IN THE FRONT­LINE, ON­LINE

Qatar Today - - COVERSTORY > IN THE FRONTLINE, ONLINE - BY AYSWARYA MURTHY

THE MOST SO­PHIS­TI­CATED AND AD­VANCED COM­PUTER VIRUSES IN HU­MAN HIS­TORY HAVE ONE THING IN COM­MON – THEY ALL HAP­PENED HERE IN THE MID­DLE EAST WITHIN THE LAST FEW YEARS, AC­CORD­ING TO OMAR SHERIN, IC­TQATAR, CY­BER

SE­CU­RITY DIVI­SION.

Not long after the first com­put­ers were con­nected to form a net­work, the first net­work prop­a­gat­ing worm was dis­cov­ered. Now ma­li­cious code could travel to your ma­chine from any­where in the world. Since then, the re­lent­less at­tacks on our per­sonal com­put­ers and pri­vate in­for­ma­tion have not only been un­abated, the crim­i­nals and hack­ers of the world are de­vis­ing new ways to get to what they want, helped enor­mously by the fact that our on­line pres­ence now is per­va­sive, de­tailed and in full view. “Ev­ery­thing is critical in­for­ma­tion. We are liv­ing in a cul­ture of shar­ing so any and all in­for­ma­tion we put out there can be col­lected and an­a­lysed to cre­ate so­cially en­gi­neered bugs that are specif­i­cally tar­geted at you,” says Husamet­tin Baskaya, Re­gional Direc­tor at mo­bile se­cu­rity com­pany Web­sense. But more un­set­tling than some­one try­ing to trick you into re­veal­ing your pass­word or ac­count num­ber is when they de­cide to cut out the mid­dle man and di­rectly tar­get the in­sti­tu­tions that are deal­ing with your money. McAfee Strate­gic Se­cu­rity Found­stone Ser­vices, Direc­tor of In­ci­dent Re­sponse and Foren­sics for EMEA, Chris­ti­aan Beek said the Cy­ber De­fense Cen­tre that he is a part of in Dubai is cur­rently work­ing on a rather tough case, one that's tak­ing a lot of the Cen­tre's time and best re­sources to re­solve. “This fi­nan­cial com­pany was re­cently tar­geted by a very so­phis­ti­cated, cus­tom piece of mal­ware, fine-tuned for the com­pany. Look­ing at how it works and the way it spreads, it's ob­vi­ous that the group be­hind it has done their home­work and in­vested a lot of time and money in hopes of re­main­ing un­de­tected and con­tin­u­ing with their crimes,” he says.

These oc­cur­rences are be­com­ing in­creas­ingly com­mon­place and there is as much chance of erad­i­cat­ing cy­ber crime as there is of com­plet­ing do­ing away with crime on the streets. It's in­evitable, whether you are an in­di­vid­ual, a com­pany or even a govern­ment, that there will be an at­tempt to cir­cum­vent your de­fences and dam­age or steal your data. What mat­ters is that your fire­walls hold up to these at­tacks and, even if they suc­cumb, that the data leak is de­tected and plugged quickly with seam­less re­cov­ery. These traits will be­come more im­por­tant as more of our critical in­fra­struc­ture starts to go on­line, as it un­ques­tion­ably will. With the buzz around Smart Cities, ev­ery­thing from our elec­tric­ity me­ters and traf­fic sig­nals to bur­glar alarms and re­frig­er­a­tors can be con­trolled wire­lessly through the in­ter­net. Even if all the doors are locked, a ma­li­cious pres­ence could en­ter your home dig­i­tally, through thin air. These are the kind of threats we are in­creas­ingly go­ing to have to guard against.

Pro­tect­ing the home­front

Qatar is no stranger to cy­ber threats. With the coun­try ac­count­ing for a quar­ter of global gas ex­ports, any dis­rup­tion of the LNG in­dus­try can have mas­sive re­gional and global im­pli­ca­tions. The Shamoon virus, which in­fected over 30,000 com­put­ers in Saudi Aramco in neigh­bour­ing KSA, man­aged to cross in Qatar nine days later and breach the sys­tems at RasGas as well. No dam­age was done and pro­duc­tion was not af­fected, mainly thanks to good prac­tices within the com­pany which en­sured that the cor­po­rate and plant net­works were sep­a­rated, ac­cord­ing to Omar Sherin, Critical In­for­ma­tion In­fra­struc­ture Pro­tec­tion Man­ager at ic­tQatar's cy­ber se­cu­rity divi­sion. More­over, with the po­lit­i­cal un­rest in the re­gion and the in­creas­ingly large role Qatar is play­ing in Mid­dle Eastern and global geopol­i­tics, the coun­try has come un­der the radar of groups like the Syr­ian Elec­tronic Army who last year man­aged to dis­able several govern­ment web­sites. In light of the Global Fi­nan­cial In­dex sur­vey, which placed Doha among the top 30 fi­nan­cial cen­tres in the world (and No 1 in the re­gion), it's not sur­pris­ing that a lot of eyes are on the vast amounts of money mak­ing its way into and out of Doha. Also after the bad press the coun­try has been re­ceiv­ing in the global me­dia due to its labour rights vi­o­la­tions, it wasn't too long be­fore Qatari in­ter­ests were tar­geted by “hack­tivists”, like the ones who tem­po­rar­ily took over FC Barcelona's ( be­ing spon­sored by Qatar Air­ways) Twit­ter ac­count ear­lier this year and broad­cast a tor­rent of rants and ac­cu­sa­tions against Qatar to mil­lions of fol­low­ers.

But Qatar's for­ward-think­ing ICT strat­egy has helped it get ahead of the game. The Qatar Cy­ber Emer­gency Re­sponse Team (Q-CERT) was formed in 2006 and was the first of its kind in the re­gion. “We were the first CERT from the re­gion to be recog­nised in­ter­na­tion­ally and join the FIRST (Fo­rum of In­ci­dent Re­sponse and Se­cu­rity Teams; “a sort of UN for na­tional and qual­i­fied pri­vate CERTs”). Now, of course, other GCC coun­tries, like the UAE, Kuwait, Bahrain, KSA and Oman, have their own na­tional CERTs and we'd like to think that Q-CERT was a main driver to­wards this. In fact, when we started talk­ing about safe­guard­ing our critical in­fra­struc­ture back in 2007,

it was still a new con­cept, even in some of the western coun­tries,” says Hamid Sadiq, Depart­ment Man­ager at Q-CERT. The cy­ber se­cu­rity divi­sion of ic­tQATAR has de­part­ments that deal with var­i­ous aspects of on­line se­cu­rity such as in­ci­dent re­sponse, foren­sics, threat in­tel­li­gence, na­tional stan­dards and po­lices, pub­lic in­fra­struc­ture and train­ing and aware­ness.

Q-CERT's In­ci­dent Han­dling and Dig­i­tal Foren­sics Man­ager, Mounir Ka­mal, states that dur­ing the last five years there were ma­jor in­ci­dents tar­get­ing im­por­tant sec­tors in Qatar, aimed at steal­ing con­fi­den­tial in­for­ma­tion to be an­nounced as data leak­age or used il­le­gally. These have mainly been pos­si­ble be­cause of: De­tec­tive is­sues: Tar­geted at­tacks that use ad­vanced method­ol­ogy to by­pass se­cu­rity con­trols like an­tivirus, fire­walls, in­tru­sion de­tec­tion and other tech­nol­ogy so­lu­tions which there­fore they can't be de­tected some­times. Re­ac­tive is­sues: And more com­monly in the coun­try, tar­geted at­tacks that may go through a long and slow process, tak­ing a lit­tle step each time, that can't be de­tected and are easy to get ne­glected or mis­in­ter­preted. This is why or­gan­i­sa­tions re­port in­ci­dents when they are well in their fi­nal phases when the im­pact of in­ci­dent be­comes very clear and, of­ten, pub­lic. Q-CERT's method­ol­ogy is fo­cused on the 5Ws - What, When, Who, Where and Why. “These 5Ws will give us a clear pic­ture of how an at­tacker man­aged to com­pro­mise the said per­sonal ac­count, critical in­fra­struc­ture or even gov­ern­men­tal data, and un­der­stand vul­ner­a­bil­i­ties,” Ka­mal says. Through train­ing and ed­u­ca­tion, the cen­tre also em­pha­sises on “cre­at­ing a cul­ture of se­cu­rity in the so­ci­ety”. “Ad­vanced at­tacks or hid­den en­e­mies are tricky to de­tect and some­times un­avoid­able due to the ad­vanced method­ol­ogy they use, tar­get­ing all cat­e­gories like de­vel­op­ers, sys­tem ad­min­is­tra­tor, se­cu­rity ad­min­is­tra­tor and even reg­u­lar users, There­fore it is highly piv­otal to raise se­cu­rity sense among peo­ple and en­able them to de­tect any strange be­hav­iour no mat­ter how small it is.”

We were par­tic­u­larly in­ter­ested to talk to Sherin to gain an in­sight into the se­ri­ous­ness of the threat to our critical in­fra­struc­ture and to find out what the govern­ment is do­ing to keep it safe.

“Any sec­tor that con­trib­utes di­rectly to how life is con­ducted in the coun­try is con­sid­ered critical,” ex­plains Sherin. “In Qatar these have been iden­ti­fied as en­ergy, fi­nance, tele­com, govern­ment and health­care. The sec­ond tier in­cludes food, water, me­dia, ed­u­ca­tion, etc. This, of course, varies from coun­try to coun­try. The US, for ex­am­ple, has 18 critical sec­tors like nu­clear, rail­ways and postal ser­vices.” Next comes for­mu­lat­ing a list of the big play­ers who drive that par­tic­u­lar sec­tor. “They are not nec­es­sar­ily just the fa­mous names but could be a small com­pany that has a di­rect im­pact on the econ­omy. So once the com­pany has been deemed critical, their as­sets be­come critical.” The new Critical In­for­ma­tion and In­fra­struc­ture Pro­tec­tion (CIIP) law will now make it manda­tory for these com­pa­nies to con­form to cer­tain stan­dards is­sued by ic­tQATAR, which had not pre­vi­ously been the case. “Work­ing with the Q-CERT will no longer be op­tional and in ad­di­tion to that, you'll have to ful­fill cer­tain cri­te­ria like hav­ing some­one from your man­age­ment be re­spon­si­ble for se­cu­rity, have a strat­egy in place for busi­ness con­ti­nu­ity and re­cov­ery (which has to be pe­ri­od­i­cally au­dited and tested), have ba­sic in­ci­dent han­dling ca­pa­bil­ity and fol­low a stan­dards like the ISO 27001 or Qatar's own cy­ber se­cu­rity stan­dards NIAP 2.0 or in­dus­try spe­cific stan­dards like the Na­tional In­dus­trial Con­trol Sys­tems Se­cu­rity Stan­dards.”

Q-CERT of­fers a whole pack­age of ini­tia­tives that a com­pany can ben­e­fit from dur­ing dif­fer­ent pe­ri­ods in its life­cy­cle; be­fore, dur­ing and after an at­tack, Sadiq says. When a Qatari com­pany is look­ing for a trusted part­ner to re­spond with a team on the ground, give ex­pert ad­vice and work with the com­pany's own cy­ber se­cu­rity team to re­pel the at­tack, Q-CERT is a nat­u­ral choice. “Over the years we have built a great level of trust with the or­gan­i­sa­tions here and they are more will­ing to share their sen­si­tive in­for­ma­tion with us, than a third party out­side the coun­try. Be­sides we are based lo­cally and there­fore the first to re­spond and are a free govern­ment ser­vice.”

Fur­ther­more, over the years more than 100 ICS en­gi­neers have been trained by Q-CERT, the course en­tirely sub­sidised by the govern­ment, in pro­tect­ing in­dus­trial plants. “An­other way we stay ahead is by co­or­di­na­tion and team ef­fort with other CERTs,” Sadiq says, “By na­ture, CERTs are de­signed to share and are meant to be hubs of col­lect­ing and dis­sem­i­nat­ing knowl­edge. The GCC CERT in the re­gion meets reg­u­larly, as does the Is­lamic CERT (OIC-CERT). There is even an ini­tia­tive to es­tab­lish an Arab CERT.”

RSA Re­gional Direc­tor, Turkey, Emerg­ing Africa & Mid­dle East, Ahmed Ab­della

says that Q-CERT has been do­ing a fan­tas­tic job be­cause they con­tin­u­ally strive to match global stan­dards and best prac­tices by co­op­er­at­ing with and talk­ing to other CERTs and or­gan­i­sa­tions like the ISO in com­ing up with pro­pri­etary stan­dards. “There are sim­i­lar ini­tia­tives in other coun­tries in the GCC but the Qatari govern­ment is very much at the fore­front when it comes to de­vel­op­ing na­tional stan­dards,” he says.

A frame­work for se­cu­rity

As part of ic­tQATAR's Na­tional In­for­ma­tion As­sur­ance frame­work, a Na­tional ICS stan­dard has been re­leased; a first in the re­gion, that Sherin ex­plains, is one of their out­stand­ing projects. The Na­tional ICS Stan­dards, four years in the mak­ing, are re­viewed and up­dated an­nu­ally, as op­posed to other stan­dards which go through the process only once ev­ery five years. They are of­ten writ­ten in as­so­ci­a­tion with the rel­e­vant com­pa­nies and in­cor­po­rate global best prac­tices and lessons learnt from in­ci­dents in­side Qatar. The Na­tional SCADA stan­dard is now in its third edi­tion.

Ashraf Ali Is­mael, as the Na­tional In­for­ma­tion As­sur­ance Man­ager and Samir Pawaskar as the Pol­icy & Strat­egy Man­ager, are at the fore­front of draft­ing and pub­lish­ing these stan­dards. “NIA looks at in­for­ma­tion se­cu­rity as a struc­ture based on three main pil­lars - peo­ple, pro­cesses and tech­nol­ogy. We strive to raise ma­tu­rity lev­els from the bot­tom-up when it comes to cy­ber se­cu­rity - how data is recog­nised and han­dled across var­i­ous lev­els. A lot of se­cu­rity breaches come from poor pro­cesses in han­dling data in its dif­fer­ent states - in process, in tran­sit or stored. So we wanted to build a frame­work to se­cure the coun­try with­out ob­struct­ing the flow of in­for­ma­tion which is the driv­ing force for in­no­va­tion and cre­ativ­ity. And we not only bring out these reg­u­la­tions, but also pro­vide a train­ing path to help com­pa­nies im­ple­ment them and cre­ate a list of tools that'll help make the move, of­ten with the help of pri­vate ven­dors,” he says.

Over the years, the NIAF has pro­posed, drafted and de­vel­oped several laws, stan­dards and po­lices which are cur­rently at dif­fer­ent stages - some have al­ready been en­acted while some are in draft mode. “Among the laws, cur­rently only the E-com­merce Law has been pub­lished and en­acted.

The Cy­ber­crime Law, a MOI Project, is in the ap­proval stages. As you prob­a­bly know, this is a very sen­si­tive law; and rest as­sured we want to make the in­ter­net safe with­out mak­ing peo­ple afraid to use such tools as an enabler to cre­ative thoughts and knowl­edge ac­qui­si­tion. The other laws wait­ing to be rat­i­fied are the Data Pri­vacy Pro­tec­tion Law and the CIIP law.”

The Qatar Na­tional In­for­ma­tion As­sur­ance Pol­icy is “a com­pre­hen­sive man­ual that cov­ers tech­ni­cal and process-re­lated aspects of in­for­ma­tion se­cu­rity. This is based on ISO stan­dards but lo­calised tak­ing into con­sid­er­a­tion the coun­try's unique­ness - cul­ture, sources of na­tional in­come, in­dus­tries,” Is­mael says. “Right now it is manda­tory but not en­forced be­cause we are work­ing to build ma­tu­rity around the im­por­tance of com­pli­ance. But this will form the corner­stone of ev­ery or­gan­i­sa­tion's ISMS (in­for­ma­tion se­cu­rity man­age­ment sys­tem) which is what we are all work­ing for.” The truth of the mat­ter is that re­sis­tance is nat­u­ral, es­pe­cially in busi­ness which tend to only look at re­turns on in­vest­ment, Is­mael says. “ROI is not ob­vi­ous when it comes to in­for­ma­tion se­cu­rity and it is hard to put a mone­tary value on se­cu­rity in­ci­dents and push for some­thing based on prob­a­bil­i­ties and what-if sce­nar­ios.” This is why it is more ef­fec­tive to ed­u­cate com­pa­nies and in­di­vid­u­als, rather than en­force com­pli­ance, so that they recog­nise the need for these guide­lines and adopt them will­ingly.

The devel­op­ment of each of these stan­dards, based on ex­ten­sive study, re­search and for­ward-think­ing that keeps in mind the new threats cre­ated by adop­tion of new tech­nol­ogy, is a struc­tured process, Is­mael says. “Once the first draft has been drawn up, it is sub­mit­ted for in­ter­nal re­view. Then we in­vite stake­hold­ers from the in­dus­try to re­view it and col­lect feed­back.” The cy­cle is re­peated un­til a prac­ti­cal ver­sion of the reg­u­la­tions has been ar­rived at, ap­proved and pub­lished. But the work doesn't end there. “All of the stan­dards are re­vised ev­ery year; some­times even more than once, es­pe­cially when emer­gency up­dates are needed.”

As more and big­ger in­fra­struc­ture start com­ing on­line, the need of these in­dus­try-spe­cific stan­dards will keep grow­ing. “Many of the mega projects by them­selves will con­sti­tute a sec­tor, each need­ing its

own stan­dards and poli­cies,” Is­mael points out. “Qatar Rail is one such huge project that will re­quire spe­cific at­ten­tion from us to en­sure se­cure op­er­a­tion of the trains which will all be smart, driver­less and guided by com­puter sys­tems. Reg­u­la­tions would also have to be put into place to gov­ern the safe use of high-speed in­ter­net for pas­sen­gers, the abil­ity to book tick­ets on­line, etc.” Ad­di­tion­ally, the World Cup 2022 projects would need IT reg­u­la­tions, as would the smart grids and smart me­ters that Kahra­maa is very keen to adopt. “This will lead to ef­fi­cient use of en­ergy but will also in­tro­duce un­think­able new threats to pri­vacy and na­tional en­ergy re­sources. We have to recog­nise these and put in place pre­ven­tive mea­sures to guard against them,” he says.

A re­gion un­der at­tack

“The Mid­dle East has seen the worst viruses in his­tory over the past three-four years. No other re­gion has gone through what we went through,” says Sherin solemnly. “Bugs like Flame, Duku, Shamoon, these are noth­ing like the viruses that you see at home. They are called APTs (ad­vanced per­sis­tent threats), like Stuxnet, the mal­ware that hit the Ira­nian nu­clear fa­cil­ity. It was a tar­geted at­tack, de­signed to work only on the fa­cil­ity's net­work. And though many of these orig­i­nated here in the re­gion, they even­tu­ally spread to in­fect more than 120 coun­tries world­wide, mov­ing through USBs and some are even avail­able for down­load on­line.”

Beek also says that the McAfee Cy­ber De­fense Cen­tre, which “mon­i­tors threats in the re­gion and proac­tively helps pro­tect cus­tomers”, has been busy of late. The abil­ity to re­ally zoom in on a coun­try and have a bird's eye view of the com­mo­tion on the ground, be it mal­ware threats or bot­net at­tacks or even trad­ing of stolen in­for­ma­tion like credit card data, has helped the cen­tre warn its clients of im­pend­ing at­tacks and fa­cil­i­tate faster re­cov­ery, he says. De­pend­ing on the size of the com­pany and the scale of the at­tack, it might take up to seven days to get an in­fected sys­tem back to nor­mal, ac­cord­ing to Beek.

When it comes to the GCC at least, we carry the sense of se­cu­rity we feel in the phys­i­cal world to our on­line world, which has been our un­do­ing, Ab­della says. “The rea­son we tend to lag be­hind in this re­gion, in terms of cy­ber se­cu­rity, when com­pared with other more de­vel­oped coun­tries in the US and Western Europe, is partly be­cause of this fake sense of se­cu­rity. We leave our cars run­ning on the streets and come back to find it ex­actly as it was, but this is not how it works on­line,” he says.

And wor­ry­ingly, the skills and re­sources re­quired to mount at­tacks on in­di­vid­u­als and com­pa­nies are be­com­ing in­creas­ingly com­mon. “We see more and more tools be­ing pub­lished on­line, more knowl­edge be­ing shared. Even five years ago, at­tack­ing, say a plant, would have been very re­source in­ten­sive. You'd need a team with dif­fer­ent skill sets, com­ing to­gether to an­a­lyse, plan and ex­e­cute the at­tack over a long time, us­ing a lot of dif­fer­ent kinds of tools and re­quir­ing a lot of fund­ing. But this is not the case any­more, which is bad for us, the good guys,” says Sherin. “Some web­sites will, for a fee, cus­tom-build mal­ware to at­tack cer­tain soft­ware. They even have after sales and cus­tomer ser­vice sup­port with money-back guar­an­tees,” he says wryly, “Real top of the line ser­vice.”

In the case of per­sonal at­tacks, you don't even have to be smart any­more, it's

just a mat­ter of col­lect­ing in­for­ma­tion un­til enough is known about you to cre­ate a tar­geted at­tack, Baskaya says. And most tra­di­tional anti-viruses, be they on PC or mo­bile, are help­less against this kind of so­cially-en­gi­neered, non-sig­na­ture based mal­ware. These are of­ten sur­pris­ingly easy to cre­ate too, be­cause of all the in­for­ma­tion out there; the re­gion as a whole loves tech­nol­ogy, they un­der­stand it, it's cul­tur­ally im­por­tant to them and they love to share. It is, of course, pos­si­ble to stay rel­a­tively safe once you es­tab­lish a code of con­duct for your­self when you are on­line. Com­pa­nies need to do the same, by im­ple­ment­ing best prac­tices and fol­low­ing a recog­nised set of stan­dards.

The ABC of data se­cu­rity

EMC Cor­po­ra­tion's RSA pro­vides se­cu­rity so­lu­tions to a num­ber of fi­nan­cial, tele­com, govern­ment and oil and gas com­pa­nies in Qatar. At an all-day cy­ber se­cu­rity event hosted by the com­pany in Doha re­cently, Ab­della pointed out some of the ‘pil­lars' that each com­pany must put in place to pro­tect its data. “Pri­mar­ily, it's most im­por­tant to have a vis­i­bil­ity layer that al­lows them to see what is hap­pen­ing across their net­works and in­fra­struc­ture, alert­ing them to anom­alies which of­ten hap­pen dur­ing an at­tack,” he says. “Ev­ery com­pany can be ex­pected to be at­tacked one way or the other,” Sadiq echoes, “The in­ter­net, by de­fault, is not a se­cure place and there is no 100% se­cu­rity. A com­pany has good cy­ber se­cu­rity if it can de­tect an at­tack early and re­cover quickly with min­i­mum dam­age.”

“Se­condly,” Ab­della con­tin­ues, “the com­pany needs to have iden­tity man­age­ment and gov­er­nance, en­sur­ing that the right peo­ple have ac­cess to the right in­for­ma­tion and are au­tho­rised to do cer­tain things. Third, there needs to be a gov­er­nance risk and com­pli­ance which has poli­cies in place to track vi­o­la­tions and pre­vent them from hap­pen­ing, thus pro­tect­ing the com­pany's in­fra­struc­ture, em­ployee and cus­tomer in­for­ma­tion.”

The prob­lem lies in the fact that big, old com­pa­nies have a lot of le­gacy; they have been run­ning for decades and dig­i­tal architecture has been con­tin­u­ally added on top of these sys­tems, re­sult­ing in a del­i­cate bal­ance. There is no doubt, change is ben­e­fi­cial. What was once iso­lated and pro­pri­etary is now in­te­grated. Pro­cesses can be mon­i­tored, con­trolled and op­er­ated re­motely; trou­bleshoot­ing can be done from thou­sands of miles away and hand held de­vices can mimic the plant's hu­man-ma­chine in­ter­faces. But pro­tect­ing this architecture be­comes in­creas­ingly dif­fi­cult and im­por­tant due to all the new ac­cess points. Mo­bil­ity is only com­pound­ing this prob­lem. And the ques­tions sur­round­ing cy­ber se­cu­rity in the era of Smart Cities are res­onat­ing around the world, with con­cerns about pri­vacy vi­o­la­tions and unau­tho­rised ac­cess to de­vices con­nected to the net­work.

The at­tacks so far in Qatar have been very com­plex and this isn't likely to change. In re­cent cases, the per­pe­tra­tors knew what they were do­ing and tar­geted the in­for­ma­tion they were after with clin­i­cal pre­ci­sion. But, wor­ry­ingly, most of the com­pa­nies that have ap­plied for Q-CERT's help in the past “did not have the right pro­tec­tive mea­sures in place”, ac­cord­ing to Ka­mal. “This is nor­mal,” he shrugs, “be­cause it's still new and not ev­ery­one is ready. But, pre­dictably, once they have been hit once, they im­me­di­ately start to ap­ply in­for­ma­tion se­cu­rity sys­tems by the book, em­ploy­ing pro­fes­sional teams and pro­cesses. And once there is a ma­jor in­ci­dent in the sec­tor, other com­pa­nies in the in­dus­try, wary of be­ing the next, ap­proach us with queries. This has hap­pened in me­dia, govern­ment and en­ergy sec­tors in Qatar in the past,” he says. For many of them, this was long over­due. For those who un­der­es­ti­mate the risks, lessons will have to be learned the hard way

42 > QATAR TO­DAY > MAY 2014

QATAR TO­DAY > MAY 2014 > 43

"WE WERE THE FIRST CERT FROM THE RE­GION

TO BE RECOG­NISED IN­TER­NA­TION­ALLY AND

JOIN THE 'FO­RUM OF IN­CI­DENT RE­SPONSE AND

SE­CU­RITY TEAMS'. "

HAMID SADIQ Q-CERT Depart­ment Man­ager, ic­tQATAR

"THE ABIL­ITY TO RE­ALLY ZOOM IN ON A COUN­TRY

AND HAVE A BIRD'S EYE VIEW OF THE COM­MO­TION ON THE GROUND HAS HELPED THE MCAFEE CY­BER DE­FENSE CEN­TRE WARN ITS CLIENTS OF IM­PEND­ING AT­TACKS AND FA­CIL­I­TATE FASTER

RE­COV­ERY."

CHRIS­TIAN BEEK idi­rec­tor of In­ci­dent Re­sponse and Foren­sics for EMEA

at McAfee Strate­gic Se­cu­rity Found­stone Ser­vices

"IN QATAR, CRITICAL SEC­TORS HAVE BEEN IDEN­TI­FIED AS EN­ERGY, FI­NANCE, TELE­COM, GOVERN­MENT AND HEALTH­CARE."

OMAR SHERIN Head of Critical In­fra­struc­ture Pro­tec­tion at

ic­tQatar's cy­ber se­cu­rity divi­sion

"THE QATARI GOVERN­MENT IS VERY MUCH AT THE FORE­FRONT

WHEN IT COMES TO DE­VEL­OP­ING NA­TIONAL STAN­DARDS FOR CY­BER

SE­CU­RITY."

AHMED AB­DELLA RSA Re­gional Direc­tor, Turkey, Emerg­ing Africa &

Mid­dle East

THE QATAR NA­TIONAL

IN­FOR­MA­TION AS­SUR­ANCE POL­ICY

WILL FORM THE CORNER­STONE OF EV­ERY

OR­GAN­I­SA­TION'S ISMS (IN­FOR­MA­TION SE­CU­RITY MAN­AGE­MENT SYS­TEM), WHICH IS WHAT WE ARE

ALL WORK­ING FOR.

ASHRAF ALI IS­MAEL Na­tional In­for­ma­tion As­sur­ance Man­ager

ic­tQatar

MOST OF THE COM­PA­NIES

THAT HAVE AP­PLIED FOR Q-CERT'S HELP IN THE PAST DID NOT HAVE THE RIGHT PRO­TEC­TIVE MEA­SURES IN PLACE.

MOUNIR KA­MAL In­ci­dents Han­dling and Dig­i­tal Foren­sics Man­ager at

Q-CERT, ic­tQATAR

Newspapers in English

Newspapers from Qatar

© PressReader. All rights reserved.