Muhammad Umar Waqqas
KARACHI: Pakistan’s IT sector does not depend on physical trade routes in the same way as cargo moving through Torkham or the Strait of Hormuz, but recent events have shown that the country’s digital economy is equally vulnerable to regional conflict and cyber disruption. According to senior IT affairs expert Shahzad Arif, Pakistan must now move quickly to defend its digital infrastructure and turn present risks into long-term advantage.
Shahzad Arif said recent attacks have exposed serious weaknesses in Pakistan’s digital backbone. Iranian drone strikes reportedly damaged AWS data centres in the UAE and Bahrain, while hackers hijacked PakSat feeds of Geo News, ARY News and Samaa TV through uplink spoofing. At the same time, the Iranian Revolutionary Guard Corps has threatened submarine cable systems in the Gulf and Red Sea.
The economic impact is already visible. Monthly IT exports have declined from 437 million dollars to 365 million dollars, not because of any fall in Pakistan’s technical capability, Arif said, but because international clients are becoming more concerned about geopolitical risk.
He noted that 98 cyberattacks were reported in the first quarter of 2026, including 21 targeting federal government institutions. Analysts have also warned that the enemy is increasingly using cyber-kinetic tactics along the Afghan border by disrupting surveillance systems before attempting physical crossings.
Pakistan’s main international data links are especially exposed. Shahzad Arif said 12 of the 17 major cable systems in the Gulf pass through areas controlled or monitored by the IRGC. Pakistan’s principal connections to Singapore, Europe and the United States, including SMW4, SMW5 and IMEWE, all rely on these same routes.
Although banks maintain satellite backup links for SWIFT, Arif warned that domestic systems such as Raast, 1Link and the Pakistan Real-Time Interbank Settlement Mechanism cannot continue operating effectively on limited satellite bandwidth if undersea cables are disrupted.
To deal with this threat, he said the State Bank of Pakistan should publish a continuity protocol for situations where cyberattacks and cable failures occur at the same time. Such a plan should include alternative SWIFT routes that avoid the Gulf and Red Sea, at least two clearing banks with tested backup arrangements and a reduced-capacity mode for Raast and 1Link that gives priority to export-related payments.
Shahzad Arif also suggested that Pakistan explore supplementary payment channels through China’s Cross-Border Interbank Payment System and future BRICS digital currency arrangements. He stressed that these should not replace SWIFT, but provide insurance against overdependence on a single route.
He argued that Pakistan must also reduce its dependence on a few vulnerable cable corridors. Every major cable serving the country currently passes through conflict zones, while the proposed 2Africa Pearls cable remains delayed and the CPEC fibre link offers only a single terrestrial route.
Arif proposed three urgent steps. First, Pakistan should develop a new submarine cable route through the Bay of Bengal and the Strait of Malacca to create a safer path to Singapore and the US West Coast. Second, the CPEC fibre network should be upgraded into a multi-route backbone with physically separate paths. Third, Pakistan should secure pre-contracted access to cable repair vessels rather than depend on commercial availability during a crisis.
He said Pakistan should not limit itself to a defensive response. Instead, the country should build a domestic cloud industry that can support both local firms and regional markets. Many Pakistani IT exporters currently host their operations in cloud facilities located in the Gulf, Singapore and the United States. If those centres are damaged or become inaccessible, local companies cannot reliably serve foreign clients.
Shahzad Arif referred to the September 2025 cable cuts near Jeddah, which caused internet latency across South Asia to rise by between 20 and 30 per cent. He said Pakistan should establish Tier III and Tier IV data centres in Karachi near cable landing stations and use them as the basis of a national cloud platform.
Such facilities, he said, could also turn Pakistan into a neutral digital hub for Central Asia. Countries such as Uzbekistan and Tajikistan, which lack direct access to submarine cables, currently depend heavily on Russian and Chinese infrastructure. Pakistan could instead provide them with computing, storage and connectivity services through Karachi.
Arif also called for stronger protection of Pakistan’s information systems following the PakSat spoofing incident of March 1. He said commercial satellite uplinks should be upgraded with encryption and carrier authentication to prevent future hijacking attempts.
Beyond broadcasting, he urged the government to subsidise SOC2 and ISO 27001 certification for IT firms through P@SHA. According to him, such certifications should be treated as part of the country’s export infrastructure rather than as a cost to be borne by individual companies.
Arif said international clients increasingly prefer firms that can demonstrate strong cybersecurity, disaster recovery and business continuity plans. More than 40 per cent of global outsourcing contracts now include nearshore or diversified arrangements because companies want to reduce geopolitical risk. Pakistan, he said, can benefit from this trend if it proves that its digital infrastructure is secure and resilient.
He added that Pakistan’s diplomatic missions abroad should directly engage with foreign procurement teams and present them with a clear plan for infrastructure resilience.
Finally, Arif highlighted the importance of the pending Data Protection Bill. He said the absence of such a law remains both a regulatory and commercial weakness. Under the US CLOUD Act, data stored on American platforms remains subject to US jurisdiction. Pakistani companies using services such as AWS and Azure therefore cannot assure foreign clients that their information is protected under Pakistani law.
Passing the Data Protection Bill, Shahzad Arif said, would give Pakistan legal sovereignty over digital information and provide local firms with a valuable selling point in international markets.
He concluded that Pakistan’s target of 10 billion dollars in annual IT exports remains achievable, but only if the country treats the defence of its digital borders with the same seriousness as the protection of its physical frontiers.
