NTI 2020 and Pakistan’s Cyber Preparedness

In the contemporary global strategic affairs, nuclear safety and security are widely perceived as the fundamental for any country to be recognized as a responsible nuclear state. Over time, the parameters of the nuclear safety and security have changed considerably. The emergence of sophisticated technologies has become one of the leading factors that contribute to the change in the dynamics of nuclear security. It includes all those technologies that are related to computers and computing systems. Presently, the major intimidations which states have been facing from emerging technologies are the cyber threats. The Nuclear Security Index (NTI) Report 2020 has also highlighted the importance of cyber technology for nuclear safety and security. In this regard, the NTI has taken into consideration the various security measures taken by the states that possess the weapon usable nuclear material. The assessment is aimed at critically identifying the emergent cyber threats to nuclear security.

In general, the NTI report has highlighted some of the basic elements for theft and sabotage of nuclear-related materials. For instance, the assessment of the number of sites, security control measures, gauging of risk environment, global norms, and abiding by domestic commitments. The NTI report 2020 has taken into consideration some key ‘Security and Control Measures’. These include; on-site physical protection, prevention of insider threat, response capabilities, and security culture. It has analyzed nuclear safety and security from a new perspective. There has been an emphasis on the need of adopting new tools and indicators to measure the security of the nuclear infrastructure. It further highlights that countries that possess weapon usable nuclear material are improving cyber security regulations following the rapidly changing cyber threats to nuclear facilities. Although NTI suggests such measures the growing cyber threats to nuclear facilities still need a firm global response. In this regard, the integration of cyber security, physical protection, and protection critical of digital assets from cyber-attacks, creating awareness of cyber threats, and training of personnel with cyber risk scenarios are significant. Such frameworks are aimed at addressing the prevention of insider threat, the establishment of security culture, control and accountability procedures, physical protection, and response capabilities.

In the same vein, according to the report, to integrate physical protection and cybersecurity, and to protect critical digital assets, including systems related to physical protection, control, accounting, and safety of improved cyber tools, watchdogs are required at facilities to protect against cyber-attacks. The potential for cyber-attacks at nuclear facilities, as well as combined cyber-physical attacks should be taken into consideration while threat assessments. To identify weaknesses and to make continuous improvements, ‘Threat Tests and assessments’ are required regularly to identify weaknesses and to make continuous improvements.

Among countries with weapons-usable nuclear materials, Australia for the third time has been ranked at the first position in the sabotage ranking and for the fifth time for its security practices. Likewise, New Zealand and Sweden stand first in the ranking for countries without materials. It is very pertinent to highlight here that Pakistan’s commitment towards nuclear safety and security, has also been duly acknowledged. In this regard, since Pakistan has adopted new on-site physical protection and cyber security regulations, it has been appreciated in the index. This would likely further improve Pakistan’s existing insider threat prevention measures. Nevertheless, the 2020 NTI report has ranked Pakistan among the countries that have nuclear materials but its adherence to nuclear safety and security has been vindicated.

It is worth mentioning here that in the theft ranking for countries with nuclear materials, Pakistan has improved its ranking by an overall score of 7 points. In this regard, Pakistan has made major progress in the ‘Security and Control Measures’ category with an incredible (+25) points based on the new regulations. Also, Pakistan has improved in the Global Norms category with (+1) points. The strengthened laws and regulations have provided sustainable security benefits and resulted in improving Pakistan’s overall score. Moreover, Pakistan’s improvement in the Security and Control Measures category is quite significant. Over time, by improving +8 points in 2014, +2 points in 2016, and +6 points in 2018, Pakistan has steadily improved in the Security and Control Measures category. Owing to new regulations for on-site physical protection its score has improved since 2014. Whereas since 2018; the insider threat protection has also improved. When the report was first launched in 2012, since then Pakistan, unlike other states has improved its score in the security and control measure category with 25 points. This is an incredible improvement as it is the second-largest improvement among the related states.

At the national level, Pakistan has taken various initiatives including; the establishment of Cyber Forensic Laboratory at the National University of Science and Technology (NUST), and the Computer Emergency Response Team (PAK-CERT) to deal with cyber-related threats. Furthermore, the National Centre for Cyber Security at the Air University also aims at making cyberspace of Pakistan more secure. It has affiliated Research and Development Laboratories working on projects related to network security systems and smart devices. To maintain such a status, in the longer term, Pakistan needs to further expand the scope of its existing national cyber policy framework. This would enhance Pakistan’s capabilities to tackle cyber threats to nuclear security in a more efficient way.    

Hence, the emergence of cyber threats to nuclear security both at the regional and the global levels needs to be addressed with greater cooperation among the states. Likewise, it is also essential to address the human factor for cyber security when insiders could unwittingly introduce or exacerbate cyber vulnerabilities. Pakistan needs to further enhance the role and increase the capacity of its specialized cyber workforce. In this regard, if required, the number of highly skilled technical staff may be increased keeping view of the emergent cyber threats to the nuclear facilities. After acknowledgment of Pakistan’s efforts in the NTI report 2020, this would further add to its compliance with the international practices of nuclear safety and security. Furthermore, regular training workshops for personnel should be organized. Pakistan must go for cooperation with other states to strengthen the global nuclear security framework. This would add to the international reputation of Pakistan as a responsible nuclear state. Nevertheless, Pakistan has improved a lot in the realm of cyber security and also improved the cyber-surveillance systems and watchdogs’ frameworks. A broader National Cyber Security Strategy is the need of the hour to further strengthen the already established cybersecurity framework that would cover nuclear security as well.

Basma Khalil
Basma Khalil
Ms Scholar At Air University Islamabad, Pakistan