Cyber Defenders
Qatar’s Computer Emergency Response Team builds resilience against online threats
KHALID AL-HASHMI, ASSISTANT UNDERSECRETARY FOR CYBER SECURITY, QATAR
As Qatar’s dependence on cyberspace and information technology grows, the resilience and security of this infrastructure become ever more important. The government of Qatar has realized the need for driving the adoption of cyber security and safety within the nation and has been working tactically to address prevalent threats.
Qatar’s 2030 vision lists a number of strategic areas of importance to the nation, some of which prioritize cyber safety and security. The main areas addressed strategically are the following:
Human development: Within this category is a requirement to provide education responding to current and future needs of the labor market. This includes grooming a technological and security-savvy workforce. A key requirement is providing certification and training to the local population.
Social development: Qatar emphasizes maintaining a secure, confident and stable society. This requires a set of frameworks and ecosystems that would allow social development to thrive online.
Economic development: It is important to maintain financial and economic stability by having a secure and efficient financial system and energy sector. Qatar derives much of its economic activity from energy exports, and this part of the economy must be made resilient against cyber threats.
Leading the way is Qatar’s Computer Emergency Response Team (Q-CERT). It was formed in 2005 to catalyze change, specifically to accelerate the widespread availability and adoption of effective cyber security measures, practices and policies.
Since its establishment, the Q-CERT team has gone from being a department that coordinates responses to internet security incidents to a complete division working on initiatives that take a proactive approach to secure the nation.
With the aim of providing a wide range of specialized services, Q-CERT has succeeded in delivering over 17 different information security services to meet the needs of constituents. Some of these services include incident response, forensics, malware analysis, technical security assessments, cyber security workforce development training, specialized security advice and cyber security awareness. Services keeps increasing according to the needs of the national market in the field of cyber security.
Incident response
The total number of incidents triaged by the team in the past three years has reached 2,945. This tally is governed by many factors, some of which are the increasing number of threats. Other factors may be a better knowledge of the cyber security team’s work in this area and higher information security maturity levels by professionals in other organizations; hence, more incidents are reported.
Cyber security intelligence
To stay vigilant against possible cyber threats, Q-CERT has developed state of the art solutions that focus on monitoring and studying the cyber threat landscape in addition to developing security analysis tools that help in threat detection.
The threat monitoring system was internally developed by the cyber security team in 2011. The system collects threat information worldwide, aggregates and parses those feeds and analyzes them for threats relevant to the nation.
To help counteract those threats, alerts are sent to government and other owners of infrastructure that may be targeted. The collection of data occurs through agreements with international organizations, vendors and international government organizations. The threat monitoring system is capable of processing tens of millions of records.
Over three years, more than 951 million records of threat information were processed. Threats detected and discovered in Qatar during these years reached 4.77 million infections covering home and corporate networks. In response, Qatar sent over 100,000 possible threat alerts to notify Q-CERT’s incident handling team to start verification and investigation and implement countermeasures. Q-CERT also performed Domain Name System (DNS) log analysis for over 50 organizations, processing over 650 million DNS records.
Cyber resilience
The cyber resilience function within Q-CERT provides organizations in Qatar with proactive measures to ensure security and resilience in information systems.
Cyber resilience developed its own technical security assessment framework, derived from international standards and methodologies such as the National Institute of Standards and Technology and the Open Web Application Security Project. Based on these frameworks, technical and governance assessments are offered to constituents. Technical security assessments consist of: vulnerability assessments, penetration testing and initial vulnerability scanning. New governance assessment services were developed and launched in 2014, such as Network Design Review and National Information Assurance Baseline Assessments.
Ninety-seven technical security assessments were conducted for critical sector organizations in the past three years. Vulnerability assessments were most popular, followed by penetration testing. These numbers rely on the demand from constituents for these services. Moreover, the cyber security division conducted special projects to verify compliance and alignment with the National Information Assurance Policy such as conducting Physical Security Assessment of a Data Center facilitator.
Training and awareness
Working with stakeholders, the team has developed solutions to help organizations achieve dramatic improvements in their cyber workforce development programs. The team provides organizations with technical programs and awareness content needed to develop and maintain a competent, skilled and effective cyber workforce.
Over three years, the team successfully held 18 technical and management information security courses through its partnerships with several international institutes. Those courses mainly targeted government entities and critical infrastructure organizations. The total number of attendees was 365 — 87.5 percent of them Qatari nationals. Two-thirds of the Qataris came from the government sector.
Information security risk management
To better support constituents and organizations in Qatar, the cyber security team has developed the Information Security Risk Management Framework. It is a structured yet flexible approach and can be aligned with the overall risk management framework of an enterprise. It provides agencies with a systematic approach to identify, prioritize and manage information security risks and to comply with the requirements of the National Information Assurance Policy.
An in-house toolkit was developed and provided within the framework to optimize information security risk management processes for organizations. This tool drives efficiency into the risk management process, while providing a more defined view into information security risks.
Crisis management
The cyber security team in the Ministry of Transportation and Communications Technology has taken a consultative approach to help organizations quantify and qualify their exposure to cyber threats, business continuity management and emergencies. This approach ensures that critical sector organizations adopt the most appropriate and effective crisis management strategy.
The crisis management function ensures readiness of critical sector organizations by conducting cyber security exercises at sector and national levels.
The cyber security team has conducted a series of cyber drills. The first one, Star-1, occurred in 2013 with an objective to institutionalize the fundamental knowledge of incident handling, crisis communication and situational awareness among critical sector organizations.
After the success of the first exercise, a more holistic one, Star-2, brought together 40 participating organizations from the government, financial, energy, health care, transportation, utilities and telecommunications sectors. In 2017, Star-5 focused on crises management and continuity with almost 75 participants representing various critical sectors, and the plan for 2018 is to develop scenarios to assess Qatar’s readiness to host FIFA’s 2022 World Cup soccer tournament.
Identifying key public infrastructure
Eight years ago, Qatar enacted e-commerce and transactions law No. 16 of 2010, which mandates that the Ministry of Information and Communications Technology regulate electronic signatures and digital certification. In this regard, the ministry represents the Policy Management Authority (PMA), which is responsible for licensing and supervising certification service providers in Qatar. It also manages the National Root Certification Authority (NR-CA).
Also, owing to the absence of a national accreditation body in Qatar, PMA will play the role of the Conformity Assessment Bodies Authorizing Authority. PMA is responsible for encouraging the international recognition of the Qatari NR-CA and the approval of foreign certification services through cross-certification.
The cyber security team has received the first application of a certification service provider, audited the applicant through a third-party reviewer, and issued the final report to the PMA steering committee and the minister.
In December 2014, the minister of information and communications technology signed the first certified service provider license to be issued in Qatar. The license is issued to the Ministry of the Interior, which is authorized to provide all necessary services, including maintaining an infrastructure for public keys, providing electronic signature services, and issuing digital certificates.
In Qatar’s cyber security sector, the Q-CERT team proactively and reactively addresses risks that may arise with technology. The team aims to identify, validate, promote and sustain the adoption of cyber security best practices using well-trained people, technology and policies. Q-CERT hopes to create a world in which cyber security best practices are universal.
Comments are closed.