Pakistan: Experts propose recommendations to protect civilians in cyberspace

To discuss the legal implications of cyber warfare and the application of International Humanitarian Law (IHL) in cyberspace, the International Committee of the Red Cross (ICRC) in Pakistan and the Research Society of International Law hosted a round table of experts, “Cyber Security and the Law” on May 17, 2023.

This discussion was held under the banner of the Diplomacy, Law and Policy (DLP) Forum which brings together academia, industry experts, lawmakers and policy professionals on topics intersecting with conflict and international humanitarian law, including cyber warfare, climate crisis and sexual violence among others.

Fifteen participants including a government representative, researchers from law and policy institutions and academics joined the discussion in Islamabad. Multiple topics were covered across three sessions designed to leverage the combined knowledge of the participating experts. A position paper by the state of Pakistan acceding to the application of IHL to cyberspace was approved, while also calling for the "formulation of a legally binding instrument to promote responsible behaviour of states in cyberspace and to regulate the use of cyber and other digital technologies to ensure they will not be violating IHL".

The Government of Pakistan has been very receptive to ICRC's efforts towards policy around cyber. The Ministry of IT & Telecom have welcomed the ICRC's feedback on the National Cyber Security Policy and the Ministry of Foreign Affairs put together Pakistan's position paper on the applicability of international law in cyber space, taking into consideration the ICRC's stance on the subject.

Aamena Gilani, legal adviser at the ICRC.

Beginning with a presentation on applicable provisions of IHL, the first session focused on understanding Pakistan's current cyber security framework. Pakistan is particularly vulnerable to cyber threats and ranks at number 14 out of 18 states in the Asia-Pacific region on the Global Cyber Security Index from 2020. In July 2021, the Federal Cabinet approved Pakistan's first National Cyber Security Policy which was lauded as a step in the right direction. In response to criticism levied against this policy, particularly its inadequacy in addressing the issue of cyber military operations, Babur Sohail, Member Legal of the Ministry of IT & Telecom, said, "There is unclear demarcation of authority between the Ministry of IT and the Ministry of Defence, by which cyber security falls in the former's domain, while cyber warfare and defence fall in the latter's domain."

The second session started with a presentation by ICRC legal adviser Fasya Addina and Mauro Vignati, adviser on new digital technologies of warfare from the ICRC's headquarters in Geneva. They spoke about the development of a digital emblem aiming to protect civilian data from cyber attacks by signifying that the data belongs to civilians rather than combatants. A second round of discussions followed on applicable domestic and international law to cyberspace. The participants agreed that consensus needs to be built among all states as to the applicability of IHL on cyberspace. This can only be done when they have agreed on several unresolved issues and definitions of terms hence the need for a convention for international cooperation was highlighted by the participants.

The round table concluded with recommendations for improving Pakistan's cyber security and cyber defence capabilities. Emphasis was given to prioritize data protection of individuals through monitoring and enforcement of domestic legislation and cyber security regulations for private organizations. There was also consensus on the need of improving digital literacy across Pakistan so that individuals can protect their own data and make informed choices in the digital world. Other recommendations included:

  • encouraging public-private partnerships in developing cyber security standards to bridge the gap between technical expertise and law and policy making
  • developing information sharing infrastructure to facilitate international cooperation in cross-border cases of cyber crimes
  • creating auditing and compliance frameworks for private entities
  • creating accreditation standards to check the integrity of digital products
  • developing a standard of accountability and liability
  • creating Computer Emergency Response Teams (CERTs) to efficiently respond to cyber warfare with clear authority.