National CERT warns of supply chain cyber threats to power, banking, defence systems

The National Computer Emergency Response Team has issued a cybersecurity advisory warning that supply chain vulnerabilities could be exploited to target critical infrastructure, including power, banking and defence systems.

The advisory states that weaknesses during the delivery of hardware and software may lead to system-wide disruptions, as threat actors increasingly focus on logistics and manufacturing stages to carry out cyber operations.

National CERT cautioned that all incoming hardware should be treated as a potential risk and undergo strict inspection protocols. It also warned that unverified software updates may introduce hidden backdoors into systems, posing long-term security threats.

The alert highlighted concerns over vendors with unclear ownership structures, urging institutions to ensure transparency and conduct due diligence during procurement processes.

It further noted that dependence on a single supplier could create systemic risks, where a breach in one entity may disrupt entire sectors such as the national power grid or financial system.

Institutions have been directed to implement tamper-proof mechanisms and tracking systems for the transportation of sensitive equipment, and to report any suspicious network activity or unusual software behaviour to relevant authorities.

National CERT also instructed organisations to adopt a zero-trust security model, requiring authentication of all devices before granting network access.

The advisory warned that failure to secure supply chains could result in widespread disruption of critical national systems, as Pakistan’s digital infrastructure continues to expand across sectors.