RIYADH — “Times have changed. We are now so closely connected due to connectivity, globalization and a developed cyber platform. Cyber security is no longer just about tools, but requires an integrated global approach,” said Carl Williamson, Executive Director of Cyber Strategy at Northrop Grumman Corporation in a panel discussion Saturday on the challenge of cyber security in an ever-changing global era at the inaugural Digital Security Summit — an initiative supported by the Communications and Information Technology Commission (CITC) and the Computer Emergency Response Team-Saudi Arabia (CERT-SA). Eng Abdullah bin Abdulaziz Al-Darrab, Governor of CITC, in his opening address, outlined and highlighted the Kingdom's plan on how to secure its digital future. He noted that “CITC aims to provide high quality and affordable communications and information technology services to the Kingdom and to be the reference point in information security for the Middle East.” During the first panel discussion, experts discussed how to ensure organizations stay up to date with the latest security solutions with special input from Raoul Chiesa, Cyber Security Adviser, Ministry of Defense, Italy; and Badar Ali Al-Salehi, Director of Oman National CERT. Chiesa noted that “social engineers will always find a way out to break the mental resolve of the human target.” The Saudi government has been developing its digital security by increasing awareness over how to prevent, manage, detect and respond to instances of information security breaches at a national level. CITC and CERT-SA have been working to secure the country's critical assets to prevent a repeat of the Aramco hacking or other cyber security crimes, summit organizer naseba, the French business information company, said in a statement. The second day (Sunday) of the summit dealt with cyber security standards, policies and procedures, cybercrime and initiating digital forensics, among others. Dr Solahuddin Shamsuddin, Vice President, Cyber Security Research at CyberSecurity Malaysia, said “adoption of ISMS (Information Security and Management Services) certification by critical infrastructure will harden them against cyber attacks and protect a whole nation.” Chiesa added that “developing high-level of national preparedness in preparation for cyber crisis is extremely necessary as cyber security should be evolutionary to address dynamic nature of cyber threats.” King Saud University's Dr. Khaled Alghathbar, managing director of the Center of Excellence in Information Assurance (COEIA), and founder and director of KSU's Center of Excellence in Information Assurance, highlighted how e-crime could be a nightmare for IT professionals. He pointed out the numerous initiatives undertaken by the centre to improve cyber security in the Kingdom including workshops and hacking games like capture the flag. Alghathbar has had more than 75 scientific papers printed in international journals. Captain Saad Al Qahtani, Cyber Forensics analyst from Public Security, Ministry of Interior, elaborated the digital forensics aspect of the discussion. Noting the current programs being under taken by the Saudi government, he said “Public Security, Ministry of Interior, is going to establish a Computer Crime Unit (CCU) that is compatible with the international standards to combat computer crime in accordance with the local laws.” Dr Bassam Alashqar, IT Director of Arabsat and Abdirashed Samater, IT adviser, Ministry of Justice discussed the role of internal audit in assuring data security and privacy as well the benefits of having employee training for a BYOD (bring your own device) policy. – SG
