Conference draws experts from the Middle East, Central Asia and the United States
There are many ways to cripple or shut down cyber networks. An action as simple as an employee opening a tainted email can cause real-world damage to critical infrastructure. That is why a comprehensive approach to cyber security is critical to national security. Power grids, water plants, hospitals, telecommunications systems, oil refineries and other major components of modern society must focus on current and potential threats from cyberspace.
The threat of such disastrous computer attacks is a major reason officials such as Staff Maj. Gen. Abdullah Al-Zahrani, director of communications and information technology for Saudi Arabia’s Ministry of Defense, attended the U.S. Central Command’s sixth Central Region Communications Conference (CRCC) in Washington, D.C., in April 2016. Fellow professionals from the Middle East and Central Asia shared strategies for dealing with online threats from criminals, terrorists and hostile governments.
“Cyber attacks represent one of the fastest-growing threats faced by the region and the security of Saudi Arabia. The Saudi Ministry of Defense gives absolute priority to keep up with technology, command and control systems, and cyber security, especially after the problems and cyber intrusions on the Arabian Oil Company,” Maj. Gen. Al-Zahrani said.
“The Saudi Ministry of Defense is involved with all state agencies in the coordination, planning and strategies on cyber security and protection of critical infrastructure information, and we have made significant progress in the field of electronic government.”
This year’s CRCC brought together participants from Afghanistan, Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia and the United Arab Emirates. Co-hosting the event with U.S. Central Command (CENTCOM) were the U.S. Department of State and the U.S. Federal Communications Commission.
For three days, the conference helped build relationships and dialogue among information and communications technology leaders on the topic of improving cyber security — especially regarding critical infrastructure protection.
“There are no shortages of challenges in this arena,” said Maj. Gen. Kenneth Wilsbach, former acting deputy commander of CENTCOM.
UNIPATH STAFF
What makes the event so unique is the opportunity for military, academic, government and industry experts to gain new perspectives on each other’s sectors and roles in national security. Brig. Gen. Peter Gallagher, CENTCOM’s then director of Command, Control, Communications and Computer Systems, and chief information officer, has participated in four previous CRCCs and expressed pride in the robust dialogue and frank discussions about agencies and organizations accepting greater responsibility for cyber protection.
“CRCC is a platform to focus on priorities,” Brig. Gen. Gallagher explained. “We must be motivated and inspired to set the conditions for our own success.”
During this year’s CRCC, participants were given the United States Central Command Cybersecurity Handbook for Partner Nations. The handbook provides an overview of the cyber security standards and processes for partner nations to receive, store, process, display or disseminate applicable U.S. classified military information.
Such sharing was appreciated by Maj. Gen. Al-Zahrani, who explained that Saudi Arabia and the United States cooperate in technical consulting, protecting systems, strategic capabilities and physical protection. In addition, Saudi Arabia is a member of the International Telecommunication Union (ITU), the United Nations agency specializing in the field of information and communications technology.
“Since the exacerbation of cyberspace threats and problems, the kingdom demanded international legislation to protect cyber systems, and we aspire to be a key player in the ITU, protect infrastructure from cyber attacks, [and] prevent and address cyber attacks through international cooperation to counter cyber threats,” the general said.
Jordanian Brig. Gen. Ahmad Milhim attended CRCC for the first time, and he praised the sessions as “invaluable.” He is director of information security for the Jordan Armed Forces, and over the past few years his country has focused on increasing cyber security.
Recognizing the borderless nature of the internet, Brig. Gen. Milhim expressed support for a regional system to share cyber threats and build mutual resiliency against intrusions. “There is one cyberspace — not just a cyberspace for Jordan,” he said.
One mechanism for this type of information sharing is computer emergency readiness or response teams known as CERTs, explained Dr. Sherif Hashem, vice president for cyber security of Egypt’s Telecommunications Regulatory Authority (NTRA).
Egypt’s CERT, known as EG-CERT, was established in 2009 as part of NTRA and is charged with providing computer and information security incident response, support, defense and analysis against cyber attacks. Collaboration with government, financial entities and other critical information infrastructure sectors is key to the mission, Dr. Hashem explained. The organization provides a vital early warning system against malware spreading throughout systems and warns of attacks to critical information infrastructure.
“International cooperation is key to overcoming cyber security threats,” Dr. Hashem said, explaining that Egypt participates in regional and international cyber drills to ensure that the country’s experts recognize evolving threats and harden systems against attack.
Like Egypt, Oman also has a CERT team. According to the 2015 Global Cybersecurity Index, Oman ranked third in the world for countries best prepared for cyber attacks. The country is also a pioneer in offering e-government services to its citizens.
UNIPATH STAFF
“The Oman Computer Emergency Readiness Team [OCERT] was officially launched in April 2010 under the umbrella of the Information Technology Authority to seek a secured cyber environment for Omani users whether they are a public or private institution,” said Fahad Abdulaziz Al Saiyabi of Oman’s Coordination and Communication Agency. “OCERT is one of the eOman initiatives and considered to be the focal point for security incidents in the Sultanate.”
Cyber resilience was a topic throughout the conference as military, government and academic experts spoke about cyber security challenges.
Professionals from Microsoft, Dell, Cisco and Carnegie Mellon and Harvard universities discussed topics such as cloud technology, critical infrastructure protection and increasing the resiliency of systems after an attack. All agreed on one point: Cyber attacks are inevitable.
“Complexity is an adversary’s most effective weapon in the 21st century,” said Dr. Ronald Ross of the National Institute of Standards and Technology in the U.S.
Reducing the complexity of systems, developing a comprehensive risk management plan, fortifying systems against attack and increasing awareness of basic cyber security guidelines can have substantial benefits. “We all win when each one of us gets a little bit stronger,” Dr. Ross said.
Brig. Gen. Mubarak Saeed Al-Jaberi of the United Arab Emirates said his country’s top leaders are keen supporters of cyber security, which is why the UAE has taken a leading role in addressing cyber security issues, strategy, information, standards, regulations and laws.
“The UAE’s NESA [National Electronic Security Authority] introduced a national cyber information framework, and NESA is committed to protecting the UAE’s infrastructure from all cyber threats, utilizing the latest innovative technologies and setting cyber security strategies and policies,” Brig. Gen. Al-Jaberi said.
Like Brig. Gen. Milhim in Jordan, Brig. Gen. Al-Jaberi supported a global approach to curtailing threats. “Last year, we talked about building and creating an international task force, because information security is a joint responsibility,” he said.
Khalid N. Sadiq Al-Hashimi, an engineer who serves as undersecretary for cyber security and director of Qatar’s CERT in the Ministry of Transport and Communication, is a veteran of every CRCC since 2012. This year he focused his presentation on risk management and the importance of organizations taking responsibility for their own cyber security.
“Every year I see new colleagues, I see improvement, I see progress,” he said. “I see new ideas and new initiatives coming from the nations that participate in CRCC.”
As the conference ended, Brig. Gen. Gallagher voiced support for developing a mechanism for tracking the cyber security progress and achievements of other countries and connecting with partner countries more frequently than just during the annual conference. This can be done inexpensively using webinars.
The Way to a Secure Communications Future
While in Washington, D.C., for the 2016 U.S. Central Command Central Region Communications Conference, officials from Afghanistan, Bahrain, Egypt, Kuwait and Qatar participated in a round-table discussion with Federal Communications Commission (FCC) Chairman Tom Wheeler and senior FCC staff. Despite the diversity of activities and development in each nation, all participants agreed that providing affordable and reliable communications technologies in their respective countries was a common priority.
Wheeler welcomed the group with an overview of the FCC’s goals and challenges and noted that for many consumers, broadband has surpassed standard telephone services in terms of importance. Wheeler said that to keep pace with this evolution, the FCC’s Lifeline program, established in 1985 to make telephone service affordable for low-income Americans, has been modernized to enable subscribers to purchase discounted broadband services.
Wheeler noted the benefits of encouraging openness and competition in the communications sector, illustrated by the “virtuous circle” created if the internet is kept free of unnecessary restrictions. Internet openness spurs investment and development by application and content providers, which leads to increased consumer demand for broadband access, which leads to increased investment in broadband network infrastructure and technologies, which in turn leads to further innovation and development by apps and content providers.
The virtuous circle has been successful in fueling investment in infrastructure, new communications services, and consumer apps. The United States witnessed a 35 percent increase in venture capital, internet-related investment over the past year. Wheeler expects this to result in significant growth in the quality, as well as range, of innovative services available to consumers.
Retired Rear Adm. David Simpson, chief of the FCC’s Public Safety and Homeland Security Bureau, discussed the future of the communications sector in the U.S. and abroad, focusing on the interplay between security, privacy and innovation. Adm. Simpson noted that as we move forward with new technological capabilities, it is critical to address accompanying security and privacy concerns, especially from the consumer perspective. He said that governments alone cannot safeguard cyber security; it is imperative that all stakeholders work together toward this goal.
To that end, private-sector companies can and should facilitate security-related technological advances while also protecting their customers’ interests. If consumers feel their privacy has been jeopardized through their use of technology, he added, there may be less technology adopted — and that could ultimately slow innovation.
Adm. Simpson noted that the future 5G technology will be a game changer in the U.S. and around the world. This new technology will support an internet of things that will facilitate an unprecedented level of interconnectivity, with an increasing number of everyday devices connected to the internet and each other. Adm. Simpson stressed both the opportunity and responsibility presented by the introduction of 5G: It will be the first commercial wireless network in which stakeholders consider and plan for cyber security at its inception.
Throughout the round-table discussion, the regulators exchanged contact information and made plans for further discussion on issues of mutual interest. FCC representatives said they were honored to host the round-table and look forward to deepening and strengthening their work with communications leaders from the Middle East and around the world. Mindel De La Torre, chief of the FCC’s International Bureau, noted the benefits of continued dialogue between the FCC and the telecommunications regulators from the Middle East region.
She stressed the importance of exchanging views and experiences on such issues of global impact as 5G mobile services, broadband deployment and accessible technologies. De La Torre expressed the hope that the round-table would be the first of many discussions on issues of mutual interest to the FCC and regulators in the Middle East.
Country spotlight: Kuwait Steps up Cyber Defense
As cyber warfare becomes a major threat to critical national infrastructure and the economy, Kuwait’s Communication Information Technology Regulatory Authority (CITRA) is stepping up its defense by establishing the National Cybersecurity Committee, led by CITRA and responsible for governing large investments to establish a National Cybersecurity Center (NCC) which includes:
- National computer emergency readiness or response team (CERT)
- Incident response
- Human capacity building
- Becoming a resilient state in protecting the following sectors from cyber attacks: international internet gateway, national fixed networks, energy, utilities, financial telecom and government agencies
Kuwait realizes that its critical infrastructure, such as the energy sector, a main economic driver, is under constant threat of attack. This reality necessitates the effective deployment of advanced technology and a well-trained, highly skilled NCC workforce.
CITRA is working closely with the U.S. Department of Defense (DOD), Department of Homeland Security (DHS) and Gulf Cooperation Council (GCC) countries to ensure compatibility with its strategic allies and the implementation of best practices that will lead to a Kuwait that is better protected against cyber attacks. These strategic partnerships will also be instrumental in establishing the consistent coordination and cross-group collaboration necessary to contribute to a much safer region in the face of ever-increasing cyber threats.
Additionally, CITRA is preparing to sign several cyber security corporation agreements with top international universities and major technology players. These cooperative efforts will cultivate greater coordination with leading technology providers to enhance Kuwait’s national cyber-security resiliency.
These fundamental efforts represent the beginning of Kuwait’s commitment to building its cyber defenses as we continue to face the threats associated with the ongoing, unending cyber war.
In addition to the aforementioned cyber defense initiatives, CITRA Kuwait is also leading the following national cyber security efforts:
- Establishing the National Cybersecurity Committee
- Defining critical infrastructure
- Aligning with strategic allies
- Implementing cyber-security standards and policies
- Investment in human capacity
- Assembling a state-of-the-art National Cybersecurity Center
CITRA Kuwait’s adaptive approach is focused not only on the present but the future. Innovations in the world of technology are occurring rapidly on multiple fronts, such as mobility, new devices and cloud computing. The Kuwait NCC will be ready to accommodate these technological changes while remaining vigilant to effectively defend against emerging threats.
In conclusion, effective cyber security initiatives require support from senior leadership. Kuwait’s recent cyber security successes are a direct result of Kuwait’s senior political leaders’ support, coupled with the support from Kuwait’s strategic allies, such as U.S. DOD and DHS and GCC countries.