Potential Cyber Attack On ECP Averted

Potential Cyber Attack On ECP Averted
ISLAMABAD: A cyber attack warning for the Election Commission on Pakistan (ECP) on Friday (July 7) last week created much disturbance among ECP staff members. The warning was issued to the electoral watchdog at a time when it has started preparation for conducting local government polls and in near future general elections.

The cyber security alert was issued on Thursday (July 6) by ECP's information security specialist Naveed Ahmed Kandhir, who shared a screenshot of an email sent to a commission official which asked the recipient to open an attachment: a compressed file titled “Cabinet.rar”. The alert said it was a ransomware attack aimed at gaining access of laptops, mobile devices and other electronic systems to steal information.

Sources said that soon after the cyber attack warning, the staff of the commission immediately asked all employees to avoid opening anonymous emails on official computers and devices, as sensitive data could be compromised. The staff was asked to ignore emails and 'report as spam' till until further orders. Alternative procedures for secure communication and correspondence were enforced, according to an ECP insider.

The country's top electoral body is planning to hold important meetings on upcoming elections, which would also make use of virtual communication platforms to connect the officers in ECP headquarters in Islamabad with other ECP officials throughout the country. ECP's staff has yet to issue any official statement or clarification about the cyber attack warning.

This is not the first cyber attack on Pakistani government organizations' websites or the country's electronic assets. The Ministry of Information Technology and Telecommunications (MoITT) has asked government ministries and attached departments several times to upgrade their systems.

In May, Pakistan’s electronic security was compromised because of negligence at the National Institutional Facilitation Technologies (NIFT). Hackers managed to breach the security of the cheque-clearing institution, attained unauthorised access to data and shut the system down, forcing NIFT to operate manually as their digital systems - including sensitive financial data stored and processed on them - were no longer in their control. Even after seven days since the cyberattack, the NIFT was still in the process of fully restoring its normal operations.

In 2022, the MoITT wrote a letter to all federal secretaries, asking them to shift the websites of their respective ministries and attached departments onto the main data centre of the National Telecommunications Corporation (NTC) in order to adequately protect their data and websites from potential cyber attacks.

The National Information Technology Board (NITB) has also developed an indigenous electronic office or 'e-office' applications to help government departments go paperless. The e-office concept was aimed at improving internal efficiency in all government departments through electronic administration, and is utilised by many governments around the world. The project continues in nearly all the ministries and divisions, as well as 107 departments, of the federal government.

The e-office protocol replaces the redundancy in physical movement of files and documents, which consumes a lot of time and requires continuous monitoring of such files and documents from desk to desk. It is this proverbial 'red tape' and bureaucratic delay that official government business suffers from before its reaches the senior officials and competent authorities for the final decision.

When contacted, the MoITT spokesman said that all government organisations need to upgrade their data centres to avoid risk. "Existing data centres need to be upgraded with the passage of time to build resilience against cyber attacks".

He said that the MoITT had already introduced the Pakistan Cloud First Policy on 18 February 2022. "This policy would be implemented soon", he said, adding that "the MoITT highlighted the policy's application as guidance to all public sector entities, regulated sectors, and private sector organisations".