Islamabad Safe City Project facing Cybersecurity Breach Risk? Here’s CERT advisory

2026-03-24 - 17:21

ISLAMABAD – Safe City surveillance project was introduced as a step toward smarter Pakistani urban security but it has now come under scrutiny after concerns surfaced about the technology powering it, prompting National CERT to order urgent audits amid growing questions about transparency and security. Digital infrastructure is deeply interconnected in 2026 and and increasingly targeted. The unfolding situation raised broader concerns about how surveillance technologies are sourced, deployed, and governed. Authorities placed Islamabad Safe City surveillance system on high alert amid fears that foreign software may have been operating within its infrastructure without full transparency as National Computer Emergency Response Team (National CERT) ordered immediate nationwide audits of government software and hardware, citing potential risks to sensitive national systems and critical infrastructure. If you are not familiar with it, you need to know that Israeli-developed video analytics software, BriefCam, had reportedly been used in the Islamabad Safe City project in previous years. BriefCam, now owned by Canon Inc. but still operating from Israel, is known for advanced surveillance tools including facial recognition, vehicle plate tracking, and real-time video analysis. The software has also been reported in international contexts involving surveillance operations in densely monitored urban areas. AI-driven video analytics platform was allegedly used in Pakistani capital to identify suspects, track vehicles, and generate e-challans, with its system connected to the biometric database of NADRA. This integration reportedly allowed access to identity records of a large portion of the population. The concerns deepen with reports that since late 2022, the system was upgraded to a platform known as Extreme C, featuring real-time facial recognition capabilities and powered by hardware from Huawei. However, neither the initial deployment of BriefCam nor its subsequent replacement was publicly disclosed, fueling criticism over a lack of transparency in how such a sensitive national surveillance system has been managed. National CERT issued strict directives requiring all government agencies to urgently audit their digital infrastructure. The advisory warns that unverified vendors and opaque supply chains could introduce hidden vulnerabilities capable of compromising systems used in power distribution, banking networks, and government communications. Officials have been instructed to verify vendor ownership, inspect hardware for unauthorized components, and test all software in isolated, controlled environments before deployment. Agencies have also been urged to adopt a “Zero-Trust” security model, meaning that no system, user, or device is automatically trusted without continuous verification. Experts caution that modern supply chains have become a critical weak point in cybersecurity. Attackers may exploit trusted manufacturers or distributors to insert malicious code or hardware backdoors, potentially enabling espionage or sabotage at a national scale. Even minor irregularities in device shipment, firmware updates, or system configurations could open the door to unauthorized access or data leakage. Under the National CERT’s directive, software audits must be completed within one week, while hardware inspections are to be finalized within two weeks. Any suspicious or compromised equipment must be immediately isolated and preserved for forensic investigation. Geo News Transmission hacked to air Anti-Pak Army Messages in Major Cyber Breach