The government has involved security agencies to conduct comprehensive cyber security audit and vulnerability assessment of a foreign made system (Sandvine Inc) hired for Web Monitoring System (WMS), it is learnt.
According to official documents, Pakistan Telecommunication Authority (PTA) had directed telecom operators in 2017 to deploy a suitable solution capable of mitigating grey traffic and web content blocking. Based on the PTA's technical requirements, telecom operators committee issued the request for proposal (RFP) in July 2018. Western made solutions were offered by different vendors.
Three vendors who offered Sandvine based equipment (Sandvine Inc, US based company) participated in proof of concept and passed the criteria. No vendor offering, other than Sandvine, participated in proof of consent (POC), maintained the documents.
Further the agreement between telecom operators and the vendor was signed in December 2018. The PTA has rejected the perception about limiting the freedom of expression of internet users through the WMS system while terming it incorrect and baseless. Some concerns about possible security hazard/vulnerability of the foreign made system (Sande Inc) were raised.
Therefore necessary written guarantees have been acquired from the selected vendor and the OEM, ensuring that there are no backdoors or cyber security risks in the system. In addition to written guarantees, it was also decided that necessary measures will be taken for comprehensive cyber security audit and vulnerability assessment by a joint team of security agency and the PTA.
According to the PTA, other than many western countries, Sandvine equipment is also deployed in many Muslim countries including Pakistan. The Muslim countries where Sandvine is deployed are Algeria, Bahrain, Djibouti, Egypt, Indonesia, Iraq, Kuwait, Lebanon, Libya, Malaysia, Morocco, Qatar, Saudi Arabia Sudan, Tunisia, Turkey, and UAE.
In pursuance to the Section 37 of Prevention of Electronic Crimes Act 2016, clause 11.2 of telecom policy 2015, Regulation 2010 Monitoring and Reconciliation of International Telecom Traffic (MRITT), a suitable technical solution has to be deployed to carry out the following tasks, VoIP (Voice over IP), grey traffic analysis and mitigation, network threat detection, malware analysis, critical infrastructure information protection, web analysis and legally mandated content filtering, IP consumer trends, OTT applications regulation.
The contract is signed between relevant telecom operators and the vendor without the involvement of public money. All LDIs (Long Distance and International), CMOs (Cellular Mobile Operators) and Submarine Cable Landing Station licensees are sharing the cost of the system under their regulatory obligations.
At present on the directions of the Authority, the industry is in the process of deploying a system called, WMS. The WMS will facilitate in identifying and blocking concealed grey channels over the internet and perform web content filtering to facilitate PTA in fulfilling its responsibility under PECA 2016.
Copyright Business Recorder, 2019