In a major step towards enhancing the country’s cybersecurity readiness at the sub-national level, the Computer Emergency Response Team (CERT) Council has proposed the establishment of six provincial-level CERTs. The move, aimed at decentralizing cybersecurity response mechanisms and improving regional resilience against cyber threats, is now awaiting approval from the federal cabinet, according to sources in the Ministry of Information Technology and Telecommunication.
The six proposed CERTs will operate in Punjab, Sindh, Khyber Pakhtunkhwa (KP), Balochistan, Azad Jammu and Kashmir (AJK), and Gilgit-Baltistan (GB). Once formally approved, the federal government will officially notify these teams, marking a significant expansion in Pakistan’s cybersecurity infrastructure beyond the existing national-level apparatus.
Each provincial government has already designated specific departments to take up the CERT mandate. In Punjab, the Punjab Information Technology Board (PITB) will serve as the provincial CERT. Sindh has entrusted this responsibility to its Science Department, while KP’s CERT responsibilities will be handled by the Khyber Pakhtunkhwa IT Board, in coordination with the already operational KP Computer Emergency Response Center (CERC). Balochistan has also assigned the task to its Science Department. Meanwhile, both AJK and GB have similarly selected relevant local departments to manage CERT operations in their respective regions.
At the national level, the Ministry of IT and Telecom already oversees a National CERT, which currently functions as both the Government CERT and the Critical Information Infrastructure (CII) CERT. This dual role will continue until separate institutional frameworks are introduced to manage these responsibilities independently. The newly proposed provincial CERTs will coordinate with this national framework to strengthen Pakistan’s multi-tiered cyber response capability.
Following their official notification, representatives from the provincial CERTs will be nominated to join the CERT Council, an apex body responsible for shaping national cybersecurity policy and coordination. The 16-member Council is chaired by the Federal Secretary of the Ministry of IT and Telecom, and includes representatives from key ministries such as Defense, Foreign Affairs, and Interior. In a bid to foster holistic and inclusive cybersecurity governance, the Council also features members from academia, civil society, and the technology industry.
The Council’s vision extends beyond provincial teams. According to the CERT Rules, sector-specific CERTs will be formed across both public and private sectors, encompassing ministries, divisions, local governments, and regulatory authorities. These Sectoral CERTs will be responsible for managing and responding to cyber incidents impacting their respective critical information systems and infrastructures. They will report incidents to the National CERT through either the Government CERT or CII CERT, in accordance with established protocols.
This strategic move reflects a growing recognition by Pakistani authorities of the need for decentralized, proactive, and collaborative cybersecurity mechanisms in the face of rising global cyber threats. Once enacted, the establishment of provincial CERTs will be a landmark development in Pakistan’s evolving cybersecurity ecosystem, ensuring that each region is equipped with dedicated capabilities to respond swiftly and effectively to digital emergencies.
