Understanding Cybersecurity: A Multi-Layered Approach

Cyberspace is a word coined by novelist Gibson in his 1984 book Neuromancer to refer to virtual worlds created by computers and populated by fictional individuals.

The 1980s saw the combination of the words “cybernetics” with “space,” giving rise to the phrase “cyberspace,” which is credited to Canadian author William Gibson. Cyberspace is a word coined by novelist Gibson in his 1984 book Neuromancer to refer to virtual worlds created by computers and populated by fictional individuals.

The phrase has become widely used to characterize virtual space, particularly the domain of communication enabled by computer networks, as it has become ingrained in popular culture. It is important to remember that the phrase is sometimes misused to refer to the Internet.

To elaborate, the word cyberspace refers to all the information and communication resources included in a complicated combination of users, networks, protocols, and digital spaces. The material layer, the logical layer, and the informational layer make up the three layers of this complex system.

Cyberspace is a global area inside the information environment, according to the definition provided by the US Department of Defence, which is trying to standardise terminology used in the military.

The internet, computer systems, telecommunications networks, embedded processors, and controllers are only a few examples of the interconnected network of information technology infrastructures and related data that are highlighted in this concept.

Interestingly, though, the US military’s concept of the word, cyberspace seems to ignore the human factor when compared to the three-layer model. It primarily concentrates on the logical and infrastructure aspects, ignoring the users and players who are actively engaged in this digital space.

The word “security,” which comes from the Latin “sine cura,” which means “without concern,” is commonly used in the context of security studies theory to refer to a situation in which there is safety, tranquilly, and a lack of threats. It is also crucial to understand “security” as a dynamic process, which means that both the concept of security and its organisational framework are always changing.

As a result, security cannot be viewed as a situation that is fixed and never changes, but rather as a continuous process that involves individuals, states, local communities, and international organizations working together to achieve the desired level of security.

By utilizing this comprehension in the context of cybersecurity, the idea may be described as a process that is continuously moving towards a desired goal as well as a reference to an imagined state. Making sure that networks and information systems are continuously protected is the aim of cybersecurity.

Article 4(2) of the NCSA (National Cyber Security Authority) defines “cybersecurity” as “the security of network and information systems,” which is the same as what is meant to be expressed in the NIS (Network and Information Systems) Directive.

The ability of networks and information systems to withstand, with a predetermined degree of confidence, any action that could jeopardise the availability, authenticity, integrity, or confidentiality of data that is stored, transmitted, or processed, as well as the associated services that are offered by or accessible through those networks and information systems, is what is meant by cybersecurity in this context.

Cybercrime is a broad term with several definitions that have changed over time. According to one of the first definitions, computer crime includes any unlawful, immoral, or unapproved actions that involve the automatic processing and/or transfer of data. Interpol then developed a more general definition of computer crime, defining it as “criminal activities in the scope of computer technologies.”

This broad definition recognises the variety of offences that fall under the umbrella of computer technology. These offenses can be broadly classified into several categories, including those pertaining to the words cyberspace, cybercrime, and cyberterrorism.

In a narrow sense, computer crime refers to any illegal behaviour that targets the security of computer systems and the data they process. This includes: (1) unauthorised access; (2) damage to computers, computer data, or computer programmes; (3) unauthorised interception; and (4) computer espionage.

Broadly speaking, cybercrime, sometimes known as “computer-related crime,” refers to any illegal activity carried out via or in connection with a computer system or network, including crimes like unlawful possession and the provision or distribution of information via one of these channels.

Terrorist acts are described as activities performed by governments using information technology with the intention of achieving military or other strategic goals. The former are planned, executed, and coordinated through computers and computer networks.

The researchers claim that cyberterrorism is a hybrid of the words cyberspace and terrorism. It is generally understood to refer to illegal assaults and threats of attacks on networks, computers, and data gathered from them in order to scare or pressure governments, or the residents, of a given state to fulfil political or social objectives.

Furthermore, an attack must entail violence against individuals and property or enough damage to incite fear to qualify as cyberterrorism. Examples could include attacks that cause fatalities or serious injuries, as well as explosions, airline disasters, water pollution, and significant financial losses.

Depending on how they turn out, significant attacks against vital facilities may qualify as cyber-terrorist attacks. Attacks that cause the interruption of non-critical services or primarily cause financial difficulties are not included in this category.

In Pakistan, a strong framework for cybersecurity has been advanced with the implementation of the National Cyber Crime Policy 2021.

This policy, which was formally adopted by Parliament on July 27, 2021, is the result of a deliberate attempt to handle the various difficulties that come with cybersecurity. It emphasises the necessity of extraordinary efforts and calculated steps to deal with and handle cybersecurity problems in the nation.

The adoption of this policy shows a proactive approach to protecting digital assets and thwarting cyber threats in Pakistan and indicates a commitment to promoting a secure cyber environment. The policy lays forth detailed goals with the intention of tackling Pakistan’s common cybersecurity risks and difficulties. Some of the objectives highlighted under the policy include:

  • initiating a governance structure for the cybersecurity ecosystem.
  • upgrading information systems and infrastructure.
  • promoting data privacy and protection.
  • establishing a protection and information sharing framework.
  • raising awareness about cybersecurity issues for the public; and
  • providing a framework promoting national and global cooperation on cybersecurity.

The field of cybersecurity in Pakistan is still in its infancy. But, as evidenced by the recent and urgently required advancements mentioned above, things are moving in the right direction. Pakistan’s strategy for cybersecurity growth is portrayed in the Cyber Security Policy, which emphasizes resilience through a robust and dynamic digital environment rather than only asset protection.

However, the policy must be implemented effectively and promptly to create a cyber-friendly atmosphere that will advance both technological and economic advancement.

The ECC in Islamabad approved higher gas prices for two Punjab fertiliser plants and allocated an extra Rs10 billion for cybersecurity.

According to an official announcement, the ECC granted a request for the “Digital Information Infrastructure Initiative (DIII)” to receive Rs. 10 billion in funding for the current fiscal year. In addition to preventing cybersecurity breaches, the funds will be used for the necessary technical capabilities to proactively identify possible cyberthreats to the nation’s essential information infrastructure.

In the context of a fertiliser manufacturing plant, several key focused areas for cybersecurity are crucial to ensuring the availability, integrity, and confidentiality of sensitive information and industrial control systems. These areas include:

Process Control Systems Security: Network Segmentation: To lower the danger of unauthorized access, process control systems should be isolated from the corporate network using strong network segmentation.

Access Controls: To ensure that only authorised personnel have access to the system, strict access controls and user authentication procedures should be in place.

Industrial Control Systems (ICS) Security: To fix vulnerabilities and improve system resilience, control system software and firmware must regularly get security patches and upgrades.

Anomaly Detection: Using sophisticated anomaly detection systems to spot odd behaviours or patterns within the industrial control network aids in the early identification of any security breaches.

Physical Security: Putting in place physical security measures, like surveillance and access control systems, to prevent unwanted physical access to vital parts of the manufacturing plant.

Supply Chain Security: Vendor Risk Management: Ensuring that third-party vendors and suppliers follow cybersecurity best practices to avert supply chain assaults, as well as assessing and managing the cybersecurity risks associated with them.

Cybersecurity Incident Response Plan: Creating and testing an incident response plan on a regular basis will help you recover and respond to cybersecurity problems quickly while reducing potential losses and downtime.

Cybersecurity Awareness and Training Programmes for Employees: offering thorough training courses to staff members to raise their knowledge of cybersecurity best practices, such as identifying and reporting possible threats.

Data Encryption: Encrypting data while it’s in transit between systems and while it’s at rest on storage devices is known as data encryption. This technique shields private information from unwanted access.

Adherence to Regulations: Ensuring adherence to industry-specific cybersecurity standards and regulations, like ISA/IEC 62443, that are pertinent to the manufacturing sector to comply with regulatory obligations and industry best practices.

Continuous Monitoring: The use of Security Information and Event Management (SIEM) solutions enables the continuous monitoring of network activities, the real-time detection of security issues, and the provision of a centralized view of the security posture.

Secure Configuration Management: Applying secure configuration settings to all hardware and software components in the manufacturing plant reduces the attack surface and strengthens overall cybersecurity.


Control system integration with key infrastructures has become commonplace in today’s world of technology-driven operations, enabling streamlined and efficient procedures. But this enhanced connectedness also makes these control systems vulnerable to a wide range of cybersecurity dangers that could breach sensitive data, interfere with operations, and seriously jeopardise national security.

This introduction lays the groundwork for a thorough examination of the topic of “Cybersecurity for Control Systems.” It emphasises how essential control systems are to the operation of vital infrastructure industries like manufacturing, energy, transportation, and healthcare. Operational technology (OT) and information technology (IT) convergence present a distinct set of problems that require specialised cybersecurity solutions.

We will explore the nuances of protecting control systems along the way, stressing the importance of having a thorough yet flexible cybersecurity plan. The introduction is to foster awareness of the constantly changing threat environment, the weaknesses present in control systems, and the necessity of taking preventative action to safeguard our vital infrastructure from online attacks.

We work together, innovate, and have a strong commitment to cybersecurity principles to guarantee the integrity and resilience of control systems in the face of constantly changing cyber threats. This introduction highlights the vital significance of cybersecurity for control systems in protecting the backbone of contemporary infrastructure and extends an invitation to investigate its more subtle aspects.