The National Cyber Security Agency (NCSA) organised the second edition of Qatar Cyber Assurance conference under the title 'Governance of Cyber security Supply Chain' and launched the accreditation service for penetration testing service providers as part of the accreditation programme offered by the agency, on Thursday.
HE the Minister of Communications and IT Mohammed bin Ali al-Mannai, HE the Minister of State and Qatar Free Zones Authority (QFZA) chairman Ahmed bin Mohammed al-Sayed, NCSA president engineer AbdulRahman bin Ali al-Farahid al-Malki and Jordan's National Cyber Security Centre president engineer Bassam Maharmah.
The conference aimed to enhance cyber awareness of governance and cyber security of supply chains through issuing certificates of compliance in accordance with national standards as well as accreditation programs for cyber security service providers through Qatar Common Criteria Scheme recognised globally.
Al-Malki said the second edition of Qatar Cyber Assurance Conference culminates the mission of the NCSA in strengthening and developing the governance of cyber security supply chain in Qatar.
“Based on our keenness to support the cyber security system in the country in accordance with the Qatar National Vision and the National Cyber Security Strategy, we are making unremitting efforts to ensure the integrity of critical data and information and to maintain the continuity of supply chain operations in the field of cyber security in compliance with national standards," the said.
The NCSA president expressed happiness in Qatar becoming the first country in the Middle East and North Africa to obtain approval for issuing Information Security Certificates for IT devices, from the Common Criteria Recognition Arrangement.
During the opening speech, engineer Dana al-Abdullah, director of Governance and National Assurance Affairs at the NCSA, said: "Many organisations are being penetrated due to supply chain which requires working in several directions. Therefore, the concept of governance and communication with the concerned entities is the cornerstone for reaching a safe and balanced strategy in supply chain governance without hindering development, innovation and sustainable economic development.
“The National Cyber Security Agency is constantly striving to create a safe and resilent cyberspace and one of the most important initiatives and programmes to achieve this goal is to comply with the national cyber security standards and requirements,” she said.
Al-Abdulla reviewed the programmes launched by Qatar years ago to secure supply chain, including accreditation for cyber security service providers, to examine devices and applications and issue compliance certificates while stressing on the continuity of the NCSA in reviewing them and developing activities and services that contribute to achieving the desired goals.
Engineer Jassim al-Muftah, director of the Cyber Assurance Department at the NCSA said the agency is working hard to raise the efficiency of service providers in the cyber security field through the Accreditation Programme, under the National Framework for Information Security Compliance.
He explained that this programme is based on measuring the commitment of service providers to the quality and standards necessary to perform penetration testing including the efficiency of capabilities, the quality of procedures and the safety of services.
During the conference, the NCSA and QFZA signed a memorandum of understanding (MoU) aimed at the governance of companies that provide cyber security services. The NCSA also signed a MoU with Qatar Financial Centre for the governance of companies that provide cyber security services and regulate data privacy.
The conference hosted Lawrence Tai, director of Regulatory Affairs at Singapore Cyber Security Agency, as a keynote speaker who reviewed Singapore experience in securing supply chain, shared lessons learned and success stories. It also included hosting keynote speakers from Turkey and Germany to review experiences related to the examination of devices and applications.
There was a panel discussion on supply chain and cyber security service providers, moderated by engineer Noura al-Abdulla (director, Risk, Resilience and Crisis Management, NCSA) and participated by engineer Dana Yousef al-Abdullah (director, Governance and National Cyber Security Affairs), Adel Darwish (director, Regional Office of the International Telecommunication Union for Arab States), Guy Ngambeket (cybersecurity expert and specialty director in Digital Transformation at Kearney) and Dr Daniel Phelps (Carnegie Mellon University in Qatar).
The conference also included two workshops entitled: The path to obtain penetration testing certification in addition to a lecture delivered by Dr. Ashraf Ismail from the NCSA on Qatar's leadership in examining information technology security in the region.
The NCSA also organised a bilateral meeting with the Cybersecurity Agency in Singapore, during which ways of joint collaboration between both sides were discussed especially in the field of governance of cyber security supply chains.
The conference was attended by around 280 corporate executives, assistant undersecretaries and department directors in various ministries of the country as well as cyber security specialists and professionals.