New Era, New Threats

Last May 12, a ransom-ware virus named WannaCry infected more than 230,000 computers worldwide and revealed the fragility of the business community to cybercrime. Although Qatar was not on the list of 150 countries affected, the attack reinforced the importance of a robust IT security strategy and demonstrated the need for governments and businesses to consider cybersecurity a major concern.

While WannaCry ignited societies’ fears of their online vulnerability, public powers across the world have been looking into enhancing cybersecurity for years. Qatar has been singled out in a number of reports as needing to employ additional measures to protect sensitive data. A cybersecurity event organized by Kaspersky Lab in Vienna revealed that Qatar is in the orange category of countries in phishing attacks in the world, one category below maximum risk. In fact, the state faced a total of 93,570 phishing attacks in the first quarter of 2017 and 13,000 banking malware infections per month in the same period. Qatar’s high risk comes as a result of having a long supply chain of consultants to public institutions and private entities, which may have lower levels of security. These companies are often targeted by hackers as an access point to the systems of larger organizations.

The Vienna conference addressed other key threats, such as the potential attacks on Qatar’s critical infrastructure, mainly oil, gas, and water. As part of an ongoing push to improve its safety online, Qatar drew its National Cyber Security Strategy (NCCS) in 2014. The NCCS outlines a roadmap toward enhancing cybersecurity in the state with the objective of protecting national information infrastructure and providing a safe and secure online environment for different sectors. The strategy provides an action plan of the Qatari government’s intentions over the 2014-2018 period.

Following NCCS’s path, in 2015 the State Cabinet ordered the establishment of two bodies under the Ministry of Interior that would monitor and investigate possible cyber threats. The newly established National Center for Cyber Security and the National Committee for Information Security were created to control cyber threats to government entities. The former’s mission also includes cybersecurity enforcement based on Qatar’s cybercrime law, which was introduced in late 2014. Among other violations, this legislation introduced penalties for those found guilty of hacking into government networks.

Besides government protection, two institutions complete Qatar’s intentions to build a resilient cyber environment. Established by ictQatar in 2005, the Qatar Computer Emergency Response Team (Q-CERT) helps protect citizens as well as businesses and organizations against cyber security risks. Q-CERT works to harmonize the secure use of technology through best practices, standard policies, risk mitigations, and dissemination of valuable information. On top of that, Qatar Foundation’s Hamad bin Khalifa University (HBKU) created in 2010 the Qatar Computing Research Institute (QCRI). QCRI comes as a cybersecurity research center that aims to ensure Qatar’s readiness to predict, overcome, and prevent the next generation of cyber attacks.

An example that demonstrates Qatar’s commitment to addressing cybersecurity was the celebration of the Fifth Regional Cyber Drill in Doha last March, a workshop that aims to effectively combat cyber threats in the GCC. Besides sharing knowledge and exchanging expertise among regional players, the workshop served to test the capabilities of the local authorities and private organizations in handling and responding to these new threats.

As Qatar’s dependence on cyberspace grows, its resiliency and security become even more critical, hence the need for a comprehensive approach that addresses this need. At a time where traditional threats have shifted its form, cyber protection has come to play a crucial role in ensuring the safety and prosperity of the state.