The Oman National Computer Emergency Readiness Team (Oman National CERT), officially launched in April 2010, analyzes risks and security threats that may be present in cyberspace. In an exclusive interview with Telecom Review, Eng. Badar Al Salehi, Director General, Oman National CERT, sheds light on how they assist public and private institutions, ways companies can enhance their security environment and their current initiatives in developing cybersecurity infrastructure.
How is Oman National CERT helping enterprises and government organizations conduct safe business operations in Oman?
Oman National CERT is helping enterprises, governments and the private sector from three different perspectives.
The first is from a proactive perspective that looks at cybersecurity from a capacity-building point of view. We ensure that we build the right capabilities within enterprises to be able to respond to cybersecurity incidents and threats. This includes specialized training as we equip the resources with the right tools, techniques and equipment to ensure that they protect their enterprises and organizations from cyber threats.
Also, as a part of taking proactive steps before incidents happen, Oman National CERT conducts cybersecurity monitoring and surveillance against cyber threats targeting Oman’s cyberspace or targeting government organizations. We take the proper action to ensure that those threats are not actually targeting governments.
The second is that we look at it also from the aspect of incident response. Should any of the government or enterprises face a security incident, we execute and initiate our cyber incident response processes and procedures to help organizations to minimize the impact of the cyber incidents but also to recover from that incident.
The third part is developing the right policies and frameworks to ensure that government organizations are actually complying with international standards and best cybersecurity practices. This involves the development of the architecture of network application security as well as looking into social media usage. We have developed a certain number of policies to ensure that organizations are well protected when they are in cyberspace and on social media.
Cybersecurity is an evolving landscape. How can companies enhance their security environment with support from Oman National CERT?
Companies should look at this issue from the aspects of people, processes and technology. From a people aspect, they need to make sure that they hire the right resources that are equipped with the right knowledge and capabilities to protect the organization.
The second is from the process perspective, where you develop the right internal policies, processes and procedures. This includes having in place business continuity and disaster recovery plans, which is not only complying with international standards or regulations but also with the policies that are issued by Oman National CERT and the Ministry of Transport, Communications and Information Technology (MTCIT).
Last but not least is the technology aspect, where they need to make sure that they have the right technologies in place to monitor their networks and applications — the right technologies to protect their users as well as to identify any potential risks that could be targeting the organization.
What are the current initiatives in the development of cybersecurity infrastructure for the Oman government as well as other private entities?
The main initiative that has multiple sub-initiatives within it is the initiative of cybersecurity industry development that we launched last November. For several years, we've been looking at cybersecurity from a threat perspective. But this time, we decided to look at it from an economic perspective and the opportunities that are available with cybersecurity.
The program focuses on cybersecurity innovation, developing local products and services in the area of cybersecurity. We also look at supporting startups and SMEs to ensure that they address the market needs and demands for cybersecurity from different organizations.
The third aspect is [that] we look at filling the gap between educational outcomes and market needs when it comes to the skills and capabilities of fresh graduates from educational institutes. We also look at the investment part by putting the right incentives not only for local investors but also for foreign investors who come to Oman to establish bases and businesses in cybersecurity.
Finally, we look at exporting services and experts to other regions, in line with our position of being the host of the first International Telecommunication Union Cybersecurity Center since 2013. The center offers services to the 193 member states of the ITU. Hence, it is very important for us to look at their cybersecurity from an economic perspective and allow other countries to benefit from locally developed products and services in Oman.