Cybercrime Challenges
in the Middle East

Special insights from: Mohamed N. El-Guindy, Information Systems Security Associ...
Introduction
Advanced communication technologies open the
door to advancement of humanity and crimes as
well. But Legislat...
1010101010101010101010101
01010101010101010101010
1010101010101

Evolve and adapt in SCADA, DCS and ICS security

Boo
k an...
The following MENA countries have either
dedicated cybercrime law or special system to deal
with cybercrime:
	

UAE: Feder...
Collaboration between different actors should
be addressed in cybercrime legislation in order
to improve organizational st...
Evolve and adapt in SCADA, DCS and ICS security
www.cybersecurityme.com

“
f
a

23 - 26 March 2014
The Westin Abu Dhabi Go...
Upcoming SlideShare
Loading in...5
×

Cyber Crime Challenges in the Middle East

346

Published on

Research Article published in the 3rd Annual Cyber Security for Energy & Utilities.
23 - 26 March 2014 - The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, United Arab Emirates

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
346
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cyber Crime Challenges in the Middle East

  1. 1. Cybercrime Challenges in the Middle East Special insights from: Mohamed N. El-Guindy, Information Systems Security Association, Egypt Chapter, Founder and President
  2. 2. Introduction Advanced communication technologies open the door to advancement of humanity and crimes as well. But Legislation and legislators are always slower than the development of ICTs leaving our region vulnerable to all types of cyber attacks and will make cybercrime laws difficult to enforce. The latest incidents in the region from Stuxnet to Saudi Aramco attack prove without a doubt that we are now part of global cyber conflicts. In this analysis, I will introduce the challenges that face both legislators and law enforcements in the region when dealing with cybercrime phenomenon. 1st Challenge – Responsibility In Middle East countries there is big dilemma when it comes to cyberspace related laws. When I investigated available cybercrime legislation in the region1, I found that there is no one responsible government department for drafting or dealing with cyber laws. Many government agencies might be involved in cyber related laws such as “E-signature, E-commerce, domain name registration, copyright and IP, cybercrime, cyber espionage, and cyber terrorism”. To discuss such laws I can notice the involvement of more than one government departments for example “Ministry of Trade, Ministry of ICT, Ministry of Interior, Central Bank, Ministry of Justice, and even Intelligence and Defence departments”. CY B E R CR IM E C H AL L E N G E S IN T H E M ID D LE EAS T The problem that any of the above authorities could claim responsibility of such laws and that will be big challenge for Middle East governments when drafting cybercrime law. It’s important to establish dedicated government department to deal with cyber laws. The UAE for example appointed special courts for cybercrime cases. 2nd Challenge – Legislative Capabilities Legislation is part of anti-cybercrime strategy and not the entire solution. The problem is, when legislators deal with cybercrime issues they will try to apply normal jurisdictional measures that might include civil law, criminal law, and regulatory law. It might work in few cases but will not work in all cybercrime cases especially crimes that depend on the Internet. Cyber legislation or related laws are poor or absent in the region according to my latest findings. Even current cybercrime laws couldn’t be considered complete and reliable to tackle cybercrime especially at prosecution stage which is considered one of the most complicated steps.
  3. 3. 1010101010101010101010101 01010101010101010101010 1010101010101 Evolve and adapt in SCADA, DCS and ICS security Boo k an p 9 Fe ay bef d o bru ary re to s 20 ave US$ up to 14 Evolve and adapt in SCADA, DCS and ICS security 23 - 26 March 2014 The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE 650 ! Evolve and adapt in SCADA, DCS and ICS security 23 - 26 March 2014 “Free golf training session The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE for the first 30 registered Benefits of attending attendees!” Celebrity speakers: 23 - 26 March 2014 The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE Bill Cheswick Celebrity speakers: Creator of the world’s first network firewall & Author of Bill Cheswick Bill Cheswick Don Codling, Former Cyber Don Codling, Former Cyber “Firewalls and Internet Security: Chief, FBI, Creator of the world’s first Creator of the world’s first Security Unit Chief, FBI, Security Unit network firewall Repelling the Wily Hacker” States network firewall & Author of & Author of United States United “Firewalls and Internet Security: “Firewalls and Internet Security: Repelling the Wily Hacker” Repelling the Wily Hacker” VIP Keynote speakers: VIP Keynote speakers: Lt. Col. Faisal Mohamed Al Lt. Col. Faisal Mohamed Al Dr. Jamal Mohamed Al Hosani Dr. Jamal Mohamed Al Hosani Shamari, Chief Information Shamari, Chief Information Official Spokesman & Director Official Spokesman & Director Security Officer, Abu Dhabi Security Officer, Abu Dhabi ICT, National Emergency Crisis Mohamed Al Hosani ICT, National Emergency Crisis Dr. Jamal Police GHQ, UAE Police GHQ, UAE & Disaster Management & Disaster Management Authority, UAE Official Spokesman & Director Authority, UAE ICT, National Emergency Crisis & Disaster Exclusive presentations from: Management Authority, UAE Mohamed Al Sawafi, Head of IT Services, GASCO, UAE Mohamed Al Sawafi, Head of IT Services, GASCO, UAE Reimer Brouwer, Head of IT Security, ADCO, UAE Reimer Brouwer, Head of IT Security, ADCO, UAE Mohammed Ikrami, IT Security Officer, Fertil, UAE Mohammed Ikrami, IT Security Officer, Fertil, UAE Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE Mohamed Al Sawafi, Head of IT Services, GASCO, UAE Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE, Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Reimer Brouwer, Head of IT Security, ADCO, UAE Gilles Loridon, CEO, Global Security Networks, UAE Gilles Loridon, CEO, Global Security Networks, UAE Exclusive presentations from: Don Codling, Former Cyber Security Unit Chief, FBI, United States Identify emerging cyber threats Understand the need to protect Identify emerging cyber threats and evolving landscape in the energy and utilities industries Identify emerging cyber threats and evolving landscape in the energy and utilities industries Determine best security practice Understand the need to protect critical infrastructure and its impact on energy economics Understand the need to protect critical infrastructure and its impact on energy economics Determine best security practices for ICS/SCADA systems Determine best security practices for ICS/SCADA systems Learn to protect real time system Learn to protect real time systems from cyber attacks Learn to protect real time systems from cyber attacks Know how to protect cloud comp Know how to protect cloud computing networks Know how to protect cloud computing networks Tackle backdoor interface vulnerabilities in SCADA systems Tackle backdoor interface vulnerabilities in SCADA systems Tackle backdoor interface vulner Understand cyber defence strategies and their subsequent implementation Understand cyber defence strategies and their subsequent implementation Interact and network with industry experts from leading national and Understand cyber defence strate Interact and network with industry experts from leading national and international oil international oil companies, IT security solution providers, as well as banks, power and telecom companies companies, IT security solution providers, as well as banks, power and telecom companies Interact and network with indust Lt. Col. Faisal Mohamed Al Associate sponsors: Associate sponsors: Exhibitor: Exhibitor: companies, IT security solution p Shamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE Associate sponsors: Benefits of attending: For more information or to register Tel: +971 4 364 2975 Supported by: Supported by: Media partners: Media partners: Researched and Researched and developed by: developed by: Email: enquiry@iqpc.ae www.cybersecurityme.com Mohammed Ikrami, IT Security Officer, Fertil, UAE Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait For more information or to register - Tel: +971 Arabia Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi 4 364 2975 Fax: +971 4 363 1938 Email: enquiry@iqpc.ae Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait www.cybersecurityme.com Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE CYB NBAD, UAE, Mahmoud Yassin, Lead Systems and Security Data Center Group, ERCRIME CH ALLEN GES IN T HE MIDDLE EAST Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE Gilles Loridon, CEO, Global Security Networks, UAE And many more… And many more… And many more… Med
  4. 4. The following MENA countries have either dedicated cybercrime law or special system to deal with cybercrime: UAE: Federal Law No.2 of 2006 Saudi Arabia: Cybercrime System (2007) Oman: Cybercrime Law (2011) Syria: Cybercrime and Communication on the Internet (2012) Jordan: Cybercrime temporary law (2010) I suggest that governments learn from Council of Europe and try to ratify CoE cybercrime treaty. They don’t need to copy and paste, they need to understand first then apply the procedures and draft dedicated cyber laws that meet their requirements and according to the Universal Declaration of Human Rights. 3rd Challenge – Technical Capabilities From my experience with law enforcement agencies in the region, I can tell that there is big dilemma when it comes to the procedural measures of cybercrime-related investigations. There is also a problem to maintain the integrity of the digital evidence during an investigation as it is always important in a criminal case, but the nature of the evidence in cybercrime makes that job far more difficult. Police officers can easily damage the digital evidence in cybercrime cases by using normal methods of seizure and arrest. CY B E R CR IM E C H AL L E N G E S IN T H E M ID D LE EAS T Law enforcement officers face big challenge before arresting the suspect, they will need to reveal where- and who- the criminal is. Since cybercrime is a transnational crime, the chances of tracking down suspects could be very hard if not impossible. However, attempts to better track online identity raise serious issues for privacy advocates and result in political backlash which is something normal in the Middle East. I understand that it will be big challenge for law enforcement officers as they might consider activists as cybercriminals when reporting cybercrime. I suggest that special procedural measure should be mentioned in any cyber law especially when dealing with digital evidence. Law enforcement should be trained on latest technologies related to cybercrime investigation. 4th Challenge – Organizational Structure One of the big challenges in the region is overlapping especially when dealing with cybercrime cases. Cybercrime require highly developed organizational structures to be in place. Without clear competences it will be difficult to carry out complex investigations that require assistance of different legal as well as technical experts. In the Middle East there is inconsistency and lack of collaboration between many actors to tackle Cybercrime. One of the well-know example is the collaboration between Computer Emergency Response Teams (CERTs) and Law Enforcement Agencies. At present CERTs “if found” and law enforcement agencies work mainly on their own in the fight against cybercrime.
  5. 5. Collaboration between different actors should be addressed in cybercrime legislation in order to improve organizational structure to combat cybercrime. 5th Challenge – Education One of the most important elements in combating cybercrime is education and awareness. Unfortunately there is no effective strategy or plan to improve capacity building and security education in the region. There are few awareness campaigns in Oman, Saudi Arabia, Qatar and UAE. Cybercrime legislation is not the only solution to fight cybercrime. It is part of bigger cyber security strategy which also requires improved education and awareness campaigns. Governments should improve their capacity building and education of their employees and citizens to better tackle cybercrime. Source: Mohamed N. El-Guindy Information Systems Security Association, Egypt Chapter, Founder and President http://netsafe.me/ Mohamed is a well-known Cybercrime Expert in the Middle East and works as a consultant for national and international organizations. He is the CEO of ASK PC Academy also serving as the president for ISSA (Egypt chapter). He is an IT specialist with a broad experience, worked in the field of Information Technology for over a decade. Mohamed is a Technical Speaker in International events and workshops related to Cybercrime and Information Security. He is the author of various IT and Security courses in both Arabic and English which approved by IEEE. Next to this he is a Member of IEEE, IEEE Computer Society, Professional Member of the British Computer Society, Chartered IT Professional from BCS, BCS Chartered Membership Assessor, Chartered Engineer (Engineering Council-UK), MCGI Senior Award holder from City & Guilds of London Institute, Member of ISSA (Information Systems Security Association), and other International Engineering and Technology Associations. Mohamed is listed in Marquis Who’s Who by invitation and received many nominations and awards from big names in the IT industry. October 13, 2012 CYB ERCRIME CH ALLEN GES IN T HE MIDDLE EAST
  6. 6. Evolve and adapt in SCADA, DCS and ICS security www.cybersecurityme.com “ f a 23 - 26 March 2014 The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE Celebrity speakers: Bill Cheswick Creator of the world’s first network firewall & Author of “Firewalls and Internet Security: Repelling the Wily Hacker” Benefits of attending: Don Codling, Former Cyber Security Unit Chief, FBI, United States VIP Keynote speakers: Dr. Jamal Mohamed Al Hosani Official Spokesman & Director ICT, National Emergency Crisis & Disaster Management Authority, UAE Exclusive presentations from: Mohamed Al Sawafi, Head of IT Services, GASCO, UAE Lt. Col. Faisal Mohamed Al Shamari, Chief Information Security Officer, Abu Dhabi Police GHQ, UAE Identify emerging cyber threats and e Understand the need to protect critic Determine best security practices for Learn to protect real time systems fro Know how to protect cloud computin Tackle backdoor interface vulnerabilit Understand cyber defence strategies Interact and network with industry ex companies, IT security solution provid Associate sponsors:

×