As part of an ongoing push to improve cyber security, Qatar’s State Cabinet gave the go-ahead yesterday to establish two new bodies that would monitor and investigate possible online threats.
The Cabinet also approved a draft decision to improve protection for personal data online, which would prevent companies from using such information for marketing purposes without the users’ permission.
The move appears to redistribute responsibility for some aspects of cyber security from the Ministry of Information and Communications Technology (ictQatar) to the portfolio of the Ministry of Interior (MOI).
Included in the proposed measures is a plan to set up a new National Center for Cyber Security under MOI. This would monitor and follow up on cyber threats on government entities, and lead coordination with other related organizations in investigating such attacks, according to Qatar News Agency (QNA).
A separate National Committee for Information Security is also expected to be established. This body would carry out the National Cyber Security Strategy, which was drawn up in November last year by ictQatar.
Speaking last year to bankers on the issue, Qatar’s Minister of Communication and Information Technology (ictQatar) Dr Hessa al Jaber outlined the key areas of the strategy:
- Protecting the country’s critical infrastructure;
- Applying international standards for limiting cyber security threats;
- Encouraging the use of secure online services;
- Raising the capabilities in Qatar in terms of determining cyber threats and dealing with them; and
- Implementing a legal framework that guarantees a safe cyberspace.
The latest Cabinet decisions appear to better define the roles of the main government entities involved in cyber security, with ictQatar focused on setting policy, while the MOI implements and enforces the rules.
The draft law also includes new measures that would further protect users’ personal information online, by reminding companies responsible for storing and transferring such data of their obligations.
However, no specific details were given about what this entails.
Meanwhile, in a bid to cut down on spam, the Cabinet agreed that personal details cannot be harvested for companies to use for marketing purposes unless prior permission is given by the user.
The MOI has a wide-ranging remit, which includes managing conventional security organizations such as the police, coastguard, airport security, civil defense and public guard.
Its portfolio is now widening to include cyber security enforcement, which includes Qatar’s controversial cybercrime law, which was introduced late last year.
This legislation introduced new penalties for those found guilty of hacking into government networks, posting child pornography and conducting electronic fraud.
The law also contains provisions on “content crimes” that make it illegal to publish “false news” and information that violates the country’s “social values” or “general order.”
However these terms have not yet not been defined, causing concern among journalists and social media users that they could be open to wide interpretation.
While countries across the world are looking to enhance their online security, Qatar has been singled out recently in a number of reports as needing to employ additional measures.
The Emerging Cyber Threats 2014 report produced last summer by the Qatar Computing Research Institute (QCRI) – a private, non-profit organization that is part of Qatar Foundation – warned of a number of weak links in the state’s cyber security.
Among these are the many suppliers and consultants that Qatar has hired to increase internet access and connectivity in the country. These consultants often have access to large amounts of sensitive data.
But because supply chain companies may have lower levels of security, they are often targeted by hackers and cyber criminals as an access point to the systems of bigger organizations, the report found.
Other key threats include:
- Potential attacks on Qatar’s “critical infrastructure” – oil, gas and water;
- An increasing reliance on hosting information on cloud systems; and
- A lack of security awareness when using mobile devices such as smartphones and tablets.
Qatar has also fallen victim to a number of attacks on Domain Name System Services (DNS) in recent years. In October 2013, attackers managed to reroute website requests for 10 key domains in Qatar, including the Ministry of Interior, Ooredoo Qatar and the Ministry of Foreign Affairs.
Meanwhile, a Safe Cities index published earlier this year put Doha in 31st place out of 50 world cities in terms of its online security, well behind Gulf neighbor Abu Dhabi, which came in 9th position.
In this category, the report looked at the resources dedicated to ensuring residents can go online without fear of violations of privacy or identity theft; the reliance of a city on digital infrastructure (smart traffic lights etc); frequency of identity theft and the estimated number of computers infected with viruses.
Separately, Qatar-based telecoms provider Ooredoo announced yesterday a new way of using mobile technology to help keep family members safe.
It has partnered with Portuguese mobile application development company iMobileMagic to roll out a “family safety” service, based on the developer’s PhoneNear system.
This cloud-based system allows families to log the details of various mobile devices on a dedicated website, which links them on a shared platform.
Aimed for the use by children, elderly or vulnerable people, the service provides a location feed direct to mobile devices, and is also equipped with a panic button that would alert the whole family of any situations.
According to a statement from Ooredoo, other features include a real-time location tracker and pre-set safety spaces such as their home, school and grandparent’s house. If a child moves outside of the safe space, the service triggers an alert to the parents’ phones.