National Computer Emergency Response Team has decided to brief senior government officials on the security risks associated with the widespread use of foreign software across government offices and institutions. The move comes amid growing concern over the country’s increasing reliance on imported digital tools for official operations and the potential exposure of sensitive data. Sources familiar with the matter said the initiative is aimed at improving awareness at the highest administrative levels and strengthening decision making related to software procurement and deployment within public sector organizations.
According to information shared by officials, around 80 percent of the software currently being used in government offices and institutions across Pakistan is imported. National CERT views this heavy dependence as a significant security concern, particularly in the context of data sovereignty and control over critical digital infrastructure. The briefing, to be delivered by the Director General of National CERT, will be presented to the Federal Secretaries Committee and will focus on how software developed outside the country can introduce vulnerabilities into government systems. Officials will be informed that foreign software may allow unauthorized access to sensitive information, increase the risk of data leaks, and create dependencies that could enable external influence over important state functions. The session is expected to underline that such risks are not always visible at the time of purchase but can emerge later through updates, hidden access mechanisms, or insufficient transparency in software architecture.
Sources said the Director General will also explain the importance of conducting comprehensive security checks before approving the procurement of foreign software. These checks include technical evaluations, risk assessments, and alignment with national security guidelines. The briefing will emphasize that safety measures should not be treated as a formality but as a core requirement in protecting government data and digital operations. Officials will be advised to consult relevant technical and security authorities before finalizing purchases and to ensure that any software adopted by ministries complies with established cybersecurity standards. National CERT believes that consistent oversight and informed approval processes can significantly reduce the likelihood of cyber incidents linked to third party technologies.
Officials familiar with internal processes noted that many government ministries regularly issue tenders for software solutions and IT systems to support administrative and operational needs. However, senior decision makers often lack a clear understanding of the cybersecurity implications tied to these products. This gap in awareness, sources said, increases exposure to cyber threats and weakens institutional control over digital assets. National CERT aims to address this issue by ensuring that senior officials are better equipped to evaluate risks and ask the right questions during procurement discussions. The planned briefing is also expected to encourage ministries to consider local alternatives where possible and to balance functionality with security requirements when selecting digital tools.
The initiative reflects National CERT’s broader mandate to strengthen Pakistan’s cyber resilience by promoting informed governance and responsible technology use within the public sector. By engaging directly with top level officials, the organization hopes to create a more security conscious approach to software adoption and reduce long term risks associated with unmanaged dependence on foreign digital products.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
