cyber security initiatives in saudi arabia

Cyber Security Initiatives in Saudi Arabia

www.citc.gov.sa

Prof. Ahmed A. Sindi, Ph.D., Deputy Governor, IT, CITC, Saudi Arabia

[email protected]

WSIS Action Lince C5 CyberSecurityITU, Geneva May 16 ,2006

[email protected]

Click to edit Master title style

2

2 TOPICS

KSA Demographics and EconomyICT and Economic Development in KSA

Cyber Security Legislation

Saudi Arabian - CERT: Mandate Implementation Plan New Licensing 2006: Fixed and Mobile

Conclusions




Conclusions

[email protected]


3

3 TOPICS




Conclusions

[email protected]


4

4 DEMOGRAPHICS: Population Growth

(Source: Census 2004 + CITC Analysis)

Population (Million, Mid Year, Based on 2004 Census)

14.2

14.5

14.9

15.3

15.7

16.0

16.4

16.9

17.3

17.7

18.1

18.6

19.1

5.5 5.7 5.8

6.0 6.1 6.2 6.1 6.5 6.7 6.9 7.0 7.2 7.4

23.4

19.7 20.2 20.7 21.2 21.8 22.3 22.624.0 24.6 25.2 25.8 26.4

0

5

10

15

20

25

30

1998

1999

2000

2001

2002

2003

2004

2005 F

2006 F

2007 F

2008 F

2009 F

2010 F

Saudi Non-Saudi Total Population

Population Growth (CAGR) = 2.5 % per year

[email protected]


5

5 Demographics distribution (2006)

(Source: Census 2004 + CITC Analysis)

66%57%

49%40%

28%

14.3%

88%

38%45%

17%

52%51%

39%20%

17%

18%

0.30.20.20.30.40.6

0.9

1.3

2.8

2.22.1 2.1

1.8

3.4

0.0

0.5

1.0

1.5

2.0

2.5

3.0

3.5

0-4

5 - 9

10 - 14

15 - 19

20 - 24

25 - 29

30 - 34

35 - 39

40 - 44

45 - 49

50 - 54

55 - 59

60 - 64

65 - 69

70 - 74

75 +

Age Group (years)

Population (Million)

Non-Saudi

Saudi

Cumulative %

[email protected]


6

6

Fast growing population at a CAGR of 2.5% (world growth rate 1.21%3 )

50% of population under the age of 201

21.221.8

22.322.8

23.424

20

21

22

23

24

25

2001

2002

2003

2004

2005

2006

Population (million)1

Household size is relatively large.Economy in excellent health: strong GDP growth and insignificant domestic inflation

Average household size1 5.65 persons

GDP real growth rate (2005)2 6.5%Inflation rate2 0.4%

GDP (2006P)2 US$ 350 Billion

GDP per capita (2006P)2 US$ 14,600

Factsheet – 2006

CAGR = 2.5%

Demographics & Economy

Source: 1 KSA Ministry of Planning 2004 Census actuals/projections & ADL analyses2 SAMBA Feb. 2006 3 UN Population Division

GDP and Population is growing faster than World averages

[email protected]


7

7 INTERNET and Economic Growth

Saudi Arabia

0.01

0.1

1

10

100

$100 $1,000 $10,000 $100,000GNP per capita, PPP, US$,

Internet Users per 100 inhabit.

[email protected]


8

8 Digital Divide – Mobile

Mobile Penetration (subs. / 100 inhabitants) - 2005

60

80

18

0102030405060708090100

Pakistan

Egypt

ALL A

rab

Syria

Lebanon

World

Jordan

Morocco

Algeria

Om

an

Tunisia

Saudi Ar.

Develeoped

Qatar

Kuw

ait

UA

E

Bahrain

(source: Arab Advisors, CITC)

[email protected]


9

9 Digital Divide - INTERNET

53.8

25

1.4233.43.44.4 3.54.15.366.7

13.811 10.1

24

18 16

0

10

20

30

40

50

60

Pakistan

Iraq

ALL A

rab

Libya

Egypt

Syria

Om

an

Tunisia

Palestine

Jordan

Devlp'ing

Saudi Ar.

Qatar

World

Lebanon

Bahrain

UA

E

Kuw

ait

Devlp'd

Internet Users per 100 inhabitants (2004)

(source: Arab Advisors, ITU, CITC)

[email protected]


10

10 Broadband Gap is much larger

0.050.30.10.20.20.7

0.50.70.8

1.52.2

2.52.2 2.2

12.9

0

1

2

3

4

5

6

7

8

9

10

11

12

13

Rest

KSA

(2005)

Algeria

Morocco

Jordan

Arab

Egypt

Devlp'ing

Kuw

ait

UAE

Lebanon

Bahrain

Qatar

World

Devlp'd

Broadband Subscribers per 100 inhabitants (2004)

(source: ITU, CITC)

[email protected]


11

11 Fixed Phone Gap is Closing

1911

543957

1330

10

20

30

40

50

60

1992

1996

2000

2004World Developed Developing

13

times

more

4times

more

(Source: ITU 2005)

Fixed Telephone Lines 100 inhabitants (1982-2004)

[email protected]


12

12 Internet Gap: larger & Closing slower

Internet Users per 100 inhabitants (1982-2004)

14

0.5

54

2.26.7

0.030.01

0.1

1

10

100

1992

1996

2000

2004

World

Developed

Developing

73

times

more

8timesmore

(Source: ITU 2005)

[email protected]


13

13 TOPICS

ICT and Economic DevelopmentDigital Divide

Saudi Arabia - Telecom Sector Liberalization: Demographics and Economy Regulatory Framework New Licensing 2006: Fixed and Mobile

Conclusions

Pakistan - Telecom Indicators

[email protected]


14

14 Large Population & High Income150

2422.8 465

14,60010,973

0

20

40

60

80

100

Qatar*

UAE**Kuwait

*Bah

rain

KSA 2006

KSA 2004

Oman*

Lebanon

Turkey Iran

Jordan

Morocco Syria

EgyptYem

enPak

istan

05,00010,00015,00020,00025,00030,00035,000

Population GDP per capita

High income countries Upper middle to low income

Besides being one of the most populous MENA countries, KSA is also a ‘high income economy according to World Bank classification

MENA Population & GDP Per Capita2 (2004)Population (million) GDP per capita (US$)

(Source: SAMBA, Feb. 2006)

[email protected]


15

15 TOPICS

ICT and Economic DevelopmentDigital DivideCountry Pakistan - Telecom Indicators

– Demographics and Economy––– New Licensing 2006: Fixed and Mobile

Conclusions

Saudi Arabia:

Telecom Regulatory Framework

[email protected]


16

16 Telecom Sector Reform Timeline

Telecom ActCITC OrdinanceEstablishment of CITC

Telecom ActCITC OrdinanceEstablishment of CITC

Liberalization of data and mobileNew mobile licensee Ettihad Etisalat launches IPO

Liberalization of data and mobileNew mobile licensee Ettihad Etisalat launches IPO

Liberalization of ISP sector

Liberalization of ISP sector

Liberalization of fixed telephone serviceEnd of Fixed Monopoly

Liberalization of fixed telephone serviceEnd of Fixed Monopoly

1998 1999 2001 2002 2004 2006

Telecom BylawInitial Public Offering of STC (20%)Liberalization of VSAT

Telecom BylawInitial Public Offering of STC (20%)Liberalization of VSAT

Internet RestructuringEasyNetHome PC InitiativePKI, E-Govt. Project

Internet RestructuringEasyNetHome PC InitiativePKI, E-Govt. Project

2005

Corporatization of Saudi Telecom Company (STC)

Corporatization of Saudi Telecom Company (STC)

Additional Mobile License(s)

End of Mobile duopoly

Additional Mobile License(s)

End of Mobile duopoly

[email protected]


17

17 CITC -- Vision and Mission The CITC is committed to ensuring fair competition in a transparent regulatory environment to best serve the ICT consumers.

" Universally available, high quality and affordable communications and information technology services"

Vision

Provide a fair, clear and transparent regulatory environment to promote competition, and safeguard public interest & stakeholder rightsEnable universal availability of advanced ICT services at affordable prices and optimize utilization of scarce resourcesIncrease ICT awareness and usage to enhance national efficiency and productivityBuild and maintain a professional and motivated CITC team

Mission

[email protected]


18

18 TOPICS




Conclusions

[email protected]


19

19 INTERNET Evolution

(Source: CITC)

13.8%6.7%3.0%1.3%

54.0%

12.8%10.3%8.1%6.4%4.7%

1.4

3.02.4

1.8

1.0+31%

+27%

+29%

+40%

2001

2002

2003

2004

2005

PakistanArab

DevelopingWorld

Developed

Penetration (%) Internet Users (Million)

Benchmarks (2004)KSA (1998-2005)

[email protected]


20

20 Internet PenetrationA regional comparison reveals internet penetration rate in the KSA has substantial room for improvement.

Internet Penetration versus GDP per capita (PPP)

Comments: Internet penetration is closely correlated to GDP per capita. KSA is in the mid-segment of the regional

benchmark study, indicating room for growth

Internet Usage (2004)

0%

5%

10%

15%

20%

25%

0 5,000 10,000 15,000 20,000

Bahrain*

Kuwait*

Yemen Syria Egypt

Lebanon

Jordan

KSA

Source: CITC, GDP from World Bank, ADL analysis; *2003 GDP per capita

Internet Users per 100 inhabitants

0.13

0%

10%

20%

30%

40%

50%

60%

70%

Deve

lope

dKu

wai

tUA

EBa

hrai

nLe

bano

nW

orld

Qat

arKS

A 20

05De

velo

ping

Jord

anO

man

Syria

Egyp

tMorocco

[email protected]


21

21 Broadband & ADSLThe demand for ADSL has been rapidly increasing, however subscriber growth is hampered by supply-side constraints.

ADSL Subscribers & Penetration

(Source: CCIT)

BB subs CAGR (2001-05) = 46%

ADSL available since Nov. 2001

With the market becoming more internet savvy and customers seeking high speed access, the ADSL market is experiencing a mini-boom

However, over 50% of ADSL applications are rejected due to applicants’ premises being located more than 5km from the STC exchanges and low population density also limits expansion plans

Growth dependent on investments in remote digital subscriber line access multiplexer systems (DSLAM)

2052

8023.8

34.8

64.0

0.11%0.08%0.06%

0.27%

0.15%

010203040

5060708090

2001 2002 2003 2004 20050.0%

0.1%

0.2%

0.3%

Leased Lines (000) DSL (000)Total Subscribers (000) Penetration

[email protected]


22

22 TOPICS




Conclusions

[email protected]


23

23 Competitive environment - ICT

Currently Licensed

Submission of Applications

2

Q3/Q4 2006

Mobile Providers

Currently only theIncumbunt

Liscenses offered starting – Process under way

1

Q3/Q4 2006

Fixed Telephony

Currently Licensed 3

Data Service Providers

Currently Licensed – Fully libralized 23

Internet Service Providers

[email protected]


24

24 e – TRANSACTIONS LAW

Regulates e-transactions and give confidence to its usage as well as clarify the governing rules for its useGives e-trans. same treatment once confidence conditions metDefines and regulates e-transactionsCovers both commercial and government transactions

Defines requirements of issuing and treating e-signaturesGives e-signatures the same effect as regular signatures once trust conditions are met and requires reasonable protection measure to be devoted to its safe keeping Addresses violations related to forging/tampering..with e-signatures

Establishes an national PKI root center and certification bodies

Defines requirements of confidentiality of customer information and licensing of certificate authorities

Objectives

E signatures

PKI

e – Transaction law is currently under final stages of review

[email protected]


25

25 TOPICS




Conclusions

Overview : Threats on the Rise26

CERT Incidents

0

20,000

40,000

60,000

80,000

100,000

120,000

140,000

1 98 8

1 98 9

1 99 0

1 99 1

1 99 2

1 99 3

1 99 4

1 99 5

1 99 6

1 99 7

1 99 8

1 99 9

2 00 0

2 00 1

2 00 2

2 00 3

Incidents

www.cert.org: المصدر ٍٍ ٍSource : Sematic Security Report 2005

[email protected]


27

27 CITC Mandate

m1

CITC is mandated to establish a national CERT ) المرآز الوطني اإلرشادي ألمن)المعلومات

Part of the Approved Urgent National Mandate under the National IT and Telecom Plan

m1 Reference the actual mandatemoqeely; 13.08.2005

[email protected]


28

28 CITC Mandate

– In response to its mandate, CITC has • Researched and investigated other international CERT initiatives• Held information gathering sessions with relevant

individuals/organizations• Sought input from several reputable organizations • Built up consensus regarding the best approach• (gradual growth, phased approach, non-intrusive)

[email protected]


29

29 Scope and Constituency

Non-Profit body but some services could be based on paid subscriptions for cost recovery – To be decided as per CITC Policy.

Constituency:

– Saudi Civil Cyber Community (Banks, Telecom Providers, Critical Infrastructure, private sector, government, educational, etc.)

[email protected]


30

30

Community and Resources

Critical Infrastructure

Gov Entity 2

Gov Entity 1

Gov Entity n

Companies

Hospitals/Education

SA-CERT

General Public

Vendors R&D centers,Univs

InternationalCERTS

Sec. companies,

Contracted services,

[email protected]


31

31 Roles and Responsibilities

• Establish the SA-CERT and man it with the best security experts• Investigate reported security incidents / threats and put in place

prevention plans – Not real time• Conduct information security studies in cooperation with known

research centers in the field (both academic and commercial)• Provide advise to stakeholders in the area of information security• Work with stakeholders to establish Security Standards and Best

Practices• Coordinate with all stakeholders• Promote IT security awareness

• Organize IT security events• Disseminate information

• Monitor threats and vulnerabilities and alert stakeholders real time on a generic network (high level) basis not on each network. Mostly targeting outbreak of worms, viruses and major security breaches.

• Will not adopt “Intrusive” approaches

[email protected]


32

32 CERT Phases

Phase 1: Initial SetupConclude Consultations/Implementation Frame work (DONE)Establish CERT Prototype (in progress)Build internal human capabilities and resources (Completed) - ContinuousCreate a critical contact list of stake holders (in progress)Establish vulnerability and incidence reporting mechanisms (in progress)Establish links with international CERT agencies

Phase 2: “Awareness-centric” CERTOrganize Awareness event (4th June)Use specialized IT security resources (in progress)Encourage reporting of incidents

Phase 3: CERT fully functional supporting critical national infrastructures

[email protected]


33

33 CERT Prototype

An initial definition of SA-CERTA prototype web site offering services with multiple communication channelsFew subscribersMinimal resources, few employees, Low profileValidate the investment through a proof of conceptIdentify features to put in CERT that are unique to Saudi Arabia in addition to standard infoDevelop and publish a dedicated CERT SA site to serve all stake holders (Gov., individuals,

Corp.)Offer feedback and learning opportunitiesProvide better concept and operational development

[email protected]


34

34




Conclusions

TOPICS

[email protected]


35

35

A well developed Telecom infrastructure and ICT services contribute positively to GDP growth

Digital Divide is multi-dimensional: between countries and within countries (Rural vs. Urban, Poor / Rich ….. etc.)

Saudi Arabia telecom sector Reform and Liberalization

Strong and Effective Regulator

New Licensing are being launched for fixed and Mobile Services

Attractive Investment Opportunities in the ICT sector

Conclusion

[email protected]


36

36

THANK YOU ☺for your attention

… and QUESTIONS????

…

cyber security initiatives in saudi arabia

Documents