 | Issue: | Global 2012 |
| Article no.: | 2 | |
| Topic: | Making the digital world secure and safe | |
| Author: | Hessa Al Jaber | |
| Title: | Secretary General | |
| Organisation: | ictQATAR | |
| PDF size: | 187KB |
About author
Dr. Hessa Al Jaber is the Secretary General of the Supreme Council of Information and Communication Technology, ictQATAR. Prior to becoming Secretary General, Dr. Hessa was a member of the Strategic ICT Committee, responsible for shaping Qatar’s national ICT strategy.
Dr. Hessa holds a Bachelor of Science (Engineering) from KuwaitUniversity and Master’s Degree and Ph.D in Computer Science from George Washington University, Washington, DC.
Article abstract
The threat landscape is changing dynamically with technology potentially providing an edge to the crime perpetrator. Collaboration between key stakeholders is therefore essential in preventing the impact of future threats. Guidelines and policies are required for issues such as data storage, as well as policies intended to deter cyber crime. Deterring cyber threats while building digitally literate citizens is the key.
Full Article
The Middle East has seen unprecedented change in recent years, helped in no small part by Information and Communication Technologies (ICTs). As all sectors become more reliant on ICT to provide core services, the security of the critical IT infrastructure becomes even more important. In Qatar 70 per cent of our GDP comes directly from the petroleum and natural gas industries, making the protection of the IT infrastructure essential for our national well-being.Similarly, across the government, more and more core functions depend on secure, reliable networks.
As the networks and infrastructure evolved so too have the threats posed to them. The activities of cyber criminals have been flourishing, and by using advanced technologies and sophisticated techniques they often escape detection, compounding the risks.
Q-CERT
In order to tackle these issues head on and protect the citizens and resources of the nation, the Qatar Cyber Emergency Response Team (Q-CERT) was established. Q-CERT operates as part of the Cyber Security Division within the Supreme Council of Information and Communication Technology (ictQATAR), the nation’s ICT policy and regulatory authority.
Q-CERT works with government agencies, private and public sector organizations and Qatar’s citizens to ensure that online threats are monitored and risks are contained. It has also adopted a collaborative approach with other international CERTs, recognizing that cyber threats do not respect state borders. In Qatar, Q-CERT helps protect sensitive information and ensure safety on the Internet through the adoption of a matrix of security controls that protects Qatar’s interests on many levels. On the technology side, the Threat Intelligence Team collects and analyzes threat statuses from different security intelligence sources. They also gather information generated from our own sensors and Honey-nets to give an overall view of the threat status globally, regionally, and most importantly, locally.
Q-CERT proactively informs our constituency in the oil and gas sector, as well as other critical industries, of any possible malicious activity and works with them to rectify the situation utilizing incident handling and digital forensics capabilities. Q-CERT has also developed the ability to detect early patterns of malware propagation through social media channels used by politically or financially motivated hackers and can instantly apply corrective measures. Between 2008 and 2012 the number of infected machines was reduced nationally by a remarkable 80 per cent.
Yet technology continues to evolve at a rapid pace and malware mirrors the growth and reach of this technology. Malware can affect not only computers but also any smart devices such as industrial control systems, smartphones, intelligent transportation systems or payment devices. Attackers may target the software, firmware, micro-codes or hardware to take control of entire critical infrastructures, collect personal data, sensitive information and run espionage operations.
With the coming of the smart home and the dependency of nations on smart grids, threats from cyber space continue to penetrate our private space. Remote services and distributed computing are bringing more convenience to life while making the life of the hacker easier, providing malicious minds with a large data flow of personal information. The traditional approach of securing infrastructures by adding security layers isn’t without flaws as it also increases the potential for vulnerabilities due to the additional layers of code. In the future the same technologies will exist in a car or even within our body to help in healthcare, but this also exposes us to potential direct cyberattacks.
Although we do agree that the threat landscape is changing dynamically with technology potentially providing an edge to the crime perpetrator, there is still hope. More than ever the public private partnership (PPP) approach has proved to be an efficient way to collaborate between key stakeholders in preventing the impact of future threats. Proactive engagements and partnerships with the private sector has been an effective strategy, bringing the sector together to work on achieving and addressing common goals and problems within an information security realm.
An organic approach to building resources and capacity through an ecosystem of training and development is another step in the right direction. The leadership of Qatar has set forth a plan for the nation’s future in its Qatar National Vision 2030 which will see Qatar transcend into a knowledge based society. Key to this vision is a technologically engaged population who are wise to the huge potential of the Internet as well as educated in the risks and responsibilities that come with sharing information online.
We have also worked to develop customized cyber security tools and resources for the Arab world. One of our successes has been in custom developing existing technologies to better analyze data traffic in Arabic.
We have also set guidelines and policies for various sectors such as government, finance and energy on issues such as data storage, which have been successful in bringing up the information security baseline within specific critical sectors. These have coincided with policies intended to deter cybercrime such as the Data Privacy and Critical Information Infrastructure Protection policies, which will provide an overall framework for the nation, act as a strong deterrent for criminals and malicious users and strengthen law enforcement agencies.
Digital literacy
However, security is not the only issue. We must also focus on digital literacy and the safety of our children online to have the full picture of a secure, digital world. It is crucial that our youth learn how to use digital resources wisely. We want to ensure they know what it means to have constant connectivity, a public profile and the ability to share everything with an anonymous and potentially worldwide audience. This generation must educate the next generation on how to assume control of their own destiny on the Internet by teaching them about the risks and responsibilities of participation.
In order to achieve these aims we have partnered with leading international organisations such as the Family Online Safety Institute (FOSI) in holding events and workshops. This March we held a collaborative two-day event in Doha under the banner of promoting online safety and cyber ethics in the Middle East. During the event industry leaders and educators looked at the impact of digital and social media on Arab youth, issues such as cyber bullying and other challenges faced by children online in the modern world.
We have also established a new committee, the National Committee for Internet Safety (NCIS) tasked with raising awareness about Internet safety issues and improving online safety education. The NCIS includes representatives from the government, key industries, law enforcement, academia, non-governmental organizations, parents and local youth. The Committee is a fully independent body and works to commission research around Internet safety, monitor progress across sectors, offer support to organizations and individuals where necessary and identify specific solutions to a range of Internet safety issues.
With the tremendous growth of mobile Internet usage, coupled with the high smartphone usage in Qatar, as well as a mobile penetration rate that stands at one of the highest in the world at over 140 percent, ensuring safe and ethical online participation, irrespective ofdevice, has never been more critical to the overall security of our society.
Therefore, ictQATAR has also initiated awareness activities and campaigns to create and maintain a safe culture of technology usage among parents, children and employees, coupled with structured cyber safety education within local schools and corporations.
With secure and robust access to broadband connectivity governments, businesses, communities and individuals are able to fulfil their potential, enhance their society and embrace a bright new dawn. As a forward looking nation, Qatar will continue to be at the cutting edge of information and communication technology, and ensure future generations are secure online, while also being equipped with the knowledge to be safe.
