CERT warns supply chain cyber threats could put Pakistan’s critical infrastructure at risk, including power, banking, and defence systems.
The National Computer Emergency Response Team issued a cybersecurity advisory highlighting that hostile actors may exploit vulnerabilities during hardware and software delivery stages. The advisory stresses that even small security gaps can lead to large-scale system disruptions.
Officials warned that compromised hardware or unverified software updates may introduce hidden backdoors into national systems. These risks could have long-term consequences for digital security.
Vendors and Supply Chains Under Scrutiny
CERT identified vendors with unclear ownership structures as a key risk factor. Institutions have been urged to conduct thorough due diligence before procurement.
Additionally, reliance on a single supplier may increase vulnerability. A breach in one entity could disrupt entire sectors, including the power grid and banking network.
Authorities have instructed organisations to adopt stronger safeguards. These include tamper-proof mechanisms and tracking systems for transporting sensitive equipment. Institutions must also report suspicious network activity and unusual software behaviour immediately.
CERT further recommended implementing a zero-trust security model, ensuring that all devices are verified before accessing networks. The warning follows recent cyberattacks targeting Pakistani media and infrastructure.
Earlier this month, several TV channels, websites, and mobile applications were targeted in coordinated attacks. The state-owned satellite Pak-Sat also experienced disruptions, affecting transmissions.
CERT emphasised that neglecting supply chain security could lead to the paralysis of critical national systems. As Pakistan’s digital infrastructure continues to expand, experts say stronger cybersecurity frameworks are essential to safeguard national interests.
