ISLAMABAD’:
The National Computer Emergency Response Team (National CERT) on Tuesday issued a stern warning that hostile actors could exploit supply chains to infiltrate critical national infrastructure, urging immediate system-wide audits and stricter cybersecurity controls.
In a detailed advisory, the authority ordered all public and private institutions to carry out urgent software and hardware audits, warning that unsecured systems could expose power, banking and defense networks to disruptions.
The alert came after reports of suspicious foreign software detected in Islamabad’s Safe City project, prompting authorities to put relevant institutions on high alert and initiate a comprehensive scan of national infrastructure systems.
The National CERT required that software testing be completed in one week and hardware inspections in two weeks, along with strict monitoring of suppliers, logistics systems and supply chains to identify potential vulnerabilities.
The advisory warned that even minor failures during procurement or delivery could trigger large-scale system failures, noting that global supply chains have become a key battleground for cyber sabotage and espionage.
Institutions have been instructed to immediately isolate compromised hardware, preserve evidence, and blacklist vendors in the event of suspicious activity, while ensuring transparency in vendor ownership and procurement processes.
CERT’s national advisory also warned against reliance on single providers, highlighting the risk of systemic disruption if a compromised entity affects entire sectors such as the national network or banking network.
Communication devices, network management tools and industrial control systems were identified as particularly vulnerable, with warnings that unverified software updates could introduce hidden backdoors into critical systems.
To mitigate risks, organizations have been directed to adopt zero-trust security models, implement tamper-proof transport mechanisms for sensitive equipment, and promptly report unusual network activities.
Separately, the federal government has put in place a national threat intelligence sharing system linking the National CERT with the Pakistan Telecommunication Authority (PTA) and the cyber division of the Pakistan Army.
The system, built on a Malware Information Sharing Platform (MISP), enables real-time detection and coordinated response to cyber threats, reducing dependence on external intelligence and strengthening national cyber defense.
Officials say the integrated platform will provide early warnings against potential attacks on government, telecommunications and critical infrastructure, while improving interagency coordination and proactive threat hunting.
The warning comes amid growing global concern over supply chain vulnerabilities and following recent coordinated cyberattacks targeting Pakistani media platforms and the state-run Pak-Sat satellite, which disrupted television broadcasts.
Earlier this month, the National Assembly was told that greater investment in cybersecurity, including the deployment of firewalls, was essential to safeguard the country’s expanding digital ecosystem, as authorities push to strengthen the protection of national networks.
(WITH INPUTS FROM THE NEWS DESK)
