Pakistan federal ministries have been instructed to strengthen the security of the government’s e Office system within 30 days following a cybersecurity advisory issued by National CERT. The advisory was circulated to 43 ministries and key government departments as part of efforts to protect critical digital infrastructure used for official communication and document management. Authorities raised concerns about potential cyber threats targeting government platforms and urged immediate action to improve system security, access control, and monitoring capabilities across federal institutions.
National CERT recommended a series of technical and administrative measures aimed at reducing exposure to cyber risks. Ministries have been directed to install Next Generation Firewalls to monitor and control traffic associated with the e Office platform. These firewalls are intended to detect suspicious activity, block unauthorized connections, and improve visibility into system usage. In addition to firewall deployment, departments have been instructed to ensure that access to the e Office system is restricted only to authorized users and approved internal networks. Limiting system connectivity is considered a key step in preventing unauthorized entry attempts and minimizing the possibility of external cyberattacks targeting government systems.
The advisory also recommends isolating the e Office infrastructure from the public internet wherever possible to reduce exposure to external threats. Security experts have long emphasized that separating sensitive government systems from publicly accessible networks can significantly reduce the risk of malicious activity. Authorities also advised implementing strict access control mechanisms that limit user privileges based on operational requirements. Measures such as IP address whitelisting will allow only trusted networks to access the system, further strengthening defensive layers around government digital platforms.
In addition to infrastructure security, National CERT emphasized the importance of strengthening cybersecurity governance across ministries. The advisory recommends appointing a Director of Cyber Security in every ministry to oversee security strategy and policy implementation. Alongside this role, a dedicated cybersecurity team is expected to be established within National Information Technology Board to support monitoring, coordination, and incident response activities. Officials believe these steps will help improve coordination between departments and ensure consistent application of cybersecurity policies across government institutions.
Director General National CERT Dr. Haider Abbas formally communicated the security recommendations to federal ministries, highlighting the importance of protecting sensitive government data and maintaining secure digital operations. Director National CERT Khurram Javed has been tasked with coordinating with ministries and departments to ensure implementation of the advisory within the specified timeline. Authorities stated that close monitoring will be carried out during the 30 day period to ensure that the required security improvements are completed.
The advisory also includes specific requirements for user authentication and device security. All government email and e Office users are required to adopt strong password practices combined with two factor authentication to reduce the likelihood of unauthorized account access. Authorities emphasized that compromised credentials remain one of the most common methods used in cyber intrusions. Implementing additional verification layers is therefore considered essential to strengthen protection against unauthorized logins and credential misuse.
Another key requirement focuses on limiting system access to approved devices and trusted networks. Ministries have been instructed to ensure that only authorized hardware and controlled network environments can connect to the e Office platform. The use of unauthorized virtual private networks has been prohibited unless explicit approval is obtained from National Information Technology Board. This restriction is intended to prevent unknown network routes from accessing sensitive government systems and reduce the risk of covert infiltration attempts.
Departments have also been directed to strengthen endpoint security across all devices connected to government networks. This includes installing antivirus protection, applying regular system updates, and ensuring that operating systems and applications remain patched against known vulnerabilities. Compliance with cybersecurity policies issued by National CERT and National Telecommunication and Information Security Board has been made mandatory as part of the advisory. Officials stated that these measures are designed to prevent malicious activity, protect official data, and maintain secure digital services across the federal government infrastructure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
