National security is high on Pakistan’s national agenda but in the increasingly complex threat milieu, cyber security gets obscured by issues of more pressing in nature. There is no gainsaying the fact that we ignore this vital subject only at our own peril. Internet has truly made the world a global village. Connectivity has made life simpler at different planes, ranging from the personal to official, but it also created a number of vulnerabilities. Cyberspace has become the fifth dimension of warfare. In the absence of international cyber treaties and agreements states are actively carrying out pervasive surveillance against friends and foes and launching devastating cyber-attacks. Terrorists are using cyberspace for recruitment, funding and propaganda. Criminals are having a field day in siphoning off millions of dollars from online ecommerce activity; the kid in the basement and freelancers high on digital adrenaline are hacking just for the kicks of it.
Such threats need to be responded to by coordinating cyber security activities at the national level. Robust cyber governance bodies needs to be created at all levels. Cyber leaders and advisors need to craft effective policies and enact legislations to counter the ill-effects of debilitating cyber-attacks i.e. disruption of communication services and damage to command and control systems that cause the government to malfunction and make the businesses and industry lose hours of productivity among other things. Unfortunately, Pakistan is way behind other nations in putting its cyber act together.
This paper discusses the voids at the policy planning level and suggests proposals to come up with a suitable strategy to respond to the emerging cyber challenges.
Keywords: National Security, Cyber Security, Cyber Policy, Cyber Budget.
*The author is the associate dean Centre for International Peace and Stability (CIPS) at the National University of Sciences and Technology (NUST). He has written several papers on cyber security and has authored a book titled Cyber CBMs between Pakistan and India.
In the age of cloud computing and Internet of things, cyber security has acquired added importance. Unfortunately this important facet of the modern life has not attracted the kind of attention that it deserves in Pakistan. There are a number of reasons for this official neglect. The purpose of this paper is to highlight the importance of cyber security in the contemporary world and how and why it is being ignored in our country. The article will be rounded off by some suggestions that I consider pertinent in this regard.
From time to time cyber security has made an appearance in the national debate. Most of it has revolved around the problems that the government is facing in convincing the opposition to accept the Cyber Crime bill aka Prevention of Electronic Crimes (PEC) Bill warts and all. Recently the government was able to push it through the lower house on a day, with suitable amendments. Many are already dubbing it as a controversial piece of legislation. Digital right activists have been particularly active campaigning to stall the bill. The main criticism against the bill is that it is restrictive in nature and would intrude into the digital rights of the citizens. A number of sentences outlined in this bill against cyber offences such as spamming have been found unduly harsh by digital rights activists. The brouhaha caused over the PEC has actually diverted the attention of all concerned from the real issue at hand i.e. cyber security.
I met the minister of IT about a year back to present her my book Cyber CBMs between Pakistan and India. The minister is currently piloting the PEC bill in the national assembly. To my pleasant surprise, she was gracious enough to give me an immediate audience. After I had thanked her and presented her my book, I broached the subject of cyber security. The minister was candid enough to admit that the issue had not blipped on the government’s radar. I could quite understand because at that particular moment in our national history the government was involved full time in containing the toxic fallout from the protest dharnas (sit ins) organized by the Pakistan Tehreek-e-Insaf (PTI) from spreading from Ground Zero in D Chowk next to the Constitution Avenue to other corners of the country. Quite interestingly, the PTI had made effective use of the social media to mobilize and sustain their agitation for three long months. So the government was actually ignoring the threat emanating from the cyberspace at its own peril. The second thing that came up in our discussion was the issue of responsibility i.e. who was supposed to look after the cyber borders, if at all there is such a thing in digital space. The minister wasn’t sure whether it fell in her domain or that of the Ministry of Interior or that of the Ministry of Defence or the intelligence agencies. She was again right; cyber space is the collective responsibility of a number of ministries and departments and needs joint ownership. The correct person to deal with cyber issues in the minister’s mind was Senator Mushahid Hussain Syed. The senator is well known for his advocacy of cyber security and in his capacity as the Chairman of Senate’s Defense Committee he had been instrumental in organizing Policy Seminar on Cyber Security, establishment of Cyber Security Task Force and publication of a manual for journalists for awareness in cyber issues. It goes to his credit that due to his keen interest in the subject I had invited him as chief guest for the launching ceremony of my book on cyber CBMs. Mr Syed’s credentials as a champion of cyber security notwithstanding, it is rather discomfiting to note that the minister was willing to cede space on an important issue of national security to a person, who being a member of the opposition wields limited political influence or clout to put cyber security in the limelight.
In any given country, security usually figures high on the national agenda. It is after all the primary responsibility of a government to provide security to the state and its citizens. No government can afford to shirk the responsibility of not ensuring national security. Outsourcing it to someone else can amount to bartering away the nation’s sovereignty. The duty of the government to protect the life and limbs of its citizens is enshrined in the constitution under article 9. Several other articles of the constitution make it incumbent upon the government to ensure the nation’s integrity and security. Security covers a wide spectrum of issues. Inter alia it includes territorial integrity, political sovereignty, economic autarky, self sufficiency in food and energy, environment protection and in the modern age and era cyber security. There is a realization among the informed circles in Pakistan that cyber security has yet to find a niche for itself in the pantheon of national security.
In dispensing its duty to ensure national security, the government is assisted by the parliament, so that no law is passed that simultaneously safeguards the interests of the state and protects it from external aggression and internal turmoil, while ensuring the civil rights and liberties of its citizen. To ensure that the writ of the state extends all over its sovereign territories, it uses all instruments of the sate such as the armed forces and law enforcement agencies and the judiciary to implement its national security mandate. A citizen owing allegiance to a state is required to support the government in this sacred duty. The ability of the government to provide security to its citizens depends upon its national power potential, which is directly proportional to its political power, diplomatic influence, economic capacity and military might. A number of governments including Pakistan arrogate the responsibility of coordinating national security matters to the National Security Council (NSC). In Pakistan this forum brings together the civilian and military leadership so that they are on one page insofar as national security is concerned. The Pakistani NSC has as its members the President, the Prime Minister, the Chief Ministers of all provinces, the Chairman Senate, the Leader of Opposition in the Parliament and all the services chiefs. The idea of NSC in Pakistan was first conceived in 1969. Its principal mandate is to advise and assist the president and prime minister on national security and foreign policies. The NSC was re-created by General Pervez Musharraf in April 2004 under the NSC Act. Its status was downgraded by the PPP government but it has experienced a revival under the incumbent PML (N) government. The appointment of retired Lieutenant General Nasir Khan Janjua to the office of the National Security Advisor in 2015 is considered as an enhancement in the stature of the office. There are several other bodies that are supposed to look into national security matters. These include cabinet and parliamentary committees. These bodies such as the Cabinet Committee on National Security (CCNS) have been accused of underperforming.
All security issues need to be seen through the prism of a comprehensive security policy. Such policy should be supported by four essential pillars. First and foremost only a strong leadership with the backing of the authorities concerned can provide strategic vision and across the board coordination on security matters entrusted to them. Secondly, a policy framework needs a clear cut and precise mission statement. Thirdly, to execute the vision and mission there is a need for adequate material and human resources. Fourthly the managers of any enterprise needing security must be equipped to operate under a clear and unambiguous set of rules and regulations that they can enforce firmly. These principles are necessary in all issues concerning security.
There is no comprehensive security policy in Pakistan that covers matters related to internal and external threats. The defence policy and the National Internal Security Policy (NISP) address these threats separately. The defence matters are dealt with by the Ministry of Defence (MOD), while those of the internal security are the responsibility of the Ministry of Interior (MOI). The first NISP prepared by the MOI was made public in 2014. While it primarily concerned itself with the issue of terrorism, it totally ignored cyber security. The defence policy of Pakistan remains the preserve of the armed forces, and is usually shrouded in veils of official secrecy.
Cyber security is meant to provide protection of personal, professional and official data. The entire gamut of cyber security means protecting, detecting and responding to attacks directed against computers and servers storing private and official records; personal computers and cell phones; entertainment gadgets like digital cable, mp3s; intelligent systems controlling the means of travel like car engines and airplane navigation systems; online electronic shopping stores and credit cards etc. There are several definitions of cyber security. One offered by the International Telecommunication Union (ITU) states:
Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following:
- Integrity, which may include authenticity and non-repudiation
Cyber security refers not only to the protection of official and personal computer and data processing infrastructure and operating systems (OS) from harmful interference but also the protection of critical infrastructure. In fact defining what is national critical infrastructure and how to defend it on the digital fund occupies the attentions and energies of most developed countries. Large sums of monies are actually devoted for this purpose.
Cyber attacks can result in long down times that can momentarily or for the long term disrupt the decision making loop. There are minor irritations like the defacement of official and private websites. Major disruptions can be caused crashing of servers or loss of huge amounts of data. Cyber attacks can cause not only psychological trauma but also physical damage and financial losses and acute loss of faith in a system. It can cause panic among the people, collapse of a system and paralysis at the highest echelons of decision making.
Cyberspace is not the sole preserve of state actors. It is open territory for non-state actors, criminals, freelancers and the kid in the basement to operate with impunity. This makes it all the more difficult to forensically retrace the trail of a cyber attack and attribute it to a particular person or entity. Many times the actual source of attack is an insider within the organization with the urge to settle a score or satisfy an ideological leaning. It is difficult to mount a cyber counter attack because of problems related to attribution, absence of set rules of engagement the proportionality of the response. International norms and rules on the subject are hazy but countries and organizations have crafted laws to persecute those interfering with their digital systems. The issue of information security has been on the UN agenda since the Russian Federation in 1998 first introduced a draft resolution in the First Committee of the UN General Assembly. It was adopted as A/RES/53/70 without a vote. The matter has, however, not been sent to the UN Security Council. A UN security resolution would make it binding on member states. As mentioned earlier in the text Pakistan is still struggling to get a seal of approval on its Cyber Crime Law from the parliament.
The US government, as do many others, attach great importance to cyber security. President Obama has stated on record that:
America’s economic prosperity, national security, and our individual liberties depend on our commitment to securing cyberspace and maintaining an open, interoperable, secure, and reliable Internet. Our critical infrastructure continues to be at risk from threats in cyberspace, and our economy is harmed by the theft of our intellectual property. Although the threats are serious and they constantly evolve, I believe that if we address them effectively, we can ensure that the Internet remains an engine for economic growth and a platform for the free exchange of ideas.
Five things uppermost in US administration’s priorities on cyber security are:
- Protection of the critical infrastructure.
- Improving the ability to identify and report cyber incidents to carry out a timely response.
- Engaging with international partners to promote internet freedom and build support for an open, interoperable, secure, and reliable cyberspace.
- Securing federal networks by setting clear security targets and holding agencies accountable for meeting targets.
- Shaping a cyber-savvy workforce.
In February, 2013, President Obama signed the Executive Order 13636 on “Improving Critical Infrastructure Cybersecurity.” A host of other documents clearly give out the US government’s position on cyber security such as the Cybersecurity Framework, a guide developed collaboratively with the private sector for private industry to enhance their cybersecurity. The US International Strategy for Cyberspace includes plans to develop international norms of behavior in cyberspace, promote collaboration in cybercrime investigations (Mutual Legal Assistance Treaty modernization) and international cybersecurity capacity building. The Cybersecurity Cross Agency Priority (CAP) Goal represents the US Administration’s highest cybersecurity priorities for securing unclassified federal networks. Other important documents have been listed as under:
- · Presidential Policy Directive 28 (PPD-28) “Signals Intelligence Activities,” 2014.
- Presidential Policy Directive 21 (PPD-21) “Critical Infrastructure Security and Resilience,” 2013.
- Presidential Policy Directive 8 (PPD-8) “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information,” 2011.
- Cyberspace Policy Review, 2009.
Cyber Security Models
Most countries of the world have designated organization or organizations to deal with national cyber security needs. The leadership is usually assigned to powerful and influential people with direct access to the country’s chief executive. Adequate sums of money are allocated for cyber security and clear cut policy guidelines exist for cyber security manager. A lot of time, money and effort are invested to secure the national critical infrastructure.
The Office of the National Cyber Security Coordinator is on top of the US cyber security food chain. The cyber security czar has direct access to the president. Currently Michael Daniel, a Special Assistant to the President is the Cybersecurity Coordinator.  Four agencies in the US are responsible for cyber security i.e. Department of Homeland Security (DHS), the National Security Agency (NSA) and the Cyber Command or Cybercom. The DHS more or less resembles the Ministry of Interior in Pakistan and was created after the 9/11 attacks. Its mandate includes the protection of the national critical infrastructure. In the US most of the national infrastructure like the electricity grid, water works, railways and airlines are controlled through Supervisory Control and Data Acquisition (SCADA). This remotely monitors and controls and operates systems with coded signals over communication channels and extremely vulnerable to cyber attacks. A designated Cyber Emergency Response Team (CERT) under the DHS provides a united response to any cyber emergency. The NSA and Cybercom carry out cyber surveillance and offensive cyber operations respectively. Both these organizations are being run by the military. The NSA and the Central Security Service (CSS) leads the US Government in cryptology that includes both Signals Intelligence (SIGINT) and Information Assurance (IA) to provide it a decisive edge in Computer Network Operations (CNO).  The NSA won international notoriety after the Snowden leaks. US Army Cybercom and 2nd Army “directs and conducts integrated electronic warfare, information and cyberspace operations,” to “ensure freedom of action in and through cyberspace and the information environment, and to deny the same” to its adversaries.
Last year President Obama sought $14 billion for cybersecurity efforts “to better protect federal and private networks from hacking threats budget proposal for the 2016 fiscal year.” The size of the budget goes to show the importance that the US attaches to this important matter of a national security.
In Australia, the lead agency in cyber security is the Australian Cyber Security Centre (ACSC). “This Centre brings cyber security capabilities from across the Australian Government together into a single location. It is the hub for private and public sector collaboration and information sharing to combat cyber security threats.” CERT Australia looks after national computer emergencies in Australia. In the UK computer emergencies are handled by Cert-UK. The Office of Cyber Security & Information Assurance (OCSIA) in the UK is entrusted with supporting the ministers and the NSC “in determining priorities in relation to securing cyberspace.”
The unit provides strategic direction and coordinates the cyber security program for the government, enhancing cyber security and information assurance in the UK. The OCSIA works with other lead government departments and agencies such as the Home Office, Ministry of Defence (MOD), Government Communications Headquarters (GCHQ), the Communications-Electronics Security Department (CESG), the Centre for the Protection of National Infrastructure (CPNI), the Foreign & Commonwealth Office (FCO) and the Department for Culture, Media & Sport.
In India the prime minister appointed Gulshan Rai as the first cyber security chief in 2015. This position has been created within the Prime Minister’s Office (PMO). Before he took over his new charge, Rai was heading CERT India. India has a number of cyber security cooperation forums with other countries of the world. They have a regular cyber security dialogue with the US that was resumed in 2015. In the joint declaration released after the last cyber dialogue, it was announced that “to increase global cybersecurity and promote the digital economy, the United States and India have committed to robust cooperation on cyber issues.” The Indian Computer Emergency Response Team (CERT-In) has signed three pacts for cyber security cooperation with counterparts in Malaysia, Singapore and Japan. In 2015, the Government of India allocated Rs 775 crores for cyber security, which experts in their country have termed as “woefully inadequate.”
Cyber Security in Pakistan
Pakistan is one of the most spied upon country in the world through inter alia cyber means. Countries carrying out electronic surveillance include friends as well as foes e.g. US is one of those countries that actively spies upon Pakistan. It was reported in the press that before last year’s landmark visit of the Chinese President that the computers at the Pakistan Foreign Office (FO)’s China desk had been hacked. Although a FO spokesperson was quick to deny that anything of the sort had happened it was enough to erode to erode the confidence of the public in the safety and security of our official data. Actually more troubling are Edward Snowden’s allegations that UK alone has acquired vast amounts of communications data from inside Pakistan by secretly hacking into routers manufactured by the US based company Cisco.  It is unfortunate that the issues like these have not been raised with the government concerned. In fact London remains one of the most favorite destinations of our politicians and we’re still an ally in good standing of the US. For this and other reasons cyber security receives scant attention from those who matter.
There are clearly identifiable hurdles in establishing a meaningful cyber security architecture in Pakistan e.g. at the top of the pyramid there is no central authority to coordinate on cyber security matters and advise the prime minister about emerging cyber threats. There is a palpable lack of awareness within the policymaking circles. Apart from the cyber crime bill that is making slow progress in the parliament, there is no clear cut policy on the subject of cyber security. The cyber security stake holders are not clearly defined and their turfs not properly marked out. There is no PK-CERT and no funds clearly allocated for cyber security purposes. The Federal Investigation Agency, the FIA has a National Cyber Response Centre for Cyber Crime (NR3C) but its mandate is limited and it does not qualify to undertake emergency responses in case of a computer emergency. Pakistan is represented at the Group of Governmental Experts on Information Security at the UN but their participation at this forum is only a matter of conjecture. Their reports are not shared on the public forum.
There is no mechanism of interstate understanding or sharing of best practices on regional basis. The Bangladesh central bank just lost 81 million dollars because of a cyber heist, but one is not sure if the State Bank of Pakistan issued any instructions to avoid a similar occurrence in our country or if any kind of advice was sought from Bangladeshi counterparts on the subject or from SWIFT, the international banking forum through whose portals the request on Bangladesh’s foreign exchange reserves was made. In fact there is no coordination or collaboration in the South Asian region or the member countries of the South Asian Association for Regional Cooperation (SAARC). This is in stark contrast to the active collaboration among the countries of the Association of East Asian Nations (ASEAN) on cyber security collaboration.
Pakistan has a very huge and talented human resource. Two Pakistani brothers from Lahore have the dubious honor of creating the first computer virus known as Brain. It was their revenge from customers illegally selling copies of the software developed by them. The ‘friendly virus’ that they wrote was stamped with their names, phone numbers and the address of their shop to let the victims know that they were doing so only to ensure their copyrights. Some of the best IT graduates are being produced in universities like National University of Sciences & Technology (NUST) and National University of Computers & Emerging Sciences (FAST-NU). The only thing that we lack is direction and policy and that is not possible without good cyber managers and planners. Most people at the top echelons of the security establishment lack the knowledge and vision to properly organize cyber security. Crash courses in cyber awareness to senior government officials and parliamentarians can go a long way in improving the cyber security milieu in Pakistan. Courses can be taught in cyber security management in the universities and it can be made part of the curriculum of the much vaunted national Defence University (NDU) security workshop.
foremost is an urgent need for a well defined national cyber security
architecture. The powers of coordinating all issues related to cyber security
may be vested in the office of a cyber security coordinator working directly
under the prime minister. He may be provided secretarial services by the NSC.
The NSC could be one forum, where all cyber security measures may be discussed.
A cyber task force (CTF) as suggested by Senator Syed may be placed under the
NSC. The mandate of the CTF should include issuing policy guidelines on cyber
security. The creation of PK-CERT is a long outstanding issue. The national
CERT should be established and asked to practice cyber emergency on regular
basis. Cyber funds should be allocated in the national budget and their proper
utilization ensured by the national cyber security coordinator. Cyber security
cooperation with other countries, particularly those belonging to SAARC, is
highly recommended. FO may consider making it an agenda for the SAARC summit
scheduled to be held in Pakistan this year. This form of cooperation should
expand beyond the brief reference made in the joint statement issued after the
prime minister visit to the Whitehouse last year. A cyber security debate in the parliament may
help set up a long term plan.
 Collin Wood, “The Importance of Cybersecurity in the Age of the Cloud and Internet of Things,” Government Technology, October 2, 2014,http://www.govtech.com/security/The-Importance-of-Cybersecurity-in-the-Age-of-the-Cloud-and-Internet-of-Things.html (accessed April 19, 2016)
 Riazul Haq, “National Assembly of Pakistan passed Cyber Crime bill,” The Express Tribune, April 14, 2016, http://tribune.com.pk/story/1083974/national-assembly-approves-cybercrime-bill/ (accessed April 22, 2016).
 “Bolo Bhi’s Meeting and Our Call-To-Action on Cybercrime Bill,” http://bolobhi.org/bolo-bhis-meeting-and-our-call-to-action-on-cybercrime-bill/ (accessed April 25, 2016).
 Lucy Clarke-Billings, “Pakistan Approves Controversial Cyber Crime Bill,” Newsweek, April 14, 2016, http://www.newsweek.com/pakistan-approves-controversial-cyber-crime-bill-447671 (accessed April 19, 2016).
 Tughral Yamin PhD, Cyberspace CBMs between Pakistan and India (2014: NUST Publishing, Islamabad).
 Pakistan Tehreek-e-Insaf, https://play.google.com/store/apps/details?id=com.renzym.pti (accessed April 22, 2016).
 Book Launch, NUST News, Vol. VI, Issue I (Jan-Feb 2015): 11, file:///C:/Users/Administrator/Downloads/NUST%20NEWS%20Jan-Feb%202015.pdf (accessed April 20, 2016).
 Jim Talent, “A Constitutional Basis for Defense,” The Heritage Foundation, June 1, 2010, http://www.heritage.org/research/reports/2010/06/a-constitutional-basis-for-defense (accessed April 20, 2016).
 The Constitution of the Islamic Republic of Pakistan, http://www.parliament.am/library /sahmanadrutyunner/pakistan.pdf (accessed April 20, 2016).
 Saher Baloch, “Cyber security is a matter of national security,” Dawn, December 31, 2015, http://www.dawn.com/news/1229738/cyber-security-is-a-matter-of-national-security (accessed April 20, 2016).
 “Cyber security: Country lags in preparedness: experts,” Express Tribune, December 19, 2015, http://tribune.com.pk/story/1012480/cyber-security-country-lags-in-preparedness-experts/ (accessed April 20, 2016).
 Yasmeen Aftab Ali, “Pakistan’s National Security Council?” Pakistan Today, August 10, 2015, http://www.pakistantoday.com.pk/2015/08/10/comment/pakistans-national-security-council/ (accessed April 20, 2016).
 National Security Council: A Comparative Study of Pakistan and Other Selected Countries, PILDAT, August 2005, http://www.pildat.org/Publications/publication/CMR/nationalsecuritycouncil-comparativestudy.pdf (accessed April 20, 2016).
 National Security Council: A Debate on Institutions and Processes for Decision Making on Security Issues, PILDAT, April 2012, http://www.pildat.org/publications/publication/CMR/NaionalSecurityCouncil-debateonInstitutionsandprocessesfordecisionmakingonsecurityissues.pdf (accessed April 20, 2016).
 Lt Gen (Retd) Nasir Janjua appointed National Security Adviser, The Nation, October 23, 2015, http://nation.com.pk/national/23-Oct-2015/lt-gen-retd-nasir-janjua-appointed-national-security-adviser (accessed April 20, 2016).
 Talat Masood, “Revisiting National Defence & Security Policy,” The Express Tribune, December 24, 2013, http://tribune.com.pk/story/649998/revisiting-national-defence-security-policy/ (accessed April 22, 2016).
 Text of National Security Policy 2014-18, The Nation, February 27, 2014, http://nation.com.pk/islamabad/27-Feb-2014/text-of-national-security-policy-2014-18 (accessed April 22, 2016).
 Wg Cdr Sohail Aman, PAF, “Civilian Participation in the Formulation of Defence Policy,” Defence Journal (April 1999), http://www.defencejournal.com/apr99/civilian-participation.htm (accessed April 22, 2016).
 Definition of cybersecurity, referring to ITU-T X.1205, Overview of cybersecurity, http://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx (accessed April 22, 2016).
 For a greater insight into insider attacks read Salvatore Stolfo, Steven M. Bellovin, Angelos D. Keromytis, Sara Sinclair, Sean W. Smith, Shlomo Hershkop (Eds.), Insider Attack and Cyber Security: Beyond the Hacker (Springer; 2008 edition).
 Bruce S. Schaeffer, Henfree Chan Henry Chan and Susan Ogulnick, Cyber Crime and Cyber Security: A White Paper for Franchisors, Licensors, and Others, http://business.cch.com/franlaw/cybercrime_whitepaper.pdf (accessed April 22, 2016).
 GGE Information Security: Developments in the Field Of Information and Telecommunications in the Context of International Security, UN Office on Disarmament Affairs (UNODA), http://www.un.org/disarmament/topics /informationsecurity/ (accessed April 22, 2016).
 Cyber Security, Foreign Policy, https://www.whitehouse.gov/issues/foreign-policy/cybersecurity (accessed April 22, 2016).
 Cybersecurity – Executive Order 13636, Foreign Policy, https://www.whitehouse.gov/issues/foreign-policy /cybersecurity/eo-13636 (accessed April 22, 2016).
 Cyber Security Framework, NIST, http://www.nist.gov/cyberframework/cybersecurity-framework-faqs.cfm (accessed April 25, 2016).
 International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World, The Whitehouse, May 2011, https://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy _for_cyberspace.pdf (accessed April 25, 2016).
 J. Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, Cross Agency Priority Goal: Cybersecurity FY2014 Q2 Status Update, file:///C:/Users/Administrator/Downloads/Cyber%20Security %20FY14_Q2.pdf (accessed April 25, 2016).
 Presidential Policy Directive 28 Policies and Procedures, https://www.fbi.gov/about-us/nsb/fbis-policies-and-procedures-presidential-policy-directive-28-1 (accessed April 25, 2016).
 Presidential Policy Directive (PPD)-21 Critical Infrastructure Security and Resilience, DHS, https://www.dhs.gov/sites/default/files/publications/EO-13636-PPD-21-Fact-Sheet-508.pdf (accessed April 25, 2016).
 Structural Reforms To Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, Federal Register, https://www.federalregister.gov/articles/2011/10/13/2011-26729/structural-reforms-to-improve-the-security-of-classified-networks-and-the-responsible-sharing-and accessde April 25, 2016).
 Cyber Space Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, https://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf (accessed April 25, 2016).
 White House Author, https://www.whitehouse.gov/blog/author/michael-daniel (accessed April 25, 2016).
 Andrea Shalal & Alina Selyukh, “Obama seeks $14 billion to boost U.S. cybersecurity defenses,” Reuters, February 20, 2015, http://www.reuters.com/article/us-usa-budget-cybersecurity-idUSKBN0L61WQ20150202 (accessed April 25, 2016).
 Varun Aggarwal, Office of Cyber Security and Information Assurance, March 4, 2015, The Economic Times, https://www.gov.uk/government/groups/office-of-cyber-security-and-information-assurance (accessed April 25, 2016).
 Gulshan Rai becomes the first chief of cyber security: post created to tackle growing e-threat, http://economictimes.indiatimes.com/news/politics-and-nation/gulshan-rai-becomes-first-chief-of-cyber-security-post-created-to-tackle-growing-e-threats/articleshow/46449780.cms (accessed April 25, 2016).
 U.S.-India Business Council Applauds Resumption of Cybersecurity Dialogue, Press Release: US India Business Council, http://www.usibc.com/press-release/us-india-business-council-applauds-resumption-cybersecurity-dialogue (accessed April 25, 2016).
 Joint Statement: 2015 United States – India Cyber Dialogue, Press Release of the Whitehouse, https://www.whitehouse.gov/the-press-office/2015/08/14/joint-statement-2015-united-states-india-cyber-dialogue (accessed April 25, 2016).
 India, Malaysia, Singapore And Japan Sign Pacts For Cyber Security, PTI, January 27, 2016,
http://www.ndtv.com/india-news/india-malaysia-singapore-and-japan-sign-pacts-for-cyber-security-1270707 (accessed April 25, 2016).
 Govt allocates Rs 775 crore to combat cyber security threats, PTI, www.business-standard.com/article/pti-stories/govt-allocates-rs-775-crore-to-combat-cyber-security-threats-115042200785_1.html (accessed April 25, 2016).
 Jayadevan PK & Neha Alawadhi, “India’s cyber-security budget ‘woefully inadequate’: Experts,” The Economic Times, January 28, 2015, http://articles.economictimes.indiatimes.com/2015-01-28/news/58546771_1_cyber-security-cert-in-national-cyber-coordination-centre (accessed April 25, 2016).
 “US authorised NSA to spy on Pakistan among 193 countries,” The Express Tribune, July 1, 2014, http://tribune.com.pk/story/729521/us-authorised-nsa-to-spy-on-pakistan-among-193-countries/ (accessed April 26, 2016).
 “Pakistan is facing issue of cyber attack,” Customs Today, May 19, 2015, http://www.customstoday.com.pk/pakistan-is-facing-issue-of-cyber-attack/ (accessed April 26, 2016).
 “UK hacked routers to monitor Pakistan communications data: Snowden,” The Express Tribune, October 6, 2015, http://tribune.com.pk/story/968194/uk-hacked-routers-to-monitor-pakistan-communications-data-snowden/ (accessed April 25, 2016).
 GGE Information Security: Developments in the Field of Information and Telecommunications in the context of International Security, UNODA, http://www.un.org/disarmament/topics/informationsecurity/ (accessed April 26, 2016).
 Serajul Quadir & Karen Lema, “Man in Manila gets $30 million cash from cyber heist; Bangladesh central bank governor quits,” March 15, 2016, Reuter, http://www.reuters.com/article/us-usa-fed-bangladesh-governor-idUSKCN0WH0JF (accessed April 25, 2016).
 “Here’s how Hackers stole $80 million from Bangladesh Bank,” The Hacker News, March 14, 2016, http://thehackernews.com/2016/03/bank-hacking-malware.html (accessed April 26, 2016).
 Jason Kersten, “Going Viral: How Two Pakistani Brothers Created the First PC Virus,” Mental Floss, November 2, 2013, http://mentalfloss.com/article/12462/going-viral-how-two-pakistani-brothers-created-first-pc-virus (accessed April 26, 2016).
 2015 Joint Statement By President Barack Obama and Prime Minister Nawaz Sharif, Whitehouse Press Release, October 22, 2015, https://www.whitehouse.gov/the-press-office/2015/10/22/2015-joint-statement-president-barack-obama-and-prime-minister-nawaz (accessed April 26, 2016).