Qatari authorities have for years touted the importance of information technology (IT) as a driver of growth in knowledge-based sectors. They see IT as foundational to the country’s economic future, able not only to grow as an industry it its own right but to drive growth in other brain-heavy sectors like health, government and education, and boost efficiency by leaps and bounds. The explosive growth of all things digital, however, has brought with it issues of cyber security.
Cyber Sieges
Recent events have highlighted such concerns. In August 2012 malware struck Saudi Aramco, the world’s largest oil producer, wiping critical data from 30,000 of its computers. Later that month a cyber-attack virus crashed the website and office computer systems at RasGas, Qatar’s second-largest producer of liquefied natural gas. “As the Qatari economy grows, Qatar will become an increasingly tempting target for cyber-attacks,” Thierry Sans, a professor of computer science at Carnegie Mellon University in Qatar (CMUQ), told Arabian Business Qatarin February 2013. “[It] must be ready to effectively mitigate such threats.”
New Defences
To address this, state agencies are joining forces with research institutes and private firms to build up protective measures and develop exportable technologies for IT security. The August cyber-attacks only brought renewed zeal to the cyber security problems which stakeholders had long been working to solve. In 2005, the former Supreme Council of Information and Communication Technology (ictQATAR) formed the Qatar Computer Emergency Response Team, a sort of IT regulator-cum-fire-squad that acts as first responder to security breaches and establishes secure practices for users and organisations. The four principles on which its policies rest are cross-sector collaboration, incident management, legal framework and security of information, Khalid Al Hashimi, the executive director, told delegates at gov.INFOSEC, an IT security conference put on by ictQATAR in February 2013.
Private players are also working to shore up IT security. MEEZA, a Doha-based IT service provider, has announced a partnership with Symantec, a global IT security company, to expand security offerings in the state. Founded in 2008 as a private joint venture with Qatar Foundation (QF), MEEZA is collaborating with Symantec to offer cloud and email security as well as data backup services, according to a company press release. The firm aims to provide high-quality IT services to companies in Qatar and the wider GCC region.
Seeking Strategies
QF’s members are also harnessing their resources for research. The Qatar Computing Research Institute (QCRI), a non-profit founded by QF in 2010, is forming a cyber security research centre, announced Executive Director Ahmed Elmagarmid at a talk on the future of cyber espionage in early 2013.
“Cyber threats and attacks are evolving more rapidly than defensive technologies,” Elmagarmid told OBG.
“Through its cyber security lab, QCRI will conduct research to create new ways to counter these continually evolving cyber security threats including advanced persistent threats and unknown vulnerabilities.”
Qatar’s growing educational resources could also be helpful. The computer science department at CMUQ, for example, has two labs – one for cloud computing and one for network systems. Although neither expressly focuses on cyber security, the activities at both computing areas are deeply intertwined with security issues.
Indeed, many firms have been hesitant to adopt efficiency-boosting network and cloud solutions because of security concerns. Meanwhile, CMUQ’s parent institution, Carnegie Mellon University, is home to the largest university-based cyber security research and education centre in the US, called CyLab. The existence of this centre at close reach leaves open the possibility for closer cooperation between CMUQ and its home campus.
As the state’s economy continues its incremental expansion within IT and the knowledge-based sectors, demand for cyber security services is likely to grow. To address these needs and provide protection to organisations, the combined efforts of research institutions, the private sector and the government will be crucial.