Embed Size (px)
DESCRIPTION
Research Article published in the 3rd Annual Cyber Security for Energy & Utilities. 23 - 26 March 2014 - The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, United Arab Emirates
Citation preview
Special insights from: Mohamed N. El-Guindy, Information Systems Security Association, Egypt Chapter, Founder and President
CyberCrime Challengesin the middle east
IntroductionAdvanced communication technologies open the door to advancement of humanity and crimes as well. But Legislation and legislators are always slower than the development of ICTs leaving our region vulnerable to all types of cyber attacks and will make cybercrime laws difficult to enforce.
The latest incidents in the region from Stuxnet to Saudi Aramco attack prove without a doubt that we are now part of global cyber conflicts.
In this analysis, I will introduce the challenges that face both legislators and law enforcements in the region when dealing with cybercrime phenomenon.
1st Challenge – ResponsibilityIn Middle East countries there is big dilemma when it comes to cyberspace related laws. When I investigated available cybercrime legislation in the region1, I found that there is no one responsible government department for drafting or dealing with cyber laws. Many government agencies might be involved in cyber related laws such as “E-signature, E-commerce, domain name registration, copyright and IP, cybercrime, cyber espionage, and cyber terrorism”. To discuss such laws I can notice the involvement of more than one government departments for example “Ministry of Trade, Ministry of ICT, Ministry of Interior, Central Bank, Ministry of Justice, and even Intelligence and Defence departments”.
The problem that any of the above authorities could claim responsibility of such laws and that will be big challenge for Middle East governments when drafting cybercrime law. It’s important to establish dedicated government department to deal with cyber laws. The UAE for example appointed specialcourts for cybercrime cases.
2nd Challenge – Legislative CapabilitiesLegislation is part of anti-cybercrime strategy and not the entire solution. The problem is, when legislators deal with cybercrime issues they will try to apply normal jurisdictional measures that might include civil law, criminal law, and regulatory law. It might work in few cases but will not work in all cybercrime cases especially crimes that depend on the Internet. Cyber legislation or related laws are poor or absent in the region according to my latest findings. Even current cybercrime laws couldn’t be considered complete and reliable to tackle cybercrime especially at prosecution stage which is considered one of the most complicated steps.
CYBERCRIME CHALLENGES IN THE MIDDLE EAST
CYBERCRIME CHALLENGES IN THE MIDDLE EAST
Evolve and adapt in SCADA, DCS and ICS security
Dr. Jamal Mohamed Al HosaniOfficial Spokesman & DirectorICT, National Emergency Crisis& Disaster Management Authority, UAE
Lt. Col. Faisal Mohamed AlShamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE
Don Codling, Former CyberSecurity Unit Chief, FBI,United States
“Free golf training session for the first 30 registered attendees!”
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Exclusive presentations from:
For more information or to register - Tel: +971 4 364 2975 Fax: +971 4 363 1938Email: [email protected] www.cybersecurityme.com
Benefits of attending:
� Identify emerging cyber threats and evolving landscape in the energy and utilities industries� Understand the need to protect critical infrastructure and its impact on energy economics� Determine best security practices for ICS/SCADA systems� Learn to protect real time systems from cyber attacks� Know how to protect cloud computing networks� Tackle backdoor interface vulnerabilities in SCADA systems� Understand cyber defence strategies and their subsequent implementation� Interact and network with industry experts from leading national and international oil
companies, IT security solution providers, as well as banks, power and telecom companies
� Mohamed Al Sawafi, Head of IT Services, GASCO, UAE� Reimer Brouwer, Head of IT Security, ADCO, UAE� Mohammed Ikrami, IT Security Officer, Fertil, UAE� Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait� Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia� Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait� Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE� Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, � Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE� Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
Bill CheswickCreator of the world’s first network firewall & Author of“Firewalls and Internet Security:Repelling the Wily Hacker”
VIP Keynote speakers:
Celebrity speakers:
Book andpay before9 February 2014 to save up to US$650!
Media partners:
Exhibitor:
Researched and developed by:
Associate sponsors:
Supported by:
Evolve and adapt in SCADA, DCS and ICS security
Dr. Jamal Mohamed Al HosaniOfficial Spokesman & DirectorICT, National Emergency Crisis& Disaster Management Authority, UAE
Lt. Col. Faisal Mohamed AlShamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE
Don Codling, Former CyberSecurity Unit Chief, FBI,United States
“Free golf training session for the first 30 registered attendees!”
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Exclusive presentations from:
For more information or to register - Tel: +971 4 364 2975 Fax: +971 4 363 1938Email: [email protected] www.cybersecurityme.com
Benefits of attending:
� Identify emerging cyber threats and evolving landscape in the energy and utilities industries� Understand the need to protect critical infrastructure and its impact on energy economics� Determine best security practices for ICS/SCADA systems� Learn to protect real time systems from cyber attacks� Know how to protect cloud computing networks� Tackle backdoor interface vulnerabilities in SCADA systems� Understand cyber defence strategies and their subsequent implementation� Interact and network with industry experts from leading national and international oil
companies, IT security solution providers, as well as banks, power and telecom companies
� Mohamed Al Sawafi, Head of IT Services, GASCO, UAE� Reimer Brouwer, Head of IT Security, ADCO, UAE� Mohammed Ikrami, IT Security Officer, Fertil, UAE� Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait� Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia� Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait� Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE� Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, � Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE� Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
Bill CheswickCreator of the world’s first network firewall & Author of“Firewalls and Internet Security:Repelling the Wily Hacker”
VIP Keynote speakers:
Celebrity speakers:
Book andpay before9 February 2014 to save up to US$650!
Media partners:
Exhibitor:
Researched and developed by:
Associate sponsors:
Supported by:
Evolve and adapt in SCADA, DCS and ICS security
Dr. Jamal Mohamed Al HosaniOfficial Spokesman & DirectorICT, National Emergency Crisis& Disaster Management Authority, UAE
Lt. Col. Faisal Mohamed AlShamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE
Don Codling, Former CyberSecurity Unit Chief, FBI,United States
“Free golf training session for the first 30 registered attendees!”
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Exclusive presentations from:
For more information or to register - Tel: +971 4 364 2975 Fax: +971 4 363 1938Email: [email protected] www.cybersecurityme.com
Benefits of attending:
� Identify emerging cyber threats and evolving landscape in the energy and utilities industries� Understand the need to protect critical infrastructure and its impact on energy economics� Determine best security practices for ICS/SCADA systems� Learn to protect real time systems from cyber attacks� Know how to protect cloud computing networks� Tackle backdoor interface vulnerabilities in SCADA systems� Understand cyber defence strategies and their subsequent implementation� Interact and network with industry experts from leading national and international oil
companies, IT security solution providers, as well as banks, power and telecom companies
� Mohamed Al Sawafi, Head of IT Services, GASCO, UAE� Reimer Brouwer, Head of IT Security, ADCO, UAE� Mohammed Ikrami, IT Security Officer, Fertil, UAE� Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait� Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia� Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait� Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE� Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, � Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE� Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
Bill CheswickCreator of the world’s first network firewall & Author of“Firewalls and Internet Security:Repelling the Wily Hacker”
VIP Keynote speakers:
Celebrity speakers:
Book andpay before9 February 2014 to save up to US$650!
Media partners:
Exhibitor:
Researched and developed by:
Associate sponsors:
Supported by:
Evolve and adapt in SCADA, DCS and ICS security
Dr. Jamal Mohamed Al HosaniOfficial Spokesman & DirectorICT, National Emergency Crisis& Disaster Management Authority, UAE
Lt. Col. Faisal Mohamed AlShamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE
Don Codling, Former CyberSecurity Unit Chief, FBI,United States
“Free golf training session for the first 30 registered attendees!”
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Exclusive presentations from:
For more information or to register - Tel: +971 4 364 2975 Fax: +971 4 363 1938Email: [email protected] www.cybersecurityme.com
Benefits of attending:
� Identify emerging cyber threats and evolving landscape in the energy and utilities industries� Understand the need to protect critical infrastructure and its impact on energy economics� Determine best security practices for ICS/SCADA systems� Learn to protect real time systems from cyber attacks� Know how to protect cloud computing networks� Tackle backdoor interface vulnerabilities in SCADA systems� Understand cyber defence strategies and their subsequent implementation� Interact and network with industry experts from leading national and international oil
companies, IT security solution providers, as well as banks, power and telecom companies
� Mohamed Al Sawafi, Head of IT Services, GASCO, UAE� Reimer Brouwer, Head of IT Security, ADCO, UAE� Mohammed Ikrami, IT Security Officer, Fertil, UAE� Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait� Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia� Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait� Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE� Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, � Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE� Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
Bill CheswickCreator of the world’s first network firewall & Author of“Firewalls and Internet Security:Repelling the Wily Hacker”
VIP Keynote speakers:
Celebrity speakers:
Book andpay before9 February 2014 to save up to US$650!
Media partners:
Exhibitor:
Researched and developed by:
Associate sponsors:
Supported by:
Evolve and adapt in SCADA, DCS and ICS security
Dr. Jamal Mohamed Al HosaniOfficial Spokesman & DirectorICT, National Emergency Crisis& Disaster Management Authority, UAE
Lt. Col. Faisal Mohamed AlShamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE
Don Codling, Former CyberSecurity Unit Chief, FBI,United States
“Free golf training session for the first 30 registered attendees!”
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Exclusive presentations from:
For more information or to register - Tel: +971 4 364 2975 Fax: +971 4 363 1938Email: [email protected] www.cybersecurityme.com
Benefits of attending:
� Identify emerging cyber threats and evolving landscape in the energy and utilities industries� Understand the need to protect critical infrastructure and its impact on energy economics� Determine best security practices for ICS/SCADA systems� Learn to protect real time systems from cyber attacks� Know how to protect cloud computing networks� Tackle backdoor interface vulnerabilities in SCADA systems� Understand cyber defence strategies and their subsequent implementation� Interact and network with industry experts from leading national and international oil
companies, IT security solution providers, as well as banks, power and telecom companies
� Mohamed Al Sawafi, Head of IT Services, GASCO, UAE� Reimer Brouwer, Head of IT Security, ADCO, UAE� Mohammed Ikrami, IT Security Officer, Fertil, UAE� Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait� Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia� Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait� Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE� Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, � Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE� Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
Bill CheswickCreator of the world’s first network firewall & Author of“Firewalls and Internet Security:Repelling the Wily Hacker”
VIP Keynote speakers:
Celebrity speakers:
Book andpay before9 February 2014 to save up to US$650!
Media partners:
Exhibitor:
Researched and developed by:
Associate sponsors:
Supported by:
Evolve and adapt in SCADA, DCS and ICS security
For more information or to register tel: +971 4 364 2975
email: [email protected]
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
1010101010101010101010101
01010101010101010101010
1010101010101
The following MENA countries have either dedicated cybercrime law or special system to deal with cybercrime:
UAE: Federal Law No.2 of 2006
Saudi Arabia: Cybercrime System (2007)
Oman: Cybercrime Law (2011)
Syria: Cybercrime and Communication on the Internet (2012)
Jordan: Cybercrime temporary law (2010)
I suggest that governments learn from Council of Europe and try to ratify CoE cybercrime treaty. They don’t need to copy and paste, they need to understand first then apply the procedures and draft dedicated cyber laws that meet their requirements and according to the Universal Declaration of Human Rights.
3rd Challenge – Technical CapabilitiesFrom my experience with law enforcement agencies in the region, I can tell that there is big dilemma when it comes to the procedural measures of cybercrime-related investigations. There is also a problem to maintain the integrity of the digital evidence during an investigation as it is always important in a criminal case, but the nature of the evidence in cybercrime makes that job far more difficult. Police officers can easily damage the digital evidence in cybercrime cases by using normal methods of seizure and arrest.
Law enforcement officers face big challenge before arresting the suspect, they will need to reveal where- and who- the criminal is. Since cybercrime is a transnational crime, the chances of tracking down suspects could be very hard if not impossible. However, attempts to better track online identity raise serious issues for privacy advocates and result in political backlash which is something normal in the Middle East. I understand that it will be big challenge for law enforcement officers as they might consider activists as cybercriminals when reporting cybercrime.
I suggest that special procedural measure should be mentioned in any cyber law especially when dealing with digital evidence. Law enforcement should be trained on latest technologies related to cybercrime investigation. 4th Challenge – Organizational StructureOne of the big challenges in the region is overlapping especially when dealing with cybercrime cases. Cybercrime require highly developed organizational structures to be in place. Without clear competences it will be difficult to carry out complex investigations that require assistance of different legal as well as technical experts. In the Middle East there is inconsistency and lack of collaboration between many actors to tackle Cybercrime. One of the well-know example is the collaboration between Computer Emergency Response Teams (CERTs) and Law Enforcement Agencies. At present CERTs “if found” and law enforcement agencies work mainly on their own in the fight against cybercrime.
CYBERCRIME CHALLENGES IN THE MIDDLE EAST
Collaboration between different actors should be addressed in cybercrime legislation in order to improve organizational structure to combat cybercrime.
5th Challenge – EducationOne of the most important elements in combating cybercrime is education and awareness. Unfortunately there is no effective strategy or plan to improve capacity building and security education in the region. There are few awareness campaigns in Oman, Saudi Arabia, Qatar and UAE. Cybercrime legislation is not the only solution to fight cybercrime. It is part of bigger cyber security strategy which also requires improved education and awareness campaigns.
Governments should improve their capacity building and education of their employees and citizens to better tackle cybercrime.
Source: Mohamed N. El-Guindy Information Systems Security Association, Egypt Chapter, Founder and President http://netsafe.me/ October 13, 2012
Mohamed is a well-known Cybercrime Expert in the Middle East and works as a consultant for national and international organizations. He is the CEO of ASK PC Academy also serving as the president for ISSA (Egypt chapter). He is an IT specialist with a broad experience, worked in the field of Information Technology for over a decade.
Mohamed is a Technical Speaker in International events and workshops related to Cybercrime and Information Security. He is the author of various IT and Security courses in both Arabic and English which approved by IEEE. Next to this he is a Member of IEEE, IEEE Computer Society, Professional Member of the British Computer Society, Chartered IT Professional from BCS, BCS Chartered Membership Assessor, Chartered Engineer (Engineering Council-UK), MCGI Senior Award holder from City & Guilds of London Institute, Member of ISSA (Information Systems Security Association), and other International Engineering and Technology Associations.
Mohamed is listed in Marquis Who’s Who by invitation and received many nominations and awards from big names in the IT industry.
CYBERCRIME CHALLENGES IN THE MIDDLE EAST
Evolve and adapt in SCADA, DCS and ICS security
Dr. Jamal Mohamed Al HosaniOfficial Spokesman & DirectorICT, National Emergency Crisis& Disaster Management Authority, UAE
Lt. Col. Faisal Mohamed AlShamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE
Don Codling, Former CyberSecurity Unit Chief, FBI,United States
“Free golf training session for the first 30 registered attendees!”
23 - 26 March 2014The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Exclusive presentations from:
For more information or to register - Tel: +971 4 364 2975 Fax: +971 4 363 1938Email: [email protected] www.cybersecurityme.com
Benefits of attending:
� Identify emerging cyber threats and evolving landscape in the energy and utilities industries� Understand the need to protect critical infrastructure and its impact on energy economics� Determine best security practices for ICS/SCADA systems� Learn to protect real time systems from cyber attacks� Know how to protect cloud computing networks� Tackle backdoor interface vulnerabilities in SCADA systems� Understand cyber defence strategies and their subsequent implementation� Interact and network with industry experts from leading national and international oil
companies, IT security solution providers, as well as banks, power and telecom companies
� Mohamed Al Sawafi, Head of IT Services, GASCO, UAE� Reimer Brouwer, Head of IT Security, ADCO, UAE� Mohammed Ikrami, IT Security Officer, Fertil, UAE� Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait� Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia� Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait� Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE� Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, � Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE� Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
Bill CheswickCreator of the world’s first network firewall & Author of“Firewalls and Internet Security:Repelling the Wily Hacker”
VIP Keynote speakers:
Celebrity speakers:
Book andpay before9 February 2014 to save up to US$650!
Media partners:
Exhibitor:
Researched and developed by:
Associate sponsors:
Supported by:
www.CyberseCurityme.Com
