NTI 2020 and Pakistan’s Cyber Preparedness


All News | Newsroom News | NTI

by Basma Khalil    18 August 2020

In contemporary global strategic affairs, nuclear safety and security are widely perceived to be one of the fundamentals. . It serves as the measuring scale for a state’s capability to survive in today’s realist world. With the passage of time, the parameters of the nuclear safety and security have changed considerably. The emergence of sophisticated technologies has become one of the leading factors that contribute to the change in the dynamics of nuclear security.    It includes all the technologies that are related to computers and computing systems. Presently, the major intimidation which states are facing from emerging technologies is the cyber threat.  The Nuclear Security Index (NTI) Report 2020 has also highlighted the importance of cyber technology for nuclear safety and security.  In this regard, the NTI has taken into consideration the various security measures taken by the states that possess the weapon usable nuclear material. The assessment is aimed at critically identifying the emergent cyber threats to nuclear security.

In general, the NTI report has highlighted some basic elements for theft and sabotage of nuclear-related materials. For instance, the assessment of the number of sites, security control measures, gauging of risk environment, global norms, and abiding by domestic commitments. With a particular focus on cybersecurity, the NTI report 2020 has taken into consideration some key ‘Security and Control Measures’. These include; on-site physical protection, prevention of insider threat, response capabilities, and security culture. It has analyzed the nuclear safety and security from a new perspective. This has been further complemented with the need of adopting new tools and indicators to measure the security of the nuclear infrastructure. Although NTI suggests such measures the growing cyber threats to nuclear facilities still need a firm global response. It further highlights that countries that possess weapon usable nuclear material are improving cybersecurity regulations in accordance with the rapidly changing cyber threats to nuclear facilities. In this regard, the integration of cybersecurity, physical protection, protection critical of digital assets from cyber-attacks, creating awareness of cyber threats, and training of personnel to with cyber risk scenarios are significant. Such frameworks are also aimed at addressing the prevention of insider threat, the establishment of security culture, control and accountability procedures, physical protection, and response capabilities.

Among countries with weapons-usable nuclear materials and for the third time in the sabotage ranking, Australia has been ranked at the first position for its security practices for the fifth time. New Zealand and Sweden stand first in the ranking for countries without materials. It is very pertinent to highlight here that based on its commitment towards nuclear safety and security, Pakistan has been acknowledged clearly. This has been further appreciated since Pakistan has adopted n new on-site physical protection and cybersecurity regulations that will improve the existing insider threat prevention measures. In the 2020 NTI report, Pakistan is among the countries that have nuclear materials but based on its adherence to nuclear security it has been given credits in clear words

It is worth mentioning here that in the theft ranking for countries with nuclear materials, Pakistan has improved its ranking by overall score by 7 points. In this regard, Pakistan’s has made major progress in the ‘Security and Control Measures’ category with an incredible (+25) points based on its new regulations. Also, Pakistan has improved in the Global Norms category with (+1) points. The strengthened laws and regulations have provided sustainable security benefits and resulted in improving Pakistan’s overall score. Moreover, Pakistan’s improvement in the Security and Control Measures category are quite significant. Over time, by improving +8 points in 2014, +2 in 2016, and +6 in 2018, Pakistan has steadily improved in the Security and Control Measures category. Owing to new regulations for on-site physical protection its score has improved since 2014. Since 2018; the insider threat protection is also improved. When the report was first launched in 2012, since then Pakistan, unlike other states has improved its score in the security and control measure category with 25 points. This is an incredible improvement as it the second-largest improvement among the related states.

At the national level, Pakistan has taken various initiatives these include; the establishment of Cyber Forensic Laboratory at the National University of Science and Technology (NUST), and the Computer Emergency Response Team (PAK-CERT). To maintain such a status, Pakistan needs to further formulate and enhance its national cyber policy to deal and control cyber threats to nuclear security in the longer term. To serve the purpose National Centre for Cyber Security which aims at making cyberspace of Pakistan more secure. It has affiliated Research and Development Laboratories working on projects related to network security systems and smart devices.

The NTI Index Report has further suggested that to integrate physical protection and cybersecurity, and to protect critical digital assets, including systems related to physical protection, control, accounting, or safety improved cyber tools, watchdogs are required at facilities to protect against cyber-attacks. The potential for cyber-attacks at nuclear facilities, as well as combined cyber-physical attacks should be taken into by Threat assessments. To identify weaknesses and to make continuous improvements, ‘Threat Tests and assessments’ are required regularly to identify weaknesses and to make continuous improvements.

However keeping in view, the uneven capacity to address cybersecurity globally and on a regional level, greater effort is needed to fill capacity gaps in cooperation with other countries. It is also essential to address the human factor for cybersecurity when insiders could unwittingly introduce or exacerbate cyber vulnerabilities. Pakistan needs to establish a specialized cyber workforce. Technical operations related staff needs to know about the systems and also need access to computer systems to complete programs to deal with cyber threats and help mitigate insider threats to nuclear facilities. Regular training workshops of personnel should be organized. Pakistan must go for cooperation with other regional states to strengthen regional cybersecurity framework and may go cyber agreements which may bring down the hazard of the regional cyber threats and add to the international reputation of Pakistan as a responsible state. Although Pakistan has improved a lot in the realm of cybersecurity and also improved the cyber-surveillance systems and watchdogs’ frameworks still a National Cyber Security Strategy is the need of the hour to further strengthen, already established cyber organizations.