In a major step toward strengthening national cybersecurity, the CERT Council has recommended the creation of six provincial-level Computer Emergency Response Teams (CERTs) in Punjab, Sindh, Khyber Pakhtunkhwa, Balochistan, Azad Jammu and Kashmir, and Gilgit-Baltistan. A formal summary has been submitted to the federal cabinet for approval. Once approved, the federal government will officially notify these provincial CERTs, according to sources in the Ministry of IT and Telecom.
Provincial Readiness
Each provincial government has already nominated specific departments to lead their CERTs:
-
Punjab: Punjab Information Technology Board (PITB)
-
Sindh: Sindh Science Department
-
Khyber Pakhtunkhwa: KP IT Board (in coordination with the existing KP Computer Emergency Response Center)
-
Balochistan: Science Department
-
Azad Jammu and Kashmir & Gilgit-Baltistan: Respective local departments have been assigned
READ MORE: Japan’s Sphelar Spheres Redefine Solar Technology
National Coordination Framework
At the national level, the Ministry of IT and Telecom operates the National CERT, which currently functions dually as both the Government CERT and the Critical Information Infrastructure (CII) CERT. This dual role will remain in place until dedicated bodies are established for each function.
Once provincial CERTs are formally notified, they will be included in the CERT Council, which is a 16-member body chaired by the Federal Secretary of IT and Telecom. The Council includes representation from the Ministries of Defense, Foreign Affairs, and Interior, along with members from academia, industry, and civil society, ensuring diverse perspectives in shaping cybersecurity policy.
Sectoral CERTs on the Horizon
In addition to the provincial teams, the CERT Rules mandate the formation of sector-specific CERTs across various government and private sector organizations—ranging from ministries and local governments to regulatory authorities. These Sectoral CERTs will be responsible for managing cyber incidents affecting critical information systems in their respective areas and must report up through the established National CERT structure.
This coordinated, multi-tiered approach marks a significant advancement in Pakistan’s cybersecurity framework, aiming to build resilience against emerging cyber threats at every level of governance.
