The federal government of Pakistan has issued a Cyber Security Advisory and advised all IT and financial institutions and regulatory bodies to abstain from collaborating with or utilizing AI or ICT products of Indian origin.
The security caution is based on the potential persistent and hidden threat these products could pose to Pakistan’s Critical Information Infrastructure (CII).
This warning was disseminated through a “cyber security advisory” shared with federal and provincial ministries and sectoral regulators. The advisory highlighted that many industries worldwide employ AI products and services to boost business growth, including in the financial and banking sectors.
The advisory states, “Certain segments of Pakistan’s fintech sector, including some banks, have been liaising with companies of Indian origin for IT products, cybersecurity, and AI solutions.” The government underscored that utilizing Indian security products and solutions could be a “constant, concealed, and force multiplier threat” to Pakistan’s CII, notably the banking sector.
Concerns Highlighted in the Advisory
The advisory detailed two primary concerns: the potential inclusion of backdoors or malware in the products that might facilitate data traffic analysis and the harvesting of personally identifiable information (PII). Secondly, it noted the risk of “direct Indian ingress in Pakistan’s CII through technical means/access control with passive monitoring capability”.
In light of these concerns, all federal and provincial ministries and sectoral regulators have been asked to make their affiliated organizations and licensees aware of the risks associated with using products or solutions of Indian origin. Moreover, the government has advised these entities to liaise with the Pakistan Software House Association (P@SHA) to find economical alternatives developed by Pakistani technical companies.
Past Cybersecurity Incidents Involving India
A Texas-based US firm, Exodus Intelligence, two years earlier revealed that India used its software vulnerabilities—known as “zero-day”—to spy on Pakistan and China, according to a Forbes report. Exodus’s CEO Logan Brown disclosed that after an internal investigation, he believes Indian government personnel or a contractor adapted one of the vulnerabilities discovered by his company to exploit Microsoft’s operating system for malicious purposes.
Furthermore, Pakistan’s Inter-Services Public Relations (ISPR) reported a significant cybersecurity breach in 2020, which targeted government and military officials’ devices through hacking by Indian hackers. The Pakistan Army took additional measures to counteract such activities and urged all government departments to strengthen their cybersecurity protocols.