The National Computer Emergency Response Team (National CERT) on Tuesday sounded a stark warning that hostile actors could exploit supply chains to infiltrate critical national infrastructure, urging immediate system-wide audits and tighter cybersecurity controls.

In a detailed advisory, the authority directed all public and private institutions to conduct urgent audits of software and hardware, warning that unsecured systems could expose power, banking and defence networks to disruption.

The alert followed reports of suspicious foreign software detected in the Islamabad Safe City project, prompting authorities to place relevant institutions on high alert and initiate comprehensive scanning of national infrastructure systems.

The National CERT mandated that software testing be completed within one week and hardware inspections within two weeks, alongside strict monitoring of vendors, logistics systems and supply chains to identify potential vulnerabilities.

The advisory warned that even minor lapses during procurement or delivery could trigger large-scale system failures, noting that global supply chains have become a key battleground for cyber sabotage and espionage.

Institutions have been instructed to immediately isolate compromised hardware, preserve evidence and blacklist vendors in case of suspicious activity, while ensuring transparency in vendor ownership and procurement processes.

The National CERT advisory also cautioned against reliance on single suppliers, highlighting the risk of systemic disruption if one compromised entity affects entire sectors such as the national grid or banking network.

Communication devices, network management tools and industrial control systems were identified as particularly vulnerable, with warnings that unverified software updates could introduce hidden backdoors into critical systems.

To mitigate risks, organisations have been directed to adopt zero-trust security models, implement tamper-proof transport mechanisms for sensitive equipment, and report unusual network activity without delay.

Separately, the federal government has operationalised a national threat intelligence-sharing system linking National CERT with the Pakistan Telecommunication Authority (PTA) and the Pakistan Army’s cyber division.

The system, built on a Malware Information Sharing Platform (MISP), enables real-time detection and coordinated response to cyber threats, reducing reliance on external intelligence and strengthening national cyber defence.

Officials say the integrated platform will provide early warnings against potential attacks on government, telecom and critical infrastructure, while improving inter-agency coordination and proactive threat hunting.

The warning comes amid rising global concern over supply chain vulnerabilities and follows recent coordinated cyberattacks targeting Pakistani media platforms and the state-owned Pak-Sat satellite, which disrupted television transmissions.

Earlier this month, the National Assembly was told that further investment in cybersecurity, including firewall deployment, was essential to safeguard the country’s expanding digital ecosystem, as authorities push to strengthen protection of national networks.

(WITH INPUT FROM NEWS DESK)