PTA launches five-year plan to enhance digital security

The Pakistan Telecommunication Authority (PTA) has rolled out a five-year plan to boost digital security across the telecom sector in the country, according to a press release.

The “Cyber Security Strategy”, which the regulator calls a “comprehensive” and “ambitious” plan, will run from 2023 to 2018. The strategy will entail the implementation of the National Cyber Security Policy 2021 and is aimed at “bolstering” digital security.

The PTA says the strategy has been built on six foundation pillars, with each covering a specific aspect of cybersecurity. The plan incorporates legal framework, cyber resilience, proactive monitoring, incident response, capacity building, collaboration, and public awareness. It will ensure a resilient and secure digital infrastructure across Pakistan’s telecom sector, the PTA says.

The strategy places a particular emphasis on multi-stakeholder approach. It is aimed at fostering an active collaboration between public and private sectors, telecom operators, regulators, academic institutions, private security firms, and civil society organisations. Bringing together these entities will help foster a “united and comprehensive” response to cyber threats, the statement adds.

The plan also stresses the need for creating an environment that is conducive to retaining skilled professionals in the country. To counter the “brain drain”, the PTA will collaborate with key stakeholders, including the academia, industry professionals, and government organisations. The joint efforts of these entities will focus on building “domestic talent pipelines” to retain highly qualified individuals, who are leaving Pakistan in search for better opportunities abroad.

To strengthen the privacy of users, the PTA will require licencees, including telecom operators and internet service providers, to communicate their privacy policies to their consumers in clear terms. Service providers will be required to inform the consumers about their policies through text messages, recorded phone calls, or emails. The policies should clearly state what type of data will be collected and why. Any change in the privacy policy must also be intimated to the users.