E-Paper | April 01, 2025

No need for NCCIA

Khawaja Khalid Farooq Published May 4, 2024
The writer is a retired inspector general of police and ex-head of the National Counter Terrorism Authority
The writer is a retired inspector general of police and ex-head of the National Counter Terrorism Authority

THE Establishment Division had earlier endorsed the setting up of a national agency to tackle cybercrime. The creation of the National Cyber Crime Investigation Agency (NCCIA) as a separate entity from the Federal Investigation Agency (FIA) has now become a reality. It raises concerns that go beyond the duplication of efforts and resources, the move may also gravely affect citizens’ right to privacy, which seems to have been overlooked in the rush to bolster cyber defences.

The FIA has had a cybercrime wing dedicated to handling issues related to cybersecurity. This suggests that there is already a framework, with the requisite set of capabilities, in the country to deal with cyberthreats.

Creating the NCCIA to replace the FIA’s cybercrime wing could result in an overlap of responsibilities, leading to bureaucratic inefficiencies and confusion. There were questions whether the cybercrime officers of FIA would continue with the NCCIA. If they did, would it be different from continuing with the FIA and doing the job they were already doing? If they did not, why would the government want to waste trained human resource and make efforts to train others, not to mention waste other resources spent on this training? Does that make any sense at a time of economic crunch? As it turns out, existing personnel will continue with their duties for a year until staff is appointed at the NCCIA.

Even during this interim period, it would be crucial to avoid duplication of duties and inefficiency as the NCCIA starts functioning. Clear legislative frameworks would have to define the roles and responsibilities of those involved in cybersecurity, and would have to include protocols for inter-agency collaboration and information sharing. Without responsibilities clearly delineated, jurisdictional disputes could hinder the swift action required in cybersecurity operations. It is evident then that introducing another agency to handle cybercrime will add layers of bureaucracy, potentially slowing down decision-making processes and response times to cyber incidents.

The NCCIA’s creators did not provide a clear reason for why the FIA’s efforts were insufficient to meet cybersecurity needs.

The establishment of any new agency requires significant investment in terms of funding, resources, and time for development and operational readiness. Similarly, operationalising the NCCIA would involve significant financial outlay to set up new infrastructure, hire specialised personnel, and develop new protocols. Given the FIA’s existing infrastructure and expertise in cybercrime, enhancing and scaling its capabilities would have been more cost-effective and efficient than starting afresh with the NCCIA.

This approach would have avoided extra expenditure and kept to a streamlined allocation of scarce cybersecurity resources — Pakistan does not need experiments during a financial crisis. Thus the resources spent on the NCCIA would have been more effectively utilised in strengthening and expanding the capabilities of the FIA’s cybercrime wing, for enhanced training, technology upgrades, and international collaboration to bolster effectiveness.

In the rush to form it, the creators of the NCCIA did not provide a clear justification for why the existing efforts and mechanisms within the FIA were insufficient to meet the country’s cybersecurity needs. Without clear evidence of the FIA’s inadequacies in this area, the necessity of establishing the NCCIA will be questioned.

The creation of a separate agency will lead to the loss or dilution of talent and efforts that could otherwise have been concentrated within a single, more robust entity. This could weaken the country’s overall cybersecurity posture rather than strengthening it. Also, FIA’s now defunct cybercrime wing might already have been collaborating internationally, with a sound reputation in the field of cybersecurity. The NCCIA will need to rebuild these relationships and prove their effectiveness, which could take considerable time and effort.

The expansion of cybersecurity efforts must be balanced with the protection of citizens’ privacy rights. The establishment of new agencies like the NCCIA raises questions about oversight mechanisms and safeguards against overreach. There’s a risk that in the pursuit of cybersecurity, privacy rights could be compromised without stringent checks and balances in place.

Ensuring robust privacy protection would include transparent operations, judicial oversight, and mechanisms for accountability. The government should engage with stakeholders, including civil society, the tech industry, and the public, in a discourse about balancing cybersecurity measures with privacy rights. This would help in the formulation of policies that are both effective in countering cyberthreats and being respectful of individual freedoms.

The conversation around cybersecurity in Pakistan focuses heavily on strengthening defences and prosecuting cybercrime and does not sufficiently address the right of privacy of citizens. This omission is concerning, as the effectiveness of cybersecurity measures should not only be gauged by their ability to counter threats but also by their adherence to democratic values and human rights, including privacy. In the cybersecurity rush, let us not become an intrusive state that peeps into citizens’ lives unnecessarily and for less-than-noble purposes.

Efforts to raise public awareness about cybersecurity and to educate citizens on how to protect themselves online can be carried out effectively without the need for a new agency. Existing institutions, including the FIA and educational organisations, could have spearheaded these initiatives, as highlighted by the success of Pakistani teams in international competitions under the current framework. In the recently held Black Hat cybersecurity competition in Saudi Arabia, for instance, Pakistani teams performed quite well. This shows a latent pool of talent already in country which could be expanded in the right direction.

In conclusion, while strengthening cybersecurity is imperative, the approach should not focus on creating new entities like the NCCIA but enhance existing structures, while ensuring that these measures do not infringe on privacy rights. The creation of the NCCIA can be regarded as an unnecessary move that will not only duplicate existing efforts and resources but will also divert attention and funds from organisations like the FIA, which already possess a solid base for cybersecurity operations.

The writer is a retired inspector general of police and ex-head of the National Counter Terrorism Authority.

X: @Kkf50

Published in Dawn, May 4th, 2024

Newspaper

Read more

On DawnNews
Dawn News English

Latest Stories

dawn images site

Most Popular

01
02
03
04
05
06
07
08
09

Must Read

Opinion

First line of defence

First line of defence

Maleeha Lodhi
Pakistan’s foreign service has long needed reform to be able to adapt to global changes and leverage opportunities in a more multipolar world.

Editorial

Eid amidst crises
Updated 31 Mar, 2025

Eid amidst crises

Until the Muslim world takes practical steps to end these atrocities, these besieged populations will see no joy.
Women’s rights
31 Mar, 2025

Women’s rights

Such judgements, and others directly impacting women’s rights should be given more airtime in media.
Not helping
31 Mar, 2025

Not helping

THE continued detention of Baloch Yakjehti Committee leaders — including Dr Mahrang Baloch in Quetta and Sammi ...
Hard habits
Updated 30 Mar, 2025

Hard habits

Their job is to ensure that social pressures do not build to the point where problems like militancy and terrorism become a national headache.
Dreams of gold
30 Mar, 2025

Dreams of gold

PROSPECTS of the Reko Diq project taking off soon seem to have brightened lately following the completion of the...
No invitation
30 Mar, 2025

No invitation

FOR all of Pakistan’s hockey struggles, including their failure to qualify for the Olympics and World Cup as well...