AGL 40.00 No Change ▼ 0.00 (0%)
AIRLINK 129.06 Decreased By ▼ -0.47 (-0.36%)
BOP 6.75 Increased By ▲ 0.07 (1.05%)
CNERGY 4.49 Decreased By ▼ -0.14 (-3.02%)
DCL 8.55 Decreased By ▼ -0.39 (-4.36%)
DFML 40.82 Decreased By ▼ -0.87 (-2.09%)
DGKC 80.96 Decreased By ▼ -2.81 (-3.35%)
FCCL 32.77 No Change ▼ 0.00 (0%)
FFBL 74.43 Decreased By ▼ -1.04 (-1.38%)
FFL 11.74 Increased By ▲ 0.27 (2.35%)
HUBC 109.58 Decreased By ▼ -0.97 (-0.88%)
HUMNL 13.75 Decreased By ▼ -0.81 (-5.56%)
KEL 5.31 Decreased By ▼ -0.08 (-1.48%)
KOSM 7.72 Decreased By ▼ -0.68 (-8.1%)
MLCF 38.60 Decreased By ▼ -1.19 (-2.99%)
NBP 63.51 Increased By ▲ 3.22 (5.34%)
OGDC 194.69 Decreased By ▼ -4.97 (-2.49%)
PAEL 25.71 Decreased By ▼ -0.94 (-3.53%)
PIBTL 7.39 Decreased By ▼ -0.27 (-3.52%)
PPL 155.45 Decreased By ▼ -2.47 (-1.56%)
PRL 25.79 Decreased By ▼ -0.94 (-3.52%)
PTC 17.50 Decreased By ▼ -0.96 (-5.2%)
SEARL 78.65 Decreased By ▼ -3.79 (-4.6%)
TELE 7.86 Decreased By ▼ -0.45 (-5.42%)
TOMCL 33.73 Decreased By ▼ -0.78 (-2.26%)
TPLP 8.40 Decreased By ▼ -0.66 (-7.28%)
TREET 16.27 Decreased By ▼ -1.20 (-6.87%)
TRG 58.22 Decreased By ▼ -3.10 (-5.06%)
UNITY 27.49 Increased By ▲ 0.06 (0.22%)
WTL 1.39 Increased By ▲ 0.01 (0.72%)
BR100 10,445 Increased By 38.5 (0.37%)
BR30 31,189 Decreased By -523.9 (-1.65%)
KSE100 97,798 Increased By 469.8 (0.48%)
KSE30 30,481 Increased By 288.3 (0.95%)

ISLAMABAD: The Federal Tax Ombudsman (FTO) Dr Asif Mahmood Jah has unearthed systematic flaws in security of confidential/classified data of taxpayers and directed the Pakistan Revenue Automation Limited (PRAL) to develop security policies/infrastructure and implement international standards for protection against future cyber attacks on Federal Board of Revenue’s (FBR) website.

The Federal Tax Ombudsman (FTO) in a landmark investigation found that due to incompetence, and ineptitude in the discharge of duties by FBR & PRAL, confidential/classified data of FBR Web portal was hacked.

According to details, tax lawyer Waheed Shahzad Butt has filed a public interest complaint against the FBR/PRAL key position holders, wherein after a comprehensive investigation, FTO Dr Jah concluded that FBR/ PRAL is not using any software to manage its Network Security policies and FBR has filed a false/wrong statement regarding the system disrupted period which is also contrary to the Finance Minister’s stance and using expired certification.

FTO order states: “The above analysis clearly reflects maladministration oozing out of neglect, inattention, delay, incompetence and ineptitude of FBR & PRAL’s functionaries, in the administration and discharge of assigned duties and responsibilities. PRAL data centre is not equipped with any Instruction Prevention/ Intrusion Detection system, a material systematic flaw exposing security of its database. PRAL data centre is not compliant to some credible International Standard and its certification was also expired in December 2020.

Security of taxpayers' data: No action taken against PRAL officials

When contacted Waheed Shahzad Butt told this correspondent that Cyber attack on key data websites, data and data centres of FBR/PRAL pose a threat that can undermine the security capabilities of a state (Pakistan). It can cause significant economic damages including ongoing crucial CPEC activities. Mastermind of this nefarious move and all team members including public servants working in FBR/PRAL must be removed from Government of Pakistan Services and criminal cases must be registered against all of them for not providing security to the confidential/classified data of taxpayers of Pakistan, solely due to their extreme inefficiency, negligence and corrupt practices for not buying the computer soft-wares and using pirated versions.

Waheed further added the hacking took place at a time when the Cabinet Division has also shifted its business online. Same episode has already been unmasked by the FTO in C. No. 507/2013 [2014 PTD 1353 = 109 Tax 1]. The failures in combating cyber threats can lead to a national crisis, as it is an integral part of Pakistan’s defence.

FTO directed the FBR to carry out a complete appraisal of its system’s vulnerabilities in order to avoid any such incident in future. Adopt solutions designed with security as a top priority like Cloud Car which provides protection against widespread system crashes and slow paced operations. PRAL is directed to develop security policies and security infrastructure with the help of efficient security tools like Intrusion Prevention and Intrusion Detection Systems both network-based and host based.

Deploy Comprehensive Security and incident Monitoring (SIEM) Solution in its Data Centre. Implement some credible International Standard (like Tier II, Tier III and Tier IV from Uptime Institute) as protection against any such threat in the future, FTO order added.

Copyright Business Recorder, 2021

Comments

Comments are closed.