CYBER SECURE PAKISTAN 2019 REPORT

WHO ARE WE?

Cyber Secure Pakistan is a movement to secure Pakistan on cyber fronts for smooth
functioning of our society and economy. It's an open dialogue building platform to bridge gaps
between state and society, policy makers and enablers, and gurus and geeks. There are tech-
talks, focused panel discussions and a lot of networking opportunity for everyone having the
related stake.

It was started in 2009 with the Theme of “Cyber Secure Pakistan” than each next Edition was
subject to a specific theme from “Securing Cyber Frontiers of Pakistan (2012 & 2013)” to
“Multi-Stakeholders Collaboration (2014 & 2015)” to “Cyber Security for Sustainable
Development of Pakistan (2018)”. In 2019 7th Edition of Cyber Secure Pakistan was launched
on March 12, 2019 at National Library of Pakistan Islamabad with the theme of “CyberCrime
vs CyberSecurity – A dialogue to clear the blur.”

President’s Message:

“A successful 7th Edition of

this Project is a major
milestone within
information security
landscape of Pakistan. I
perceive that very purpose
of PISA i.e. national
legislation on cyber
security and establishment
of CERT are so closer than
before.”

Ammar Jaffri

President – Pakistan Information Security Association (PISA)

2
 CYBER SECURE PAKISTAN 2019 REPORT

Premise of the 7th Edition:

On July 8, 2013, a Policy Seminar was conducted by Senate Committee on Defense and
Defense Production at PIPS Auditorium on topic of “Defending Pakistan through Cyber
Security Strategy”. As a take away of that Seminar, a Cyber Security Task Force was formed
to initiate the legislative work to draft national level Cyber Security Law, Cyber Security
Strategy and Cyber Security Policy.

During the tenure of almost one year the Cyber Security Task Force had many brain storming
sessions and focused meetings at location of different stakeholders to achieve milestones. To
serve the purpose 04 committees were formed:
1. Committee to Draft National Cyber Security Law
2. Committee for Preparation of National Cyber Security Strategy and Policy
3. Committee for Formation of PK-CERT
4. Committee for Awareness Campaign

05 Seminars were conducted to make this whole process inclusive and agile in:
1. PIPS Auditorium, Islamabad
2. Higher Education Commission, Islamabad
3. LUMS, Lahore
4. CASE Islamabad
5. IBA Karachi

Subject specialists, industry leaders and representatives from public, private and community
service organizations were part of Cyber Security Task Force. Few names of organizations,
departments and institutions are stated below:
Pakistan Information Security Senate of Pakistan Prime Minister Office*
Association (PISA)
Pakistan Software House Ministry of Information Higher Education Commission
Association (P@SHA) technology & Telecom (HEC)
(MOIT&T)
Internet Society (ISOC) Ministry of Foreign Affairs Institute of Business
(MOFA) Administration (IBA)
Computer Society of Pakistan Ministry of Interior* National University of Science
(CSP) and Technology (NUST)
Cyber Law Society of Pakistan Ministry of Law Riphah International University
Internet Service Providers Ministry of Defense Lahore University of
Association of Pakistan Management Sciences (LUMS)
Interactive Communication Federal Investigation Agency Center for Advance Studies in
(FIA) Engineering (CASE)
Zarai Taraqiati Bank Limited General Head Quarter (GHQ)* Sarhad University of
(ZTBL) Information Technology (SUIT)
PSEB Strategic Planning Division COMSATS
(SPD)

3
 CYBER SECURE PAKISTAN 2019 REPORT

NADRA Supreme Court of Pakistan Kahuta Research Laboratories

(SCP)

Other than representatives from these organizations, departments and institutions many subject
specialists were part of the Task Force:

1. Bar. Zahid Jameel (J & J)

2. Badar Khushnood (Google)
3. Wahaj Siraj (Nayatel)

*These departments were represented by related law enforcement agencies.

Current Status:
After achieving milestones and drafting National Cyber Security Law, National Cyber Security
Policy and National Cyber Security Strategy, Cyber Security Task Force presented the whole
work to Senate Committee on Defense and Defense Production. The Committee introduced
the bill into Senate of Pakistan and current status of the Bill is “Pending”. Link of the Bill is:
http://www.senate.gov.pk/uploads/documents/1397624997_197.pdf

After implementation of PECA 2016, few segments in policy makers, bureaucracy and
technical community have made up their mind that now we don’t need a separate cyber
security law or CERT. There may be one of these two reasons of this matter:
1. Either lack of understanding of both concepts those are entirely different in basics; or
2. They understand that PECA is also covering the affairs of national cyber security so we don’t
need a separate legislation.

In both cases, there’s a “blur” that needs to been cleared out within technical community,
bureaucracy and policy makers. We, Team Cyber Secure Pakistan, are making this effort to
pave a clear way to secure our national digital boundaries thru dialogue, consensus and
mutual collaboration.

4
 CYBER SECURE PAKISTAN 2019 REPORT

Cyber Secure Pakistan – 2019 – Islamabad Episode

The Conference was held on March 12, 2019 at National Library of Pakistan, Islamabad to
discuss cyber security issues and future ahead to formulate a cyber-policy in combating cyber-
crimes and role of stakeholders and policy makers.

Mr. Wahaj-us-Siraj recited verses of Holy Quran and session was formally begun. Chairman
Crime Stopper Pakistan Syed Kamal Shah talked about the Chemistry of Crime and Role of
Society at large. Mr. Mujeeb ur Rahman Additional Director General, FIA described the
operational role of his department in this cyber age.

Mr. Ammar Jaffri, Chairman Cyber Security Task Force, welcomed the dignitaries and
presented the opening remarks on inaugural session and shared the idea behind CSP, its
inception, and how this idea was generated ten years back in the year 2004. Mr. Jaffri told
the audience about the on-going initiatives of CSP in Pakistan. Mr. Ammar Jaffri, described
and explained the cyber security challenges in Pakistan due to which theft cases of cyber
assets and public privacy are increasing. Mr. Ilker AKIN, Regional Manager APAC – HAVELSAN
Turkey discussed “Emerging Cyber Space Threats in 2018-19. He also discussed about the role
and work performed by HAVELSAN within Turkey and Region.

Panel Discussions:
Two engaging panel discussions were hosted during the Conference:
1. CyberCrime vs CyberSecurity – A dialogue to clear the blur.
In this Panel Discussion, current and latest cybercrime threats were discussed vis-a-vis
application of PECA2016. With all this reference need of national level cyber security
law were identified and then highlighted with regard to the holistic work by Cyber
Security Task Force during 2013-14. Discussion was concluded on single point to not
confuse the importance of a separate cyber security law after implementation of
PECA2016 and this was the blur that was tried to clear.
Moderator: Mr. Zeeshan Riaz, Cyber Crimes Lawyer
Panelists:
1. Mr. Mudassar Hussain, Member Telecom – Ministry of IT & Telecom
2. Dr. Rafi us Shan, Chief – KP CERC | KP Information Technology Board
3. Mr. Naveed ul Haq, Regional Development Manager APAC – ISOC
4. Dr. Aftab Rizvi, CEO – Risk Associates
5. Ms. Nadia Khadam, Asst. Professor – Bahria University Islamabad
6. Ms. Gargana Kiryakova, Director – Ground Labs
7. Ch. Abdul Rauf, Deputy Director – NR3C/FIA

5
 CYBER SECURE PAKISTAN 2019 REPORT

2. Need of National CERT for Cyber Emergency Readiness

During this Panel Discussion, Panelists discussed about the role of CERTs generally and
National CERT specifically. Technical details were discussed, policy notes were brain-
stormed and global best practices were highlighted. Overall it was a conclusive
discussion on one point agenda of establishment of a National CERT as soon as
possible for cyber emergency readiness.
Chair: Senator Rubina Khalid, Chairperson – Senate Committee for IT & Telecom
Moderator: Kh. Muhammad Ali, CISO - ZTBL
Panelists:
1. Dr. Arshad Ali, Former Executive Director HEC
2. Dr. Shoab Khan, Member PM Taskforce on IT & Telecom
3. Dr. Muhamamd Ashraf, CEO – Jolta Technologies
4. Mr. Mehzad Sahar, CISO – Telenor Pakistan
5. Mr. Salih TALAY, Head of Cyber Security Division – HAVELSAN
6. Dr. Rafi us Shan, Chief – KP CERC | KP Information Technology Board
7. Mr. Rafay Baloch, Official from Pakistan Telecommunication Authority

6
 CYBER SECURE PAKISTAN 2019 REPORT

Selected Clicks:

7
 CYBER SECURE PAKISTAN 2019 REPORT

Cyber Secure Pakistan – 2019 – Karachi Episode

The Conference was held on August 28, 2019 at National Incubation Center, Karachi to discuss
challenges being faced by the financial sector including regulator(s), banking and non-banking
institutions, technology companies and law enforcement agencies.

Chief Guest of the Conference was DIG East Karachi, Mr. Amir Farooqui who stressed the need
of latest tools and labs to tackle latest cybercrimes. Mr. Ammar Jaffri, President PISA
described the landmark work by Cyber Security Task Force, constituted by Senate Committee
for Defense and Defense Production in 2013-14. The Proposed Cyber Security Bill is still
pended on the floor of Senate of Pakistan. Mr. Jaffri also described the importance of this Bill
for financial sector and industry at large.

A Panel Discussion was part of the Conference based upon Theme and Panelists were Mr.
Mehzad Sahar from Bank Alfalah, Dr. Aftab Rizvi from Risk Associates, Mr. Ali Saqib from State
Bank of Pakistan, Mr. Muhammad Ahmad Zaeem from NR3C FIA, Mr. Aun Abbas Bukhari from
Telenor Bank and Mr. Muhammad Ehsan from Jameel & Jameel. Discussion was moderated
by Mr. Asif Riaz from Digital Arrays. Panelists discussed about advanced threats to the critical
infrastructure and solutions to combat those threats, especially banking industry. They
stressed the need of national level and sector wise CERTs for better governance. Keynotes
Talks were delivered by Dr. Asad Arfeen, PI of Internet Security and Quantum Technology Lab
under NCCS, Mr. Anwar Kamal from NIMIS and Dr. Hiranao Takahashi, an InfoSec Scientist
from Japan.

Panel Discussion:
Moderator: Mr. Asif Riaz, Founder – Digital Arrays
Panelists:
1. Mr. Mehzad Sahar – Bank Alfalah
2. Mr. Ali Saqib – State Bank of Pakistan
3. Dr. Aftab Rizvi, CEO – Risk Associates
4. Mr. Muhammad Ahmad Zaeem – NR3C/FIA
5. Mr. Aun Abbas Bukhari – Telenor Bank
6. Mr. Muhammad Ehsan – Jameel & Jameel

This discussion was actually for establishing the difference between cybercrime as compared
to cybersecurity. It was discussed that cybercrime is an offensive act against an individual or
organization utilizing technology as a platform or tool whereas cybersecurity deals with
securing the technology infrastructure of an entity with respect to maintaining confidentiality,

8
 CYBER SECURE PAKISTAN 2019 REPORT

integrity and availability. Another important aspect to differentiate is that cybercrime is

exclusive jurisdiction of law enforcement agencies and that most of the cyber security
professionals may not be well accustomed with cybercrime and its enforcement and vice
versa.

It was also mentioned that public awareness is important both for enhancing cyber security
and preventing cybercrimes. Therefore, the need for having an overarching cyber security
body at the federal level is stressed in this discussion as well because no institution is
designated to ensure the cybersecurity in the country.

Role of State Bank of Pakistan was applauded as being open and forthcoming regulator to
ensure cyber security of the banking industry of the country. On the contrary, other regulators
e.g. SECP, PTA are lacking behind in issuing cyber security regulations.

On the legal side, the need to improve the cyber security laws in country is highlighted and
the effort of PISA was applauded in voluntarily drafting a cybersecurity bill which has pending
since long on the website of the Senate of Pakistan.

The need for training of judges and advocates with respect to cybercrime and cybersecurity
is of utmost importance, which has been lacking and must be taken up as an immediate
concern as no institutional effort has been made in this regard. This is in spite the changes
made in the Evidence Act to make digital evidence admissible in a court of law.
The difference in opinions and understanding among the law enforcement, regulators and
industry came to the surface again which is in itself a healthy sign of the society moving
forward.

9
 CYBER SECURE PAKISTAN 2019 REPORT

Selected Clicks:

10
 CYBER SECURE PAKISTAN 2019 REPORT

Cyber Secure Pakistan – 2019 – Lahore Episode

The Conference was held on August 31, 2019 at PITB Auditorium, Arfa Software Technology
Park, Lahore to discuss industry challenges and need in perspective of technology companies
and specially the role of PITB in this regard. This Episode was conducted in collaboration with
Punjab IT Board.

Chief Guest of the Conference was Mr. Sajjad Ghani, Additional Director General
(Infrastructure) in PITB who briefed about the recent work by PITB in fields of technology and
cyber security. Mr. Ammar Jaffri, President PISA described the landmark work by Cyber
Security Task Force, constituted by Senate Committee for Defense and Defense Production in
2013-14. The Proposed Cyber Security Bill is still pended on the floor of Senate of Pakistan.
Mr. Jaffri also described the importance of this Bill for technology companies and specially
the information security sector of the economy. He also added the importance of CERT to
build information security as an independent sector in Pakistan.

A Panel Discussion was part of the Conference based upon Theme and Panelists were Mr.
Burhan Rasool from PITB, Mr. Fouad Bajwa who in ICT Policy Expert and Dr. Aftab Rizvi from
Risk Associates. Discussion was moderated by Dr. Sadaf Hina from Superior University.
Panelists discussed about advanced threats to the critical infrastructure and solutions to
combat those threats, especially those organization who have sensitive data with respect to
the State and its Citizens. They stressed the need of national level and sector wise CERTs for
better governance. Keynotes Talks were delivered by Mr. Ahmad Hamdan, Principal
Consultant in Decrypted Solutions on Topic of “Blockchain Security Challenges” and Mr. Abbas
Baqir from Students Shelter on “Ethics in Hacking”.

Panel Discussion:
Moderator: Dr. Sadaf Hina – Superior University
Panelists:
1. Mr. Burhan Rasool – Punjab Information Technology Board
2. Mr. Fouad Bajwa – ICT Policy Expert
3. Dr. Aftab Rizvi, CEO – Risk Associates

During the Discussion Mr. Fouad mentioned financial scams as most common and highlighted
lack of awareness to combat these crimes. He said that prime targets of high-level
cybercrimes are databases and archives of government, National security infrastructures,
Critical social, economic and military information, and Banks and other private organizations.
He emphasized on the implementation of nation cyber security law, policies and CERT team
to mitigate the risks of exploitation of vulnerable resources and provide adequate response-
efficacy to the individuals and institutions.

11
 CYBER SECURE PAKISTAN 2019 REPORT

Mr. Burhaan Rasool highlighted the problem of attitude towards security policies and
compliance in government sector. He emphasized that officials should strictly follow standard
operating procedures and bring security compliance as a culture to the organizations.

Dr. Aftab Rizvi stressed on desired foreign support in placing adequate resources on right
places. He mentioned that international standards should be adopted instead of re-inventing
some. He said that law, policies, monitoring, governance and security education, training and
awareness should be re-stated and reinforced to fill the gaps. He further added that
international standards like ISO/IEC/27002 should be incorporated to improve overall
structure of security procedures and systems.

12
 CYBER SECURE PAKISTAN 2019 REPORT

Selected Clicks:

13
 CYBER SECURE PAKISTAN 2019 REPORT

Cyber Secure Pakistan – 2019 – Peshawar Episode

The Conference was held on September 26, 2019 at IM Sciences University, Peshawar to
discuss prevailing anti-cybercrime echo-system and role of academia in aid of law
enforcement in this regard. This Episode was conducted in collaboration with KPCERC, an arm
of Kyber Pakhtunkhwa Information Technology Board (KPITB).

Chief Guest of the Conference was Mr. Iftikhar Ali Shah, Former DIG KP who shared his
experiences and stressed the need of cyber security measure to safeguard critical
infrastructure. Mr. Ammar Jaffri, President PISA described the landmark work by Cyber
Security Task Force, constituted by Senate Committee for Defense and Defense Production in
2013-14. The Proposed Cyber Security Bill is still pended on the floor of Senate of Pakistan.
Mr. Jaffri also stressed that our universities should play their role with updated curriculums,
industry oriented FYPs and hands-on internships. Mr. Rafi us Shan, Chief of KPCERC, talked
about data privacy issues in the region and Pakistan and described what KPCERC is
contributing in this regard. Mr. Muhammad Mohsin, Director IM Sciences Peshawar talked
about the role of academia in post-digital era and described what IM Sciences is offering in
this regard.

A Panel Discussion was part of the Conference based upon Theme and Panelists were Mr.
Farooq Naiyer from Ontario Research Innovation Network (ORION) Canada, Mr. Shahid Ilyas
Khan from NR3C – FIA, Dr. Tahir Zaman, Associate Professor – CECOS University, Dr. Tamkeel
Ali Tanveer, Associate Professor – IM Sciences and Mr. Javed Jabbar, Head of ICT Security –
Bank of Khyber. Discussion was moderated by Dr. Rafi us Shan, Chief of KPCERC. Panelists
discussed about advanced threats to the critical infrastructure and solutions to combat those
threats, especially those organization who have sensitive data with respect to the State and
its Citizens. They stressed the need of national level and sector wise CERTs for better
governance. Technical Talks were delivered by Mr. Babar Akhunzada, Co-Founder of Security
Walls on Topic of “Hacking for Profit and Fun”, Mr. Mubshar Sargana, CTO – PISA on Topic of
“Privacy vs Security” and Mr. Mujtaba Hussain, Course Instructor - KPCERC on Topic of “Career
Paths in Cyber Security”.

Panel Discussion:
Moderator: Dr. Rafi us Shan - KPCERC
Panelists:
1. Mr. Farooq Naiyer – Ontario Research Innovation Network (ORION)
2. Mr. Shahid Ilyas – NR3C/FIA
3. Dr. Tahir Zaman, CECOS University
4. Dr. Tamkeel Ali Tanveer – IM Sciences
5. Mr. Javed Jabbar – Bank of Khyber

14
 CYBER SECURE PAKISTAN 2019 REPORT

During the Discussion It was discussed that the Govt. should effectively implement PECA 2016
Act on urgent basis and establish cybercrime police stations to ensure the security of internet
users. Purely technical staff should be hired to get the better results. The policies should be
updated according to the latest technologies.

Banks are more attractive target cyber-criminals due to weak banking security system. We
need to secure our banking systems with latest technologies and trained workforce. Customer
awareness programs are also very essentials to handle this issue.

Awareness is the more important than security. Govt. and other NGOs should launch the
campaign across the country about the cyber security and effective use of internet. In
Addition to this we need to include cybersecurity as an essential part in the school curriculum.

15
 CYBER SECURE PAKISTAN 2019 REPORT

Selected Clicks:

16
 CYBER SECURE PAKISTAN 2019 REPORT

PISA Personage Awards Ceremony

Pakistan Information Security Association (PISA)
proudly launched its new initiative to recognize
fabulous achievements of those heroes of
Information Security who have invested their lives
to build the current industry to this scale and level.
All honorable Awardees are chosen with respect to
their personal level efforts and organizational
building work with vision of long term perspective
in field of Information Security and Cyber Security.
It is the first ever initiative of this size in Pakistan
and Region. We are honored to announce that
"PISA Personage Award" has been announced on
March 12, 2019 during 7th Edition of Cyber Secure
Pakistan in National Library of Pakistan, Islamabad. Award has been presented to:
01 Dr. Arshad Ali
02 Dr. Muhammad Ashraf
03 Dr. Saad Zafar
04 Dr. Nassar Ikram
05 Dr. Shoab Khan
06 Dr. Junaid Zaidi
07 Mr. Wahaj Siraj
08 Barrister Zahid Jameel
09 Mr. Tahir Mahmood Chaudhry
10 Mr. Maajid Maqbool
11 Mr. Nazeer Vaid
12 Mr. Zahid Basheer Mirza
13 Mr. Talha Habib
14 Syed Ammar Hussain Jaffri
Awards were given by the Guest of Honour of the Ceremony Senator Rubina Khalid,
Chairperson Senate Committee on IT and Telecom. Six Dignitaries attended the
Ceremony and received their Award. Three Dignitaries nominated their proxies to
receive the Award on their behalf. Five Dignitaries couldn't able to attend the
Ceremony and their Awards are archived with PISA and shall be presented in future.
PISA, a leading name of industry trend setter, is working from its inception on lines of
mutual collaboration and industry uplift, this Award is envisioned following same lines.

17
 CYBER SECURE PAKISTAN 2019 REPORT

Selected Clicks:

18
 CYBER SECURE PAKISTAN 2019 REPORT

#CSP19 Sponsors and Supporters:

19
 CYBER SECURE PAKISTAN 2019 REPORT

Participants from Industry:

A.Q khan Institute of Computer GEO TV NUST
Science & IT
Aaj TV GHQ OGRA
ABASYN University Global Citizenship Academy ORION
ABL Govt. College University OSFP
Lahore
Air University Ground Labs Pakistan Air Force
Arcana Info (Pvt.) Ltd. G-TV Pakistan Army
Askaria College Rawalpindi Habib Metropolitan Bank Pakistan Navy
Bahria University HAVELSAN Pakistan School of Internet
Governance
Bank Alfalah HEC Pakistan Telecommunication
Authority
Bank Alhabib HITEC University PIEAS
Bank of Khyber IBA Prime Minister Office
BISE Lahore IIUI Punjab Information Technology
Board
Blue Assure Consulting IM Sciences Peshawar Punjab Police
BRAINS INFOSYS IIT Punjab University
Bridging Trade International Internet Society QAU
CASE/CARE ISI RISE
CECOS University, Peshawar Islamabad Police Risk Associates
CISCO Islamia University, Samaa TV
Bahawalpur
City University, Peshawar IT Butler Sarhad University
Cloud Security Alliance Jameel & Jameel SECP
COMSATS Jang Group Security Wall
Crime Stoppers Pakistan Jolta Technologies Senate of Pakistan
CUST Khyber Pakhtunkhwa Shaheed Benazir Bhutto Women
Technology Board University
Cyber Tor KP CERC Sharif Education Complex
DAWN TV Kualitatem Private Limited Skills International
Decrypted Solutions LDC Spectrum
Digital Arrays Media Info Systems Superior University
DTCC Ministry of Finance Tapal Tea
Dubai Islamic Bank Ministry of Interior TechnoBiz
EGS Ministry of IT & Telecom Telenor
E-Links Ministry of Planning & Telenor Bank
Reforms
Encode Technologies Ministry of Science & The Drakken
Technology
Ericsson Mobilink Bank UBL
Falcon Engineering National Bank of Pakistan University of Haripur

20
 CYBER SECURE PAKISTAN 2019 REPORT

FAST National Incubation Center, University Institute of IT

Karachi
FAST Karachi National Police Academy University of Baagh, AJK
FAST Peshawar Nayatel University of Management &
Technology Lahore
Federal Investigation Agency NDU USF
Finja (Private) Limited NED University of Waqt TV
Engineering & Technology,
Karachi
GCWUS NR3C ZTBL

21
 CYBER SECURE PAKISTAN 2019 REPORT

Note from the Project Lead:

I’m thankful to everyone who have attended and
participated in the 7th Edition of Cyber Secure
Pakistan. I’m thankful to our amazing Key-Note
Speakers, Panelists and Moderators who were
real power house of the Conference. I’m also
thankful to our Sponsors and Supporters including
GCWU Sialkot, Risk Associates, IT Butler, PITB,
KPITB, NIC Karachi, and IM Sciences for their trust
on us and our Support Partners those are Security
Experts, InfoSys Solutions, UltraSpectra and E-
Café for partnering with us for the Cause of Cyber
Secure Pakistan. I’m thankful to all volunteers who have invested their energies in
Islamabad, Karachi, Lahore and Peshawar for this noble Cause.

We did our best in our humble capacity to impart the real knowledge of information
security and cyber security to the audience of the Industry. We are motivated to
further spread the message of Cyber Secure Pakistan in masses from policy level
strategists to operational and tactical geeks of the Sector. We are very much energized
to convince all stakeholders for a national level cyber security law, strategy, policy and
establishment of CERT.

We have completed and concluded the 7th Edition with the theme of “Cybercrime vs
Cybersecurity – A dialogue to clear the blur”. We have extended our message to
telecom, financial sector, security sector, digital services providers, regulators and IT
Industry at large. Next is #CSP2020 and soon we’ll announce dates and schedule. Our
hearts are open for everyone who is willing to join us as volunteer, support partner,
sponsor and/or major contributor. We are working for Pakistan, for Cyber Secure
Pakistan.

Abbas Ansari
Lead – Project Cyber Secure Pakistan
Email: abbasibnhusayn@gmail.com
Mobile: +92 333 163 7911

22