Abstract:
The number of connected devices in the world is increasing day by day. This network of interconnected systems, devices, and services is called the Internet of Things (IoT). Besides its numerous advantages, the high adoption rate of IoT in almost all application areas of life sets attractive, often easy targets for cybercriminals. IoT's threat landscape is broader than other conventional networks and systems. The Government of Pakistan has already shown a significant interest in the IoT. In this regard, the Ministry of Information Technology and Communication Pakistan also released a Regulatory Framework for IoT and SR Devices, but this is a licensing framework to enable the development of IoT and does cover its cybersecurity aspects.
The “National Cyber Security Policy” of Pakistan also lacks IoT specific security suggestions and is a broader security suggestion document. This can potentially lead to an insecure IoT environment and malicious activities in the IoT ecosystem of Pakistan. After analyzing this critical gap in national security, a Security Policy Draft for IoT Devices in Pakistan is proposed in this research after analyzing various international standards and deriving best practices. This draft aims to cover key security challenges faced by the IoT and propose solutions to them. This research also suggests an implementation framework for the policy that can be rolled out in three stages.
