ISLAMABAD’:
The National Computer Emergency Response Team (National CERT) issued a stark warning Tuesday that hostile actors could exploit supply chains to infiltrate critical national infrastructure, calling for immediate system-wide audits and tighter cybersecurity controls.
In detailed guidance, the authority ordered all public and private institutions to carry out urgent software and hardware audits and warned that unsecured systems could expose power, banking and defense networks to disruptions.
The warning followed reports of suspicious foreign software found in the Islamabad Safe City project, prompting authorities to put relevant institutions on high alert and initiate extensive scanning of national infrastructure systems.
The national CERT mandated that software testing be completed within one week and hardware inspections within two weeks, along with strict monitoring of suppliers, logistics systems and supply chains to identify potential vulnerabilities.
The advisory warned that even minor mistakes during procurement or delivery could trigger large-scale system failures, noting that global supply chains have become a key battleground for cyber sabotage and espionage.
Institutions have been instructed to immediately isolate compromised hardware, preserve evidence and blacklist vendors in case of suspicious activity, while ensuring transparency in vendor ownership and procurement processes.
The national CERT advisory also warned against reliance on single vendors and highlighted the risk of systemic disruption if a compromised device affects entire sectors such as the national grid or banking network.
Communications devices, network management tools and industrial control systems were identified as particularly vulnerable, with warnings that unverified software updates could introduce hidden backdoors into critical systems.
To mitigate risks, organizations have been asked to adopt zero-trust security models, implement tamper-proof transport mechanisms for sensitive equipment, and report unusual network activity without delay.
Separately, the federal government has operationalized a national threat intelligence sharing system linking the National CERT with the Pakistan Telecommunication Authority (PTA) and the Cyber Division of the Pakistan Army.
Built on a Malware Information Sharing Platform (MISP), the system enables real-time detection and coordinated response to cyber threats, reducing reliance on external intelligence and strengthening national cyber defense.
Officials say the integrated platform will provide early warnings of potential attacks on government, telecommunications and critical infrastructure, while improving interagency coordination and proactive threat hunting.
The warning comes amid growing global concern over supply chain vulnerabilities and follows recent coordinated cyber attacks targeting Pakistani media platforms and the state-owned Pak-Sat satellite, which disrupted television transmissions.
Earlier this month, the National Assembly was told that further investment in cyber security, including the deployment of firewalls, was essential to protect the country’s expanding digital ecosystem, as authorities push to strengthen the protection of national networks.
(WITH INPUT FROM NEWS DESK)
