ISLAMABAD: The National Computer Emergency Response Team on Tuesday issued a cybersecurity advisory warning that hostile actors could exploit supply chains to target key national infrastructure, including power, banking, and defence systems. The agency stressed that even minor lapses during the delivery of hardware and software can trigger large-scale system failures.
The warning comes as global concern grows over supply chain vulnerabilities. Increasingly, state-sponsored cyber espionage has expanded beyond networks into logistics and manufacturing stages. Therefore, CERT urged institutions to treat all hardware deliveries as potential risks and enforce strict inspection protocols. Moreover, it warned that unverified software updates may introduce hidden backdoors into critical systems, creating long-term security threats.
In addition, the advisory identified vendors with unclear ownership structures as a major risk factor. It called for greater transparency and due diligence in procurement processes. Meanwhile, reliance on a single supplier could create systemic vulnerabilities, where a breach in one entity disrupts entire sectors such as power grids or banking networks.
To mitigate risks, institutions must adopt tamper-proof transport mechanisms and tracking systems for sensitive equipment. Furthermore, organisations should promptly report suspicious network traffic and unusual software behaviour. CERT also directed institutions to implement a zero-trust security model so that all devices are authenticated before accessing networks.
The advisory warned that neglecting supply chain security could paralyse critical installations. Recently, cyberattacks targeted Pakistani media, including disruptions linked to Pak-Sat. During the same week, the National Assembly of Pakistan discussed cybersecurity measures, while Minister Shaza Fatima Khawaja reaffirmed efforts to strengthen digital protection.
