Pak FO to seek ISI help against cyber attacks

Pakistan Foreign Office has decided to rope in the country's top spy agency ISI against increasing cyber attacks on its website and servers.
The decision comes after Foreign Office (FO) systems have faced three major attacks by hackers over the past 18 months.
The FO has sought an allocation of Rs 80 million in the next fiscal year's budget for bolstering cyber security and securing its communications with the country's missions overseas, an official told the Senate Foreign Relations Committee yesterday according to a Dawn report.
The money sought for cyber security is 130 per cent more than the additional expenditure that the FO intends to incur on boosting the physical protection of its premises, which is Rs 35 million.

The job will be done by "our premier security agency", the official said in a reference to Inter-Services Intelligence (ISI).
The move comes as the FO strives to counter potential attacks in cyberspace by strengthening its readiness strategy.

Paucity of resources has been identified as one of the reasons behind poor security arrangements of FO's IT infrastructure, the report said.
The request for ramping up expenditure on cyber security implies both a renewed resolve to keep hackers out and a realisation that previous efforts proved to be insufficient.
"We have firewalls in place and our staff is regularly monitoring the situation, but we are continuously under cyber attack... Our website, our emails, our servers have faced attacks," the official explained to the senators.

"We have our own security system, but it is always good to get help from those who are experts," the official said in response to a query from a member as he acknowledged the inadequacy of the existing internal arrangements.
The FO has already used the services of ISI for the security audit of its IT systems.
The official said that ISI might outsource part of the job to its "security cleared contractors", because they too did not have a complete in-house facility.
But, the FO by itself had never used private firms for this purpose, he added.
Some of the committee members had strong reservations on ISI being given the job.

Trying to address the members' reservations, the official said ISI, despite being given the responsibility for fixing cyber security shortcomings, would only have "limited access".
"They cannot ingress our system, but only check from outside," he maintained, adding the different departments had different encryption codes.