PESHAWAR: The Khyber Pakhtunkhwa (KP) Department of Science and Information Technology has informed all the provincial administrative departments that it will be their responsibility to protect their websites and applications from cyber-attacks.
The department has directed the senior members of the board of revenue, principal secretary, KP governor, the chief ministers, secretaries of all administrative departments, divisional commissioners and provincial assemblies to have a full backup of the site ready on a computer so that the site can be restored from the computer when it crashes.
It clarified that the data centre stores 24 hours of data, however, it may take five to six hours to restore the complete website, so in case of any website being hacked or crashing, the departments have to provide timely notification to the data centre. Furthermore, in case of any website being hacked, the data centre will delete all the accounts that have been set up on the provincial server.
According to the data centre, all user departments will be provided only a server machine and installation facility after which its maintenance will be the responsibility of the concerned department. A 15-day log-file of all matters used on the server will be provided by the data centre. However, this log-file will not include database usage and user information. The user department has been instructed to keep the log-file of their virtual private server machine safe and also to review its usefulness.
The data centre had also provided the facility to administrative departments to have their own computer server. However, it has been clarified that installation, configuration, optimisation and data backup will be the responsibility of the administrative departments, and the data centre only provides space. The data center made it clear that if any website or application is attacked or hacked, it will only be responsible for the network layer.
The data centre added that security threats and attacks are mostly due to non-compliance with security standards, as well as flaws in designing, coding and development of the websites.
Concerning cybersecurity, seven layers have been formulated, comprising of application, presentation, session, transport, network, data link and a physical layer. A provincial data centre has also been set up. According to the department, these responsibilities have been formulated to protect itself from future internet connection issues and cyber-attacks, including hacks.