ISLAMABAD: The government has established a high-powered National Committee for Information & Communication Security with the mandate to place a comprehensive framework for all ministries, divisions, and organisations.
According to an official notification issued by the Cabinet Division, the security of critical information infrastructures and information systems is of paramount importance for national security.
A perpetual threat to communications and cyber networks by hostile agencies exists, aimed at espionage, denial, or disruption. In this backdrop, there is an urgent requirement to undertake immediate assessment of existing vulnerabilities in our information networks in order to develop a robust, sustainable and impermeable information security framework.
In this context, a National Committee for Information & Communications Security (NCICS) is being constituted as Secretary MoITT (Chairman), DC (Technical) ISI, Chairman PTA, DG NCERT Dr Haider Abbass, Additional Secretary ex Establishment Division, Secretary NTISB, Cabinet Division (Secretary), nominated and authorised representatives from provincial governments, GB and AJ&K, Co-opted Members (a) Additional Secretary ex Finance Division, Additional Secretary ex MoFA, any other member as required from specific sector, organisation of academia as deemed necessary by the Chairman NCICS.
This committee will assess and monitor information systems of Government Ministries/ Divisions & Organisations in order to identify vulnerabilities, conduct gap assessments, evaluate effectiveness of existing information security processes and recommend measures to mitigate risks to enhance security purpose of information system.
The scope and task of this committee is to carry out analysis of completed cybersecurity and IT audits by NTISB and NCERT (National Cyber Emergency Response Team) in order to formulate recommendations/corrective measures aimed at improving following: Comprehensive national cyber security governance framework; Development of HR cadre for cyber security; Implementation of technical controls; Streamlining security aspects in procurements of cyber & Team; Any other aspect related to cyber security as deemed appropriate.
To undertake gap assessments in critical sectors (Health, Energy, CAA, Transportation etc) in order to identify vulnerabilities in information systems and recommend cybersecurity measures.
Formulate a compliance mechanism duly incorporating essential information security controls tied to organizational KPIs to ensure effective monitoring and implementation.
Establish a Federal CERT (FCERT) under NCERT Online with CERT Rules 2023) in order to focus on information security aspects of all Government Ministries, Divisions and Organizations. A component of Managed Security Service Providers (MSSP) may also be raised in FCERT.
Formulate tier-down committees in order to efficiently perform assigned functions, including but not limited to following: information Security Working Committee (Headed by DG NCERT): To conduct gap assessment, analyze vulnerabilities and formulate recommendations in consultation with other committees for review and decision by National Committee for Information & Communication Security (NOICS).
HR Re-Structuring Committee (Headed by Additional Secretary ex Establishment Division) Optimization of existing manpower in order to create a cybersecurity workforce from within the existing HR.
Aspects like creation & re-designation of posts, formulation of recruitment rules etc for information security related tasks to be considered while re-appropriation of HR.
Financial Planning Committee (Headed by Additional Secretary ex Finance Division): Working out financial plan for information security projects in the federal & provincial governments, in consultation with the ministries, division and departments.
Committee for Information Security Aspects of MoFA Missions (Headed by Additional Secretary ex MoFA): Security audit of foreign missions ex Ministry of Foreign Affairs (MoFA) in order to identify vulnerabilities (including workforce and supply chain) from hostile actors in order to ensure strengthening of information security against specific threats. Any other relevant task as deemed necessary by the committee.
Secretariat. Cabinet Division will act as Secretariat of National Committee for Information & Communications Security (NCICS).
