any unusual network traffic or software behaviour.
In addition to these protective measures, the federal government activated a national threat intelligence-sharing system connecting National CERT with the Pakistan Telecommunication Authority (PTA) and the Pakistan Army’s cyber division. This system, based on the Malware Information Sharing Platform (MISP), facilitates real-time detection and coordinated responses to cyber threats, thereby enhancing national cyber defence capabilities.
The advisory concluded by underscoring the urgent need for strengthened cybersecurity frameworks as Pakistan’s digital infrastructure continues to grow and integrate across multiple sectors. The recent cyberattacks targeting Pakistani media and the Pak-Sat satellite, which disrupted television transmissions, further spotlight the critical need for robust cybersecurity measures.
