The federal government of Pakistan has issued a cybersecurity advisory, cautioning all information technology (IT) and financial institutions, along with regulatory bodies, to avoid collaborating with and using Indian-origin artificial intelligence (AI) and information communication technology (ICT) products.
This advisory highlights the perceived threat posed by such products to Pakistan’s critical information infrastructure (CII).
The advisory, obtained by Geo News, was disseminated to federal and provincial ministries, as well as sectoral regulators. It points out that AI products and services are globally employed by diverse industries, including the financial and banking sectors, to drive business growth.
The document mentions that some fintech firms and banks in Pakistan are currently engaged with Indian-origin companies offering IT products, cybersecurity solutions, and AI services. It underscores that the utilization of Indian security products and solutions presents a constant, concealed, and force multiplier threat to Pakistan’s CII, particularly the banking sector. The perceived threats include the possibility of backdoors or malware in these products, which could collect data traffic analysis, and personal identifiable information (PII). Another concern raised is the potential for direct Indian intrusion into Pakistan’s CII through technical means and access control, enabling passive monitoring.
The advisory advises all federal and provincial ministries and sectoral regulators to raise awareness among their affiliated organizations and licensees about the risks associated with Indian-origin products and solutions. Simultaneously, it encourages authorities to consult with the Pakistan Software House Association (P@SHA) to identify suitable and economical alternatives provided by Pakistani technical companies.
In a related context, it’s worth noting that a US company called Exodus Intelligence had previously alleged that India utilized its “zero-day” security vulnerabilities for spying on Pakistan and China. The company claimed that India had exploited one of these vulnerabilities to gain deep access to Microsoft’s operating system. Consequently, India was cut off from accessing new zero-day research from Exodus Intelligence, and cooperation with Microsoft was initiated to address the vulnerabilities.
Furthermore, in 2020, Pakistan’s intelligence agencies identified a significant security breach involving Indian hackers targeting the devices of government officials and military personnel. The Inter-Services Public Relations (ISPR) reported cyberattacks involving various cybercrimes, including hacking personal mobiles and technical gadgets. Pakistan’s military took measures to enhance cybersecurity and issued advisories to government departments to address security lapses.
This advisory and the concerns surrounding Indian-origin AI and ICT products reflect Pakistan’s efforts to safeguard its critical information infrastructure and mitigate potential security risks.
