During GISEC 2023, Telecom Review had an exclusive interview with Dr. Ahmed Abdelhafez, vice president for cybersecurity affairs of the National Telecom Regulatory Authority (NTRA) of Egypt to discuss the regulator’s efforts in keeping the country’s critical information and digital infrastructure protected; the key to keeping a national cybersecurity strategy effective; and the outlook in the telecom sector’s growth locally as well as how they best ensure connectivity.
Can you share NTRA’s cybersecurity efforts in keeping Egypt’s critical information infrastructure safe and protected?
Starting early, we established EG-CERT in 2009 to acknowledge the importance of cybersecurity as well as to respond to cyber incidents and coordinate with other government agencies to mitigate these threats.
NTRA is also engaged in national projects for critical infrastructure. As you know, in Egypt, we're now moving to smart cities, and everything is expected to work smartly. Thus, we are putting security controls on such systems, an example of which is being involved in the consultations of the monorail transit system, currently under construction. We are giving our security for this system to be immune against incidents and hacking, and to ensure compliance with the cybersecurity regulations.
NTRA is also responsible for the collection, preservation and analysis of data in cyber-criminal investigations and legal proceedings, helping law enforcement understand the facts of the case in relation to electronic evidence.
More importantly, we are raising awareness. 90% of cyber incidents come from the false behavior of people. Hence, we are making numerous awareness campaigns among telecom service providers and the public about the importance of cybersecurity and the risk of cyberattacks. These include conducting cybersecurity workshops, seminars and training programs.
Moreover, we are collaborating with other government agencies on critical infrastructure to share information and coordinate in response to cyber incidents. We work with big companies to get some feeds and issue reports to warn about upcoming (or possible) incidents.
Also, NTRA conducts cybersecurity assessments for critical infrastructure on the systems of telecom service providers and other government entities to ensure that they comply with the cybersecurity regulations, helping identify potential vulnerabilities and the areas that need to be worked on.
We are also conducting cybersecurity exercises or drills to make sure that the critical infrastructure is ready and has a risk management plan for how to deal with risks when they happen.
At the heart of NTRA, we are also engaging in research and development to improve the state of cybersecurity, including developing new technologies, tools and strategies to defend against cyber threats.
In the case of capacity building, we are cooperating with most universities to make cybersecurity programs, targeting undergraduate students, as we are facing a shortage of the caliber of cybersecurity talents. We are also cooperating with different training centers to increase the turnover rate.
In line with Egypt’s digital transformation, what are the common cyber-attacks in the country and how can these be mitigated or prevented in the long run?
Egypt, like many other countries in the world, faces various cyber threats and attacks. Some of the most significant cyberattacks in the country are phishing attacks. These involve the use of emails, messages or websites that appear to be legitimate but are designed to steal sensitive information, such as passwords, credit card information or other personal data. We are also facing many kinds of ransomware attacks in the country, which is a type of malware that encrypts the victim's files while making them accessible and demanding payment to share the full decryption key.
To mitigate or prevent a cyberattack in the long run, we are undertaking measures such as the already-mentioned cybersecurity capacity and have issued cybersecurity regulations for existing technology and new technology like IoT, 5G and LEO satellites.
Legally speaking, we have implemented Cybercrime Law No. 175 of 2018, criminalizing a wide range of cyber offenses, including hacking, phishing and identity theft, and also have passed the Data Protection Law issued under Resolution No. 151 of 2020.
What is the key to keeping a national cybersecurity strategy effective, and how does this affect both public and private entities?
We have the National Cybersecurity Strategy from 2017 to 2021, and due to the pandemic, we extended the work to 2022. Right now, we're finishing the new strategy for 2023 to 2027. This national strategy will improve Egyptian cybersecurity governance, protect Egyptians' cybersecurity against threats and fund scientific research while promoting the development of the cyber industry.
We didn't consider this strategy on paper only. To make the cybersecurity strategy effective, we have to ensure that it is comprehensive, adaptable, measurable and collaborative.
Technology, as you may know, is constantly changing, and we have to be updated for that. As a result of this, we must consider continuous assessment, which includes regular testing, evaluation and improvement of policies and procedures, to ensure that the strategy remains effective against emerging threats.
Cybersecurity is a known cross-border field, asserting the need to cooperate with different countries. We need to have effective communication and information sharing between entities in Egypt and also between nations. We are members of agencies like FIRST and OIC-CERT and have formed bilateral agreements with Oman and Jordan, among others, with plans to establish cooperation with the UAE and Malaysia.
In addition, the development of a strong legal regulatory framework is also vital to implementing laws and regulations that require organizations to protect their network and data.
Another important aspect of a national cybersecurity strategy is the promotion of cybersecurity awareness and education, encouraging private and public entities to make cybersecurity a priority and core business function.
Overall, an effective national cybersecurity strategy requires ongoing collaboration and communication between the government, private entities and the public to be proactive, collaborative and preventive in focus.
Why is it a must to protect the digital infrastructure? How do you work alongside ICT players to ensure secure connectivity?
Protecting the digital infrastructure is crucial because it strengthens modern society and the global economy, impacting power grids, transportation systems, financial institutions and e-commerce platforms, to name a few.
Nearly every aspect of our lives is greatly reliant on digital technology. Several attacks against this infrastructure can have catastrophic consequences, including disruption of essential services, financial losses and damage to public trust.
Many countries rely on digital infrastructure to manage their defense and intelligence operations, which is why a cyberattack on this infrastructure could jeopardize national security. Digital infrastructure stores a massive amount of sensitive data, including personal, financial, governmental and healthcare information, and without safeguarding it, a breach could lead to identity theft, fraud, and other types of cybercrime.
The government plays a major role in regulating and overseeing the digital infrastructure and ICT services to ensure they meet minimum security standards. This includes creating a legal framework and compliance requirements for cybersecurity.
ICT players should prioritize security in the design of their products and services. This means considering security at every stage, from design to deployment and beyond. This secure-by-design approach can help prevent and reduce the risk of cyberattacks.
In summary, protecting the local digital infrastructure is essential for ensuring the continued functioning of society, working alongside ICT players. Collaboration, standards and best practices, regulations and oversights, as well as education and awareness campaigns, can help ensure secure connectivity.
From a regulator’s point of view, what is your outlook on the growth of the telecom sector in Egypt?
It is positive. The telecom sector in Egypt has experienced significant growth in recent years, with the number of mobile subscribers reaching 100 million. The Egyptian government has implemented several policies and initiatives to promote the growth of the sector, including the introduction of new technologies, like 5G and IoT.
As a regulator, our primary goal is to ensure that the growth of the sector is sustainable and beneficial for both consumers and service providers. We have to improve broadband connectivity and increase the availability of 4G and 5G networks and expand the coverage to rural areas, which is aligned with the social initiative by H.E. President Abdel Fattah Al-Sisi to encourage a smarter life for the people in the rural area.
One key area of focus for NTRA in Egypt is the development of 5G technology. The rollout of the 5G network has the potential to transform the telecom sector and support the growth of other industries such as healthcare, education and manufacturing. NTRA is working to ensure that the necessary infrastructure and regulatory frameworks are in place to support the deployment of 5G networks.
Read more: Egypt: A Catalyst of Digital Transformation, Tech Adoption