Cyber Security Initiatives in Saudi Arabia
www.citc.gov.sa
Prof. Ahmed A. Sindi, Ph.D., Deputy Governor, IT, CITC, Saudi Arabia
WSIS Action Lince C5 CyberSecurityITU, Geneva May 16 ,2006
Click to edit Master title style
2
2 TOPICS
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
Click to edit Master title style
3
3 TOPICS
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
Click to edit Master title style
4
4 DEMOGRAPHICS: Population Growth
(Source: Census 2004 + CITC Analysis)
Population (Million, Mid Year, Based on 2004 Census)
14.2
14.5
14.9
15.3
15.7
16.0
16.4
16.9
17.3
17.7
18.1
18.6
19.1
5.5 5.7 5.8
6.0 6.1 6.2 6.1 6.5 6.7 6.9 7.0 7.2 7.4
23.4
19.7 20.2 20.7 21.2 21.8 22.3 22.624.0 24.6 25.2 25.8 26.4
0
5
10
15
20
25
30
1998
1999
2000
2001
2002
2003
2004
2005 F
2006 F
2007 F
2008 F
2009 F
2010 F
Saudi Non-Saudi Total Population
Population Growth (CAGR) = 2.5 % per year
Click to edit Master title style
5
5 Demographics distribution (2006)
(Source: Census 2004 + CITC Analysis)
66%57%
49%40%
28%
14.3%
88%
38%45%
17%
52%51%
39%20%
17%
18%
0.30.20.20.30.40.6
0.9
1.3
2.8
2.22.1 2.1
1.8
3.4
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
0-4
5 - 9
10 - 14
15 - 19
20 - 24
25 - 29
30 - 34
35 - 39
40 - 44
45 - 49
50 - 54
55 - 59
60 - 64
65 - 69
70 - 74
75 +
Age Group (years)
Population (Million)
Non-Saudi
Saudi
Cumulative %
Click to edit Master title style
6
6
Fast growing population at a CAGR of 2.5% (world growth rate 1.21%3 )
50% of population under the age of 201
21.221.8
22.322.8
23.424
20
21
22
23
24
25
2001
2002
2003
2004
2005
2006
Population (million)1
Household size is relatively large.Economy in excellent health: strong GDP growth and insignificant domestic inflation
Average household size1 5.65 persons
GDP real growth rate (2005)2 6.5%Inflation rate2 0.4%
GDP (2006P)2 US$ 350 Billion
GDP per capita (2006P)2 US$ 14,600
Factsheet – 2006
CAGR = 2.5%
Demographics & Economy
Source: 1 KSA Ministry of Planning 2004 Census actuals/projections & ADL analyses2 SAMBA Feb. 2006 3 UN Population Division
GDP and Population is growing faster than World averages
Click to edit Master title style
7
7 INTERNET and Economic Growth
Saudi Arabia
0.01
0.1
1
10
100
$100 $1,000 $10,000 $100,000GNP per capita, PPP, US$,
Internet Users per 100 inhabit.
Click to edit Master title style
8
8 Digital Divide – Mobile
Mobile Penetration (subs. / 100 inhabitants) - 2005
60
80
18
0102030405060708090100
Pakistan
Egypt
ALL A
rab
Syria
Lebanon
World
Jordan
Morocco
Algeria
Om
an
Tunisia
Saudi Ar.
Develeoped
Qatar
Kuw
ait
UA
E
Bahrain
(source: Arab Advisors, CITC)
Click to edit Master title style
9
9 Digital Divide - INTERNET
53.8
25
1.4233.43.44.4 3.54.15.366.7
13.811 10.1
24
18 16
0
10
20
30
40
50
60
Pakistan
Iraq
ALL A
rab
Libya
Egypt
Syria
Om
an
Tunisia
Palestine
Jordan
Devlp'ing
Saudi Ar.
Qatar
World
Lebanon
Bahrain
UA
E
Kuw
ait
Devlp'd
Internet Users per 100 inhabitants (2004)
(source: Arab Advisors, ITU, CITC)
Click to edit Master title style
10
10 Broadband Gap is much larger
0.050.30.10.20.20.7
0.50.70.8
1.52.2
2.52.2 2.2
12.9
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Rest
KSA
(2005)
Algeria
Morocco
Jordan
Arab
Egypt
Devlp'ing
Kuw
ait
UAE
Lebanon
Bahrain
Qatar
World
Devlp'd
Broadband Subscribers per 100 inhabitants (2004)
(source: ITU, CITC)
Click to edit Master title style
11
11 Fixed Phone Gap is Closing
1911
543957
1330
10
20
30
40
50
60
1992
1996
2000
2004World Developed Developing
13
times
more
4times
more
(Source: ITU 2005)
Fixed Telephone Lines 100 inhabitants (1982-2004)
Click to edit Master title style
12
12 Internet Gap: larger & Closing slower
Internet Users per 100 inhabitants (1982-2004)
14
0.5
54
2.26.7
0.030.01
0.1
1
10
100
1992
1996
2000
2004
World
Developed
Developing
73
times
more
8timesmore
(Source: ITU 2005)
Click to edit Master title style
13
13 TOPICS
ICT and Economic DevelopmentDigital Divide
Saudi Arabia - Telecom Sector Liberalization: Demographics and Economy Regulatory Framework New Licensing 2006: Fixed and Mobile
Conclusions
Pakistan - Telecom Indicators
Click to edit Master title style
14
14 Large Population & High Income150
2422.8 465
14,60010,973
0
20
40
60
80
100
Qatar*
UAE**Kuwait
*Bah
rain
KSA 2006
KSA 2004
Oman*
Lebanon
Turkey Iran
Jordan
Morocco Syria
EgyptYem
enPak
istan
05,00010,00015,00020,00025,00030,00035,000
Population GDP per capita
High income countries Upper middle to low income
Besides being one of the most populous MENA countries, KSA is also a ‘high income economy according to World Bank classification
MENA Population & GDP Per Capita2 (2004)Population (million) GDP per capita (US$)
(Source: SAMBA, Feb. 2006)
Click to edit Master title style
15
15 TOPICS
ICT and Economic DevelopmentDigital DivideCountry Pakistan - Telecom Indicators
– Demographics and Economy––– New Licensing 2006: Fixed and Mobile
Conclusions
Saudi Arabia:
Telecom Regulatory Framework
Click to edit Master title style
16
16 Telecom Sector Reform Timeline
Telecom ActCITC OrdinanceEstablishment of CITC
Telecom ActCITC OrdinanceEstablishment of CITC
Liberalization of data and mobileNew mobile licensee Ettihad Etisalat launches IPO
Liberalization of data and mobileNew mobile licensee Ettihad Etisalat launches IPO
Liberalization of ISP sector
Liberalization of ISP sector
Liberalization of fixed telephone serviceEnd of Fixed Monopoly
Liberalization of fixed telephone serviceEnd of Fixed Monopoly
1998 1999 2001 2002 2004 2006
Telecom BylawInitial Public Offering of STC (20%)Liberalization of VSAT
Telecom BylawInitial Public Offering of STC (20%)Liberalization of VSAT
Internet RestructuringEasyNetHome PC InitiativePKI, E-Govt. Project
Internet RestructuringEasyNetHome PC InitiativePKI, E-Govt. Project
2005
Corporatization of Saudi Telecom Company (STC)
Corporatization of Saudi Telecom Company (STC)
Additional Mobile License(s)
End of Mobile duopoly
Additional Mobile License(s)
End of Mobile duopoly
Click to edit Master title style
17
17 CITC -- Vision and Mission The CITC is committed to ensuring fair competition in a transparent regulatory environment to best serve the ICT consumers.
" Universally available, high quality and affordable communications and information technology services"
Vision
Provide a fair, clear and transparent regulatory environment to promote competition, and safeguard public interest & stakeholder rightsEnable universal availability of advanced ICT services at affordable prices and optimize utilization of scarce resourcesIncrease ICT awareness and usage to enhance national efficiency and productivityBuild and maintain a professional and motivated CITC team
Mission
Click to edit Master title style
18
18 TOPICS
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
Click to edit Master title style
19
19 INTERNET Evolution
(Source: CITC)
13.8%6.7%3.0%1.3%
54.0%
12.8%10.3%8.1%6.4%4.7%
1.4
3.02.4
1.8
1.0+31%
+27%
+29%
+40%
2001
2002
2003
2004
2005
PakistanArab
DevelopingWorld
Developed
Penetration (%) Internet Users (Million)
Benchmarks (2004)KSA (1998-2005)
Click to edit Master title style
20
20 Internet PenetrationA regional comparison reveals internet penetration rate in the KSA has substantial room for improvement.
Internet Penetration versus GDP per capita (PPP)
Comments: Internet penetration is closely correlated to GDP per capita. KSA is in the mid-segment of the regional
benchmark study, indicating room for growth
Internet Usage (2004)
0%
5%
10%
15%
20%
25%
0 5,000 10,000 15,000 20,000
Bahrain*
Kuwait*
Yemen Syria Egypt
Lebanon
Jordan
KSA
Source: CITC, GDP from World Bank, ADL analysis; *2003 GDP per capita
Internet Users per 100 inhabitants
0.13
0%
10%
20%
30%
40%
50%
60%
70%
Deve
lope
dKu
wai
tUA
EBa
hrai
nLe
bano
nW
orld
Qat
arKS
A 20
05De
velo
ping
Jord
anO
man
Syria
Egyp
tMorocco
Click to edit Master title style
21
21 Broadband & ADSLThe demand for ADSL has been rapidly increasing, however subscriber growth is hampered by supply-side constraints.
ADSL Subscribers & Penetration
(Source: CCIT)
BB subs CAGR (2001-05) = 46%
ADSL available since Nov. 2001
With the market becoming more internet savvy and customers seeking high speed access, the ADSL market is experiencing a mini-boom
However, over 50% of ADSL applications are rejected due to applicants’ premises being located more than 5km from the STC exchanges and low population density also limits expansion plans
Growth dependent on investments in remote digital subscriber line access multiplexer systems (DSLAM)
2052
8023.8
34.8
64.0
0.11%0.08%0.06%
0.27%
0.15%
010203040
5060708090
2001 2002 2003 2004 20050.0%
0.1%
0.2%
0.3%
Leased Lines (000) DSL (000)Total Subscribers (000) Penetration
Click to edit Master title style
22
22 TOPICS
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
Click to edit Master title style
23
23 Competitive environment - ICT
Currently Licensed
Submission of Applications
2
Q3/Q4 2006
Mobile Providers
Currently only theIncumbunt
Liscenses offered starting – Process under way
1
Q3/Q4 2006
Fixed Telephony
Currently Licensed 3
Data Service Providers
Currently Licensed – Fully libralized 23
Internet Service Providers
Click to edit Master title style
24
24 e – TRANSACTIONS LAW
Regulates e-transactions and give confidence to its usage as well as clarify the governing rules for its useGives e-trans. same treatment once confidence conditions metDefines and regulates e-transactionsCovers both commercial and government transactions
Defines requirements of issuing and treating e-signaturesGives e-signatures the same effect as regular signatures once trust conditions are met and requires reasonable protection measure to be devoted to its safe keeping Addresses violations related to forging/tampering..with e-signatures
Establishes an national PKI root center and certification bodies
Defines requirements of confidentiality of customer information and licensing of certificate authorities
Objectives
E signatures
PKI
e – Transaction law is currently under final stages of review
Click to edit Master title style
25
25 TOPICS
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
Overview : Threats on the Rise26
CERT Incidents
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
1 98 8
1 98 9
1 99 0
1 99 1
1 99 2
1 99 3
1 99 4
1 99 5
1 99 6
1 99 7
1 99 8
1 99 9
2 00 0
2 00 1
2 00 2
2 00 3
Incidents
www.cert.org: المصدر ٍٍ ٍSource : Sematic Security Report 2005
Click to edit Master title style
27
27 CITC Mandate
m1
CITC is mandated to establish a national CERT ) المرآز الوطني اإلرشادي ألمن)المعلومات
Part of the Approved Urgent National Mandate under the National IT and Telecom Plan
Slide 27
m1 Reference the actual mandatemoqeely; 13.08.2005
Click to edit Master title style
28
28 CITC Mandate
– In response to its mandate, CITC has • Researched and investigated other international CERT initiatives• Held information gathering sessions with relevant
individuals/organizations• Sought input from several reputable organizations • Built up consensus regarding the best approach• (gradual growth, phased approach, non-intrusive)
Click to edit Master title style
29
29 Scope and Constituency
Non-Profit body but some services could be based on paid subscriptions for cost recovery – To be decided as per CITC Policy.
Constituency:
– Saudi Civil Cyber Community (Banks, Telecom Providers, Critical Infrastructure, private sector, government, educational, etc.)
Click to edit Master title style
30
30
Community and Resources
Critical Infrastructure
Gov Entity 2
Gov Entity 1
Gov Entity n
Companies
Hospitals/Education
SA-CERT
General Public
Vendors R&D centers,Univs
InternationalCERTS
Sec. companies,
Contracted services,
Click to edit Master title style
31
31 Roles and Responsibilities
• Establish the SA-CERT and man it with the best security experts• Investigate reported security incidents / threats and put in place
prevention plans – Not real time• Conduct information security studies in cooperation with known
research centers in the field (both academic and commercial)• Provide advise to stakeholders in the area of information security• Work with stakeholders to establish Security Standards and Best
Practices• Coordinate with all stakeholders• Promote IT security awareness
• Organize IT security events• Disseminate information
• Monitor threats and vulnerabilities and alert stakeholders real time on a generic network (high level) basis not on each network. Mostly targeting outbreak of worms, viruses and major security breaches.
• Will not adopt “Intrusive” approaches
Click to edit Master title style
32
32 CERT Phases
Phase 1: Initial SetupConclude Consultations/Implementation Frame work (DONE)Establish CERT Prototype (in progress)Build internal human capabilities and resources (Completed) - ContinuousCreate a critical contact list of stake holders (in progress)Establish vulnerability and incidence reporting mechanisms (in progress)Establish links with international CERT agencies
Phase 2: “Awareness-centric” CERTOrganize Awareness event (4th June)Use specialized IT security resources (in progress)Encourage reporting of incidents
Phase 3: CERT fully functional supporting critical national infrastructures
Click to edit Master title style
33
33 CERT Prototype
An initial definition of SA-CERTA prototype web site offering services with multiple communication channelsFew subscribersMinimal resources, few employees, Low profileValidate the investment through a proof of conceptIdentify features to put in CERT that are unique to Saudi Arabia in addition to standard infoDevelop and publish a dedicated CERT SA site to serve all stake holders (Gov., individuals,
Corp.)Offer feedback and learning opportunitiesProvide better concept and operational development
Click to edit Master title style
34
34
KSA Demographics and EconomyICT and Economic Development in KSA
Cyber Security Legislation
Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile
Conclusions
TOPICS
Click to edit Master title style
35
35
A well developed Telecom infrastructure and ICT services contribute positively to GDP growth
Digital Divide is multi-dimensional: between countries and within countries (Rural vs. Urban, Poor / Rich ….. etc.)
Saudi Arabia telecom sector Reform and Liberalization
Strong and Effective Regulator
New Licensing are being launched for fixed and Mobile Services
Attractive Investment Opportunities in the ICT sector
Conclusion
Click to edit Master title style
36
36
THANK YOU ☺for your attention
… and QUESTIONS????
…