Pakistan Digital Post

The Pulse of Pakistan's Digital Future

Pakistan Orders Shift of Government Websites to Local Data Centres Under New Cybersecurity Framework
Digital Pakistan

Pakistan Orders Shift of Government Websites to Local Data Centres Under New Cybersecurity Framework

ISLAMABAD

The government has decided to gradually relocate government websites and digital services hosted overseas to data centres inside Pakistan under a new national cybersecurity framework aimed at strengthening digital sovereignty and protecting critical public infrastructure.

The National Cyber Emergency Response Team (NCERT) has prepared the Pakistan Information Security Framework, outlining mandatory security standards for government institutions, including the phased migration of official websites and applications to locally hosted data centres.

According to the framework, the move is intended to improve cybersecurity, regulatory oversight and national control over government digital systems while reducing reliance on foreign-hosted infrastructure.

Government data centres will be required to deploy advanced firewalls, continuous cyber monitoring systems and threat detection mechanisms, while institutions must maintain secure backups, conduct regular vulnerability assessments and undergo annual third-party cybersecurity audits.

The framework also requires data centres to establish Security Operations Centres (SOCs) and implement modern cyber monitoring capabilities to detect and respond to security incidents in real time.

Government email services will be required to adopt stronger protections against phishing, spam and malware, alongside mandatory multi-factor authentication for administrative and webmail access. Backup systems, email archiving and domain authentication technologies will also become compulsory.

All government web applications must be developed using secure software development practices, supported by strong authentication mechanisms, routine security assessments, penetration testing and timely remediation of identified vulnerabilities.

The framework further places responsibility on government agencies to oversee the cybersecurity compliance of software developers, hosting providers and cloud service vendors handling public-sector systems.

In addition, government data centres will be required to maintain backup power systems, generators and continuous environmental monitoring, while implementing safeguards against fire, flooding, water leakage and other physical risks. Regular testing of environmental control systems, preventive maintenance and incident investigations have also been made mandatory as part of the government’s risk management strategy.

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *