CERT warns ‘hostile actors’ could exploit supply chains to target national infrastructure

ISLAMABAD: The National Computer Emergency Response Team (National CERT) on Tuesday issued a cybersecurity advisory warning that hostile actors may exploit supply chains to target critical national infrastructure, including power, banking, and defence systems.

The advisory highlights that even minor lapses during the delivery of hardware and software could trigger large-scale system failures.

The alert comes amid growing global concern over supply chain vulnerabilities, where state-sponsored cyber espionage has increasingly extended into logistics and manufacturing stages.

CERT cautioned that all hardware deliveries should be treated as potential security risks and subjected to strict inspection protocols. It further warned that unverified software updates could introduce hidden backdoors into the national digital infrastructure, posing long-term security threats.

The advisory also flagged vendors with unknown ownership structures as a significant risk factor, urging institutions to ensure transparency and due diligence in procurement processes.

It noted that reliance on a single supplier could create systemic vulnerabilities, where a breach in one entity might disrupt entire sectors such as the national power grid or banking network.

Institutions have been directed to adopt tamper-proof mechanisms and tracking systems for transporting sensitive equipment.

Additionally, organisations are required to promptly report suspicious network traffic and unusual software behaviour to relevant authorities.

National CERT has further instructed institutions to implement a zero-trust security model, ensuring that all devices are authenticated before being connected to networks.

The advisory emphasised that neglecting supply chain security could lead to the complete paralysis of critical national installations.

The warning underscores the urgent need for strengthened cybersecurity frameworks as Pakistan’s digital infrastructure continues to expand and integrate across sectors.

Earlier this month, multiple Pakistani television channels, websites and mobile applications came under coordinated cyberattacks. The main attack happened at the state-owned satellite of the country, Pak-Sat, as a result of which several TV channels suffered transmission issues.

The same week, the National Ass­embly was informed that a firewall was necessary for the country’s cyber defence and that further investments would be made to protect Pakistan’s digital boundaries. Minister for IT and Telecom Shaza Fatima Kha­waja highlighted the importance of cybersecurity and said several mea­sures had been taken to strengthen the protection of citizens’ digital space.