Qatar’s cyber security team doubles efforts to protect the nation
KHALID AL-HASHMI, ASSISTANT UNDERSECRETARY FOR CYBER SECURITY, QATAR
Qatar’s Computer Emergency Response Team (Q-CERT) was formed in 2005 to accelerate the availability and adoption of effective cyber security measures, practices and policies.
Over the years, Q-CERT has become a national asset in the field of cyber security and has been a catalyst in the dramatic evolution in the nation’s cyber security sector. For 10 years, Q-CERT has successfully coordinated responses to internet security incidents and has taken a proactive approach to securing the nation.
Since cyber security is not just a technology issue — it’s a matter of national policy — Qatar has doubled its efforts to reduce cyber security risks. In 2013, the prime minister of Qatar formed a national Cyber Security Committee to ensure all public and private entities are aware of the threat and are following proper procedures. The committee developed Qatar’s National Cyber Security Strategy to improve cyber security posture and ensure the nation’s continued growth.
With the aim of providing a wide range of specialized services, Q-CERT has successfully delivered more than 15 information security services to its constituents. They include incident response, forensics, malware analysis, technical security assessments, workforce training, specialized security advice and cyber security awareness. The number of services continues to increase to meet the needs of the cyber security market.
Incident response
The team triaged nearly 2,000 incidents in the past three years, and the pace is expected to accelerate. This increase can be attributed to the growing number of cyber threats and to a greater awareness of the cyber security team’s work. As a result, more incidents are being reported.
Cyber security intelligence
To stay vigilant against potential cyber threats, Q-CERT has developed advanced solutions that focus on monitoring and studying the cyber threat landscape and has created analytical tools to detect threats.
AFP/GETTY IMAGES
A threat monitoring system was developed by the cyber security team in 2011. It collects threat information from worldwide sources, aggregates and parses those feeds, and analyzes them for threats to the nation. To counter those threats, alerts are sent to government and critical infrastructure organizations whose networks may possibly be targeted. The collection of data happens through agreements with international organizations, vendors and international government organizations. The threat monitoring system is capable of processing tens of millions of records.
During the past three years, over 850 million records related to cyber threats have been processed. The threats detected in Qatar included 3.77 million infections to home and corporate networks. In response, over 50,000 threat alerts were sent to Q-CERT’s Incident Handling Team to verify, investigate and counteract. Q-CERT also performed Domain Name Service log analysis for over 50 organizations, processing more than 450 million records.
Cyber security resiliency
The cyber resiliency function within Q-CERT provides organizations with proactive measures to ensure they have secure and resilient information systems. The cyber resiliency team developed its own Technical Security Assessment Framework derived from international standards and methodologies, such as U.S. National Institute of Standards and Technology and the nonprofit organization Open Web Application Security Project. Based on that framework, it offered technical and government assessments to constituents. Technical security assessments consist of vulnerability assessments, penetration testing and initial vulnerability scanning. New governance assessment services were developed and launched in 2014, such as Network Design Review and National Information Assurance Baseline Assessments.
Forty-seven technical security assessments were conducted to critical sector organizations in the past three years, many of them to determine system vulnerabilities and to test penetration defenses. Additionally, the cyber security division undertook special projects to verify compliance and alignment with National Information Assurance Policy, projects that included physical security assessments of a data center facilitator.
security training and awareness
Working with stakeholders, the team has helped organizations achieve dramatic improvements in their cyber workforce development programs. The team provides technical programs and awareness content needed to develop and maintain a competent, skilled and effective cyber workforce.
During the past three years, the team successfully held 11 technical and management information security tracks through its partnership with several international institutes. Those courses were mainly targeted at government entities and critical infrastructure organizations. The total number of course attendees was 165, nearly 88 percent of whom were Qatari nationals. Two-thirds of the attendees worked for the government.
Information security risk management
To better support constituents and organizations in Qatar, the cyber security team has developed the Information Security Risk Management Framework. This framework is a structured yet flexible approach and can be aligned with the overall risk management framework of an enterprise. It provides the agencies with a systematic approach to identify, prioritize and manage information security risks and to comply with the National Information Assurance Policy.
An in-house tool kit was developed to optimize the risk management processes for organizations. This tool drives efficiency into the risk management process, while providing business with a better understanding of information security risks.
security crisis management
The cyber security team in the Ministry of Transportation and Communications Technology has taken a consultative approach to help organizations quantify and qualify their exposure to cyber threats, their business continuity management and their emergency situations. This approach ensures that critical sector organizations have the most appropriate and effective crisis management strategy.
The crisis management function ensures the readiness of critical sector organizations by conducting cyber security exercises at sector and national levels through Qatar’s National Cyber Security Drill.
The cyber security team has planned a series of cyber drills. The first, code named Star-1, was conducted in 2013 with an objective to institutionalize the fundamental knowledge of incident handling, crisis communication and situational awareness among critical sector organizations.
After the success of the first exercise, a more holistic one, code-named Star-2, brought together 34 participating organizations from the government, financial, energy, health care, transportation, utility and telecommunications sectors. In 2015, Star-3 focused on capacity building and building enterprise cyber defense strategies.
infrastructure licensing and identity
In 2010, Qatar enacted e-commerce and transactions law No. 16, which mandates that the Ministry of Information and Communication Technology regulate electronic signatures and digital certification in the state. In this role, the ministry represents the Policy Management Authority (PMA), which is responsible for licensing and supervising certification service providers in Qatar.
It also manages the National Root Certification Authority (NR-CA). Also, because Qatar lacks a national accreditation body, the PMA assumes the role of Conformity Assessment Bodies Authorizing Authority. The PMA is responsible for encouraging the international recognition of the Qatari NR-CA and the approval of foreign certification services through cross-certification.
The cyber security team received the first application for Certification Service Provider (CSP), processed it through a third-party auditor, and presented the final report to the PMA steering committee and the minister. The Ministry of Information and Communication Technology issued the Certification Practice Statement, by which all licensed CSPs should abide.
In December 2014, the minister of information and communications technology signed the first CSP license issued in Qatar. The license was issued to the Ministry of Interior, authorizing it to provide all necessary services, which include maintaining an infrastructure for public keys, providing services related to electronic signature, and issuing digital certificates.
In conclusion, through the Cyber Security program, the Q-CERT team addresses and responds to risks that may arise with the technology we use, and aims to identify, validate, promote and sustain the adoption of cyber security best practices. By using technology and policy, the team aims to create a world in which best practices become standard practices.