Under Lock and Key

Cyber security is no longer seen as a secondary threat to individuals, corporations, and nations alike, but as a primary and very real danger. The Sultanate of Oman is working hard to implement this, utilizing foreign expertise along with local and regional companies to instill not only the right protective infrastructure, but also the right culture.

So far, efforts appear to have paid off in this regard. According to a study in July for the Global Cybersecurity Index, Oman was ranked the joint third best country in the world in terms of readiness and preparation to thwart cyber attacks. One of the most significant aspects of this report is the fact that Oman’s planning and long-term strategy are particularly solid.

Much of this success can be attributed to the Information Technology Authority (ITA) and in particular the Oman National Computer Emergency Readiness Team (Oman National CERT). Oman National CERT was established in 2010 by ITA, and its efforts have been well directed. So far in 2015, OCERT has dealt with over 80,000 instances of illegal access trying to be made to websites in Oman, and over 8,000 attempts to plant malware.

As well as providing proactive and reactive services, it is particularly significant in the training and awareness role that it plays. OCERT has played a leading role in events such as the Regional Cybersecurity Summit in March 2015. Director General of OCERT, Eng. Badar Ali Al-Salehi was one of the summit speakers, and was on the event’s steering committee members.

Knowledge sharing has been promoted strongly in this area, and another event in Oman was established in November 2015 for “Cyber Security for Energy and Utilities.“ The fact that cyber security is now being focused on for its impact on different sectors demonstrates the danger that a number of sectors face. However, the identification of the problem is indicative of how far Oman has come in combatting issues of this nature.

Oman’s IT sector, although somewhat nascent, is predicted to develop substantially. According to a report by Business Monitor International, the industry will grow by 28% from 2013-18 due to a combination of government spending and foreign investment. As a result, while the strength of the sector will develop along with this, the attacks are likely to become much more frequent as a result.

Foreign expertise has been attracted to Oman’s IT sector in a number of areas, and cyber security is certainly one of them. Cisco, the US technology corporation, has been operating in Oman for over 10 years, but established a headquarters in Muscat in 2012 as a result of the demand for its services. Investments were highlighted as one of the major necessities for cyber security in Oman, says Iyad Alchammat, General Manger of Cisco Oman. He stressed that, “if you want to encourage investors to come in from abroad, you have to provide a secure environment for them. They need to be assured that every transaction is being secured.“

Cisco’s operations extend beyond cyber security, but their permanent presence in Muscat moves them closer to the companies that they will be supporting in this area.

Regional and local players are also in demand. Gulf Business Machines (GBM), from the UAE, has played an important role in defending against cyber security in Oman. Ahmed Auda, General Manager of GBM Oman, highlights his company’s role in coordinating strategies between different international entities; “The fact that we are a meeting point of strategic partnerships with both IBM and Cisco puts us in a unique position to complement offerings from both players and to add the expertise that we have built throughout the years.“

Local player, Essnad, is also contributing to cyber security development in Oman, but highlights that there are several issues to overcome regarding the general population’s awareness of cyber risks; “Many people use the internet but do not know the rules or respect privacy and technology.“

The authorities in charge can pat themselves on the back for the efforts that have been made to ensure security in the long term, while conferences and events have significantly increased knowledge sharing at a corporate level. However, among individuals and smaller companies, more awareness needs be spread to ensure that the strong cyber security infrastructure is well supported.