PTA Introduces CTDISR-2025: Strengthening Telecom Cybersecurity in Pakistan
The Pakistan Telecommunication Authority (PTA) has rolled out a revised framework for its Critical Telecom Data and Infrastructure Security Regulations (CTDISR), introducing a new version named CTDISR-2025. The update was unveiled in PTA’s Annual Cyber Security Report 2024-25 and is being described as a major step toward improving cybersecurity across Pakistan’s telecom sector.
First launched in 2020, the original CTDISR laid the foundation for security controls within telecom companies. However, with the rapid evolution of cyber threats, AI-driven attacks, and technological shifts over the past five years, PTA deemed it necessary to revamp the framework.
Key Revisions in CTDISR-2025
The CTDISR-2025 regulations have been extensively revised, with almost all provisions from the CTDISR-2020 either updated, merged, or refined to remove duplications and improve clarity. According to PTA, the new framework moves away from reactive security practices and instead emphasizes a proactive, risk-based approach to cybersecurity governance.
The updated regulations also incorporate insights from regulatory audits, industry consultations, and expert feedback, making the framework more practical for implementation across the telecom sector.
New Additions and Focus Areas
Some of the major inclusions in CTDISR-2025 are:
-
Asset Management and Risk Management protocols
-
Data Privacy and Cloud Security measures
-
Insider Threat Detection systems
-
Business Continuity Planning for emergencies
-
HR security controls and defined roles for Information Security officers
In addition, stricter access control policies such as role-based access mechanisms and mandatory multi-factor authentication (MFA) have been introduced to strengthen data protection.
Integration with nTSOC
A major advancement in the new regulations is mandatory integration with the National Telecom Security Operations Center (nTSOC). This will allow real-time cyber threat intelligence sharing and a coordinated national-level response to incidents, significantly improving Pakistan’s telecom security posture.
Global Standards Alignment
PTA confirmed that the revised framework has been aligned with international cybersecurity benchmarks including ISO/IEC 27001 and NIST Cybersecurity Framework (CSF). It also complements Pakistan’s National Cybersecurity Policy 2021, ensuring that the telecom industry is better prepared for global cyber challenges.
By incorporating global best practices and addressing emerging risks such as ransomware, AI-powered cyberattacks, and supply-chain vulnerabilities, the CTDISR-2025 framework aims to make Pakistan’s telecom infrastructure more secure and resilient.
Expected Impact
The PTA believes that the new framework will not only safeguard critical telecom systems but also boost Pakistan’s ranking in the Global Cyber Security Index, strengthening the country’s digital defense capabilities.
