ISLAMABAD:
The National Computer Emergency Response Team (National CERT) issued a stark warning Tuesday that hostile actors could exploit supply chains to infiltrate critical national infrastructure, calling for immediate system-wide audits and tighter cybersecurity controls.
In a detailed advisory, the authority ordered all public and private institutions to conduct urgent audits of software and hardware, warning that insecure systems could expose power, banking and defense networks to disruption.
The alert followed reports of suspicious foreign software detected in the Islamabad Safe City project, prompting authorities to place affected institutions on high alert and launch a comprehensive scan of national infrastructure systems.
National CERT required software testing to be completed within one week and hardware inspections within two weeks, as well as strict monitoring of suppliers, logistics systems and supply chains to identify potential vulnerabilities.
The advisory warns that even minor errors during sourcing or delivery could trigger large-scale system outages, noting that global supply chains have become a key battleground for cyber sabotage and espionage.
Institutions were tasked with immediately isolating compromised hardware, preserving evidence, and blacklisting vendors for suspicious activity, while ensuring transparency of vendor ownership and procurement processes.
The National CERT advisory also warns against relying on single vendors, highlighting the risk of systemic disruption if a compromised entity affects entire sectors such as the national grid or banking network.
Communications devices, network management tools and industrial control systems have been identified as particularly vulnerable, with warnings that unverified software updates could introduce hidden backdoors into critical systems.
To mitigate risks, organizations have been asked to adopt Zero Trust security models, implement tamper-proof transport mechanisms for sensitive equipment, and promptly report any unusual network activity.
Furthermore, the federal government has established a national threat intelligence sharing system linking the National CERT with the Pakistan Telecommunication Authority (PTA) and the Cyber Division of the Pakistan Army.
The system, built on a Malware Information Sharing Platform (MISP), enables real-time detection and coordinated response to cyber threats, reducing reliance on external intelligence and strengthening national cyber defense.
Officials say the integrated platform will provide early warnings of potential attacks on government, telecommunications and critical infrastructure, while improving interagency coordination and proactive threat hunting.
The warning comes amid growing global concern over supply chain vulnerabilities and follows recent coordinated cyberattacks targeting Pakistani media platforms and the state-owned Pak-Sat satellite, which disrupted television transmissions.
Earlier this month, the National Assembly was told that additional investments in cybersecurity, including the deployment of firewalls, were essential to protect the country’s expanding digital ecosystem, as authorities work to strengthen the protection of national networks.
(WITH NEWS DESK ENTRY)
