Details & Regulations
AUDIT CERTIFIED — MAY 2026
This policy has been verified against official government gazettes and source documents.
View Audit Log
100% Verified
NCERT — National Computer Emergency Response TeamSOURCE VERIFIED
The National Computer Emergency Response Team (NCERT), also referred to as PakCERT, is Pakistan’s designated national cyber emergency response organization responsible for handling cybersecurity incidents, threats, and vulnerabilities affecting the country’s information infrastructure. It is the central coordination point for all cyber incident response in Pakistan.
OverviewSOURCE VERIFIED
Established under the Ministry of Information Technology and Telecommunication (MOITT), NCERT serves as the central point for coordinating responses to cyber threats across public and private sectors. It plays a critical role in safeguarding Pakistan's digital ecosystem, particularly within the growing IT/ITeS industry (ICT exports reached $1.86B in H1 FY 2024–25 with 28% YoY growth).
- Parent Body: Ministry of Information Technology and Telecommunication (MOITT)
- Legal Framework: Established under Section 4 of the Prevention of Electronic Crimes Act (PECA) 2016; further empowered by the Digital Nation Pakistan Bill 2025
- International Affiliation: Member of APCERT (Asia-Pacific CERT) and FIRST (Forum of Incident Response and Security Teams)
- Operational Status: 24/7 Security Operations Center (SOC) with real-time threat monitoring
Main Functions:
- Incident response and management — triage, containment, eradication, and recovery
- Threat intelligence sharing — real-time IOC (Indicators of Compromise) distribution to stakeholders
- Vulnerability monitoring and alerts — scanning national infrastructure for known CVEs
- Cybersecurity awareness campaigns — training and outreach for government and private sector
- Coordination with international CERTs — cross-border incident response and intelligence exchange
- Vulnerability advisory database — publishing and maintaining a national catalog of confirmed vulnerabilities
- Digital forensics support — assisting FIA/NCCIA in cybercrime investigations
Incident Reporting ProcessSOURCE VERIFIED
How to Report a Cyber Incident to PakCERT
- Identify the Incident: Determine if the event qualifies as a reportable incident (see “When to Contact PakCERT” below)
- Document the Incident: Collect timestamps, affected systems, IP addresses, log files, screenshots, and any IOCs (malware hashes, suspicious domains, phishing URLs)
- Contact PakCERT Immediately:
- Provide Incident Details: Share the collected documentation. Use NCERT’s standardized incident report form for faster processing.
- Receive Tracking Number: NCERT assigns a unique incident ID for tracking
- Cooperate on Response: NCERT may request additional logs, remote access (with consent), or coordination with your ISP
- Follow-Up: NCERT provides a post-incident report with recommendations to prevent recurrence
When to Contact PakCERTSOURCE VERIFIED
| Scenario | Urgency | Action |
|---|
| Active Compromise / Breach — Unauthorized access detected, data exfiltration confirmed, ransomware deployment | CRITICAL | Call 24/7 hotline immediately. Do NOT power off affected systems. Preserve all logs. |
| Vulnerability Discovery — You found a security flaw in Pakistani infrastructure or a widely-used system | HIGH | Email cert@npkpkcert.gov.pk with full technical details. Allow 90 days for responsible disclosure. |
| Threat Intelligence — You possess IOCs, TTPs, or threat data relevant to Pakistani organizations | MEDIUM | Share via the online portal or advisories@npkpkcert.gov.pk |
| Phishing Campaign — Phishing targeting Pakistani gov, banks, or IT companies | HIGH | Email with full headers, URLs, and screenshots |
| DDoS Attack — Ongoing or imminent distributed denial-of-service attack | CRITICAL | Call hotline + coordinate with ISP and PTA |
| Insider Threat Suspicion — Evidence of malicious activity from within your organization | HIGH | Contact NCERT and NCCIA simultaneously |
| Zero-Day Exploit — Discovery of previously unknown vulnerability being actively exploited | CRITICAL | Call hotline. Do NOT publicly disclose until NCERT coordinates vendor response. |
CERT Coordination with FIA / NCCIASOURCE VERIFIED
NCERT works closely with law enforcement through the National Counter Cyber Crime Academy (NCCIA), which became an independent agency in September 2025 (formerly FIA CCW — Cyber Crime Wing). The coordination framework is:
| Stage | NCERT Role | NCCIA/FIA Role |
|---|
| Incident Detection | Technical triage and IOC analysis | Legal assessment — determine if PECA violations occurred |
| Evidence Preservation | Digital forensics — disk imaging, memory capture, log analysis | Chain of custody — ensuring forensic evidence is court-admissible |
| Containment | Technical remediation — blocking IPs, isolating systems, patching | Legal orders — ISP blocking, asset seizure warrants |
| Investigation | Threat attribution, malware analysis, IOC correlation | Criminal investigation — suspect identification, arrest |
| Prosecution | Expert testimony, technical reports for court | Filing charge sheets, court proceedings under PECA |
24/7 Hotline & Contact InformationSOURCE VERIFIED
Pakistan Cyber Threat Landscape (2026)SOURCE VERIFIED
Critical: SideWinder APT Attack (April 2026)
On April 2, 2026,
NCERT issued a high-priority advisory regarding the
SideWinder APT (aka Rattlesnake, Hardcore Nationalist) targeting Pakistani government systems. Fake domains mimicking MoD,
MoF, NEPRA, and
NCERT itself were identified.
IT companies should immediately: block identified domains, enforce MFA on all accounts, deploy EDR tools, and conduct credential resets for privileged accounts.
Major Threat Categories in PakistanSOURCE VERIFIED
| Threat Category | Prevalence | Target Sectors | Recent Example |
|---|
| Nation-State APTs | Active | Government, Military, Energy | SideWinder APT targeting MoD/MoF (Apr 2026) |
| Ransomware | Active | Healthcare, Banking, Enterprise | LockBit, BlackBasta variants reported in Pakistan |
| Phishing / Social Engineering | High | All sectors, especially freelancers | Phishing kits targeting Upwork/Fiverr users (Q1 2026) |
| DDoS | High | Banking, Government, ISPs | SBP issued Cyber Shield guidelines (Mar 2026) |
| Insider Threats | Medium | IT Companies, BPOs | Data exfiltration by departing employees |
| Supply Chain Attacks | Medium | Software vendors, MSPs | Compromised npm/PyPI packages targeting Pakistani devs |
Vulnerability Advisory DatabaseSOURCE VERIFIED
NCERT maintains a national vulnerability advisory database categorizing advisories by severity and type:
| Advisory Category | Description | Frequency |
|---|
| Critical Advisory | Active exploitation in wild; immediate patching required (e.g., SideWinder domains, zero-days) | As needed — immediate distribution |
| High Advisory | Known vulnerability with published exploit code; patching within 72 hours recommended | 2–5 per week |
| Medium Advisory | Vulnerability with theoretical risk; patching within 30 days recommended | 5–10 per week |
| Low Advisory | Informational; configuration best practices and hardening guides | Weekly digest |
| Threat Intelligence Bulletin | Aggregated IOCs, TTPs, and geopolitical cyber analysis for Pakistani organizations | Bi-weekly |
Training ProgramsSOURCE VERIFIED
| Program | Audience | Duration | Certification |
|---|
| NCERT Cybersecurity Fundamentals | Government IT staff | 5 days | NCERT Certificate |
| Incident Response Workshop | IT/ITeS company security teams | 3 days | NCERT Certificate |
| PECA Compliance Training | Legal & compliance officers | 2 days | NCERT Certificate |
| Red Team / Blue Team Exercise | Security operations teams | 5 days | NCERT Certificate |
| Cyber Hygiene for Freelancers | DigiSkills graduates, freelancers | 1 day (online) | Free via DigiSkills platform |
Key StatisticsSOURCE VERIFIED
| Metric | Value | Source |
|---|
| 5G Security Guidelines | Published Feb 2026 | PTA |
| SBP Cyber Shield | Launched Mar 19, 2026 | SBP |
| NCCIA Status | Independent agency (Sep 2025) | FIA |
| Digital Nation Pakistan Bill | Approved both Houses | NA |
| PECA Applicable Sections | Sections 3–11 | PECA 2016 |
What This Means for Your IT Company:
- Report incidents: All IT/ITeS companies should report breaches to NCERT within 24 hours. Early reporting enables faster containment and may limit liability under PECA.
- Enroll in training: NCERT’s Incident Response Workshop (3 days) is essential for your security team. Contact NCERT to schedule.
- Monitor advisories: Subscribe to NCERT advisory emails at advisories@npkpkcert.gov.pk. Critical advisories (like SideWinder) require immediate action.
- PECA compliance: Sections 3–11 define cybercrimes. Your company must have incident response procedures aligned with PECA reporting requirements.
- FIA/NCCIA coordination: For criminal matters (data theft, hacking, fraud), file complaints with FIA/NCCIA, not just NCERT. NCERT handles technical response; NCCIA handles legal prosecution.
- DigiSkills Cybersecurity course: Have your team complete the free DigiSkills Cybersecurity course — see DigiSkills page.
Deep Intelligence, April 2026]