Building Qatar s cyber security resilience

Transcription

1 QATAR 13 th - 14 th September 2015 Marriott Marquis City Center Doha Hotel, Doha, Qatar Building Qatar s cyber security resilience Proactive, Reactive and Collective Cyber Security Post event report naseba.com Industry meeting by

2 2 INTRODUCTION Introduction Dear reader, This post-event report gives a detailed breakdown and reference guide to the 7 th Edition Cyber Defence Summit held on 13 th and 14 th September 2015 in Doha, Qatar. In all, the summit hosted 153 participants mainly representing government agencies, defence and security authorities, financial institutions, oil and gas companies, utilities, telecom and ISPs, universities, large enterprises and other critical national infrastructure organisations. Under the theme Building Qatar s cyber security resilience, the agenda addressed pressing cyber security aspects such as high-level strategic planning; critical infrastructure protection; advanced persistent threat prevention; securing the cloud, mobile, big data and social platforms; addressing the human factor; risk management, business continuity and disaster recovery; collaboration and capacity building, to name a few. To address the current and future cyber security challenges of Qatar, and to propose appropriate strategies, solutions, training and technologies, 10 leading IT and Security companies showcased their capabilities in the corporate networking area. Special mention to: Gold Sponsors: BAE Systems Applied Intelligence, Fortinet, Ooredoo and Spire Solutions. Silver Sponsors: Fidelis Cybersecurity, Global Security Network and Stormshield. Bronze Sponsors: Cyberoam, Entrust and Solucom. Training Sponsor: MIH Training Academy. Most importantly, I would like to acknowledge the summit s Advisory Board, distinguished speakers, delegates and the members of the media who committed their time and support. Respectfully yours, Naveen Bharadwaj Senior Project Manager Naseba

3 3 OVERVIEW Day one, 13 th September 2015 Naseba s Managing Director Nicholas Watson welcomed the attendees and presented key statistics from a survey Naseba had conducted with over 200 CIOs and CISOs based in Qatar. Eng. Samir Pawaskar, the Summit s Chairperson, connected with the audience through his welcome address revolving around the immediate need for cyber security awareness and the various efforts being carried out by the Ministry of Information and Communications Technology (ictqatar). The opening panel, chaired by Mustapha Huneyd, emphasized the need for smart planning and effective strategies as critical national infrastructures and sensitive information are constantly falling under the radar of cyber criminals. Panelists included Claudio Lo Cicero, Simon Goldsmith, Farrukh Ahmed and Eng. Samir Pawaskar. During the 90 minute networking break, over 80 pre-scheduled and adhoc meetings were conducted between the delegates and the solution providers, all based on the current and future cyber security needs of the delegates. Immediately after the break, the participants witnessed four highly interesting presentations which included a combination of case studies, lessons learned, best case examples, product specifications and more. The presenters were Kalle Bjorn, Sameh Sabrey, Gilles Loridon and Jim Jaegar. Last session of the day was an interactive panel discussion revolving around cyber security challenges in the energy sector and practical solutions to overcome them. Moderated by Jim Jaegar, the session was joined by Aarn Wennekers, Abdul Sathar, Yasir Hamza and Claudio Lo Cicero. Day two, 14 th September 2015 Naveen Bharadwaj, Senior Project Manager at Naseba, welcomed the audience back and gave a recap of the sessions held on day one. The first session of day two was an interactive panel discussion on the subject of security implications with disruptive technologies such as cloud, mobility, big data and social media. Mohammad Ballan, Aftab Afzal and Satyanarayan Banjapally were the panelists while Sami Al Shammari was the moderator. Over 40 pre-scheduled meetings were conducted during the 60 minutes break in addition to several introductions facilitated between the delegates and solution providers. The closing panel discussion hosted Dr. Marc Dacier, Trevor Moore, Dr. Munir Tag and Gaurav Sharma. Chaired by Aarn Wennekers, the panelists elaborated the need for a collaborative approach and how capacity building can help overcome challenges. As networking plays a key role in one s professional career, the tipping point and final session of the Summit was the Naseba Networking Hub. Over 60 participants met with at least 20 of their industry peers, for 2 minutes each, all within a short span of 40 minutes.

4 4 OVERVIEW The 4 key takeaways from the interactive discussions and presentations of the agenda were: 1. Developing a culture of cyber security A lot of emphasis has been placed on upgrading infrastructures and huge amounts of money is being spent on fancy cyber security products and solutions. However, these spending and efforts would be meaningless without educating and creating awareness amongst all the stake holders of companies and people of the nation. Worldwide, actors at all levels, from individuals to nations, need to ensure that cyberspace and the systems dependent on it are resilient to evolving threats. Simple acts such as employees (from receptionist to CEO) locking their computers while not at their desks and not sharing their login credentials with colleagues to encouraging children to not divulge details online (social media) will go a long way in adding impetus to ensuring utmost cyber security. 2. Cyber security capacity building This is one key area which will decide the future of effective cyber security. ictqatar, Ooredoo, Qatar University, Qatar Foundation and several other national entitles are investing a lot of money in developing local cyber security resilience and workforces. Children are being taught cyber security at school; college students are being encouraged to take up cyber security as main stream; young innovators and entrepreneurs are being backed by physical facilities and funds to pursue cyber security as a career; and the industry is collaborating to set up local cyber security facilities that can help protect systems, detect threats, mitigate risks, report incidents and restore normal operations. All of these with an inherent emphasis on building local national resilience. 3. Protection of disruptive technologies such as cloud, mobile and big data Increasing number of enterprises are embracing cloud and mobile technologies to have the competitive edge and to better serve their customers. Volume of information being collected and processed has grown manifolds, and is contributing to business intelligence in the form of big data. While these are positive developments, they automatically open the Pandora box of security concerns. Instead of shying away from these technologies because of the threats they entail or jumping onto the bandwagon because these technologies are cool to have, organisations need to thoroughly review the pros and cons that would particularly impact their organisation and seek maximum security protection if a decision is made to implement them. Contractually pressing the solution providers to cover for security can be a great start. 4. Industry specific security focus along with dedicated risk management practices One size does not fit all therefore sectors need to come together to set up committees and panels to collectively address topics such as identification of risks in that particular sector, sector critical infrastructures, sector crisis management, standards & best practice, training and awareness, and areas for research and development. Qatar is a great example for this given the ictqatar s efforts in setting up industry specific information security risk committees such as Energy Sector Information Risk Expert Committee (EN-IREC) and Financial Sector Information Risk Expert Committee (FS-IREC). After all, ensuring utmost cyber security is a choice, a choice that is becoming mandatory. View session videos View photo gallery

5 5 ATTENDEE BREAKDOWN Understanding Qatar s current cyber security landscape In the build up to the summit, we conducted a survey with over 200 heads of IT and security from Qatar. Below are the results of some of the key questions asked. How important is cyber security to their organisation? (Rank on the scale of 1 to 10 with 10 being the most important) 1 (3%) 2 (1%) 21% 35% 3 (3%) 4 (2%) 5 (4%) 18% 6 (4%) 10% 3% 3% 1% 4% 4% 2% 7 (10%) 8 (18%) 9 (21%) 10 (35%) Does their company have existing cyber security systems and/or services? 46% Yes (54%) No (46%) 54%

6 6 ATTENDEE BREAKDOWN What is their budget allocation for cyber security? (In US$ million) 17% 11% 4% 4% 1% (63%) 1-2 (17%) 2-5 (11%) 5-10 (4%) (4%) 50+ (1%) 63% When are they looking to procure? (In months) 37% 32% 0-3 (10%) 3-6 (22%) 6-12 (37%) 10% 5-10 (32%) 22%

7 7 ATTENDEE BREAKDOWN Which of the following cyber security services and solutions are they interested in? Enterprise Security, Big Date and Security Analytics (90) Cloud, Mobile and Web Security (82) Fraud Prevention and Banking/Transaction Security (28) Network Security and Monitoring, End Point Security (115) Antivirus, Antimalware and Firewall (105) APT, Zero Day, DDoS and Targeted Attack Prevention (59) GRC, ERM, Back up, Business Continuity and Disaster Recovery (43) Incident Response, Digital Forensics, Network and Host Forensics (50) Penetration Testing and Intrusion Detection/Prevention (65) Identity, Access and API Management (47) Security Consultation and Training (55) Other (4) % 90% 92% 80 82% % 43% 50% 65% 47% 55% 28% %

8 8 SPEAKERS Speakers Aarnout (Aarn) Wennekers Advisor, Audit and Corporate Governance Ministry of Energy & Industry and Qatar Petroleum Abdul Sathar Head of ICT, IT Department Qatar Fuel Additives Company (QAFAC) Aftab Afzal Director Security BU SER and EMEA East Akamai Technologies Claudio Lo Cicero Chief Information Security Officer Maersk Oil Farrukh Ahmad Chief Information and Technology Security Officer (CIO and CTSO) Vodafone Qatar Eng. Gilles Loridon Chief Executive Officer Global Security Network Gaurav Sharma Security Architect Ooredoo Qatar Jim Jaeger Chief Cyber Services Strategist Fidelis Cybersecurity Kalle Bjorn Director, Systems Engineering Middle East Fortinet Dr. Marc Dacier Principal Scientist and Acting Director, Cybersecurity Research Group Qatar Computing Research Institute

9 9 SPEAKERS Mohamad Ballan Chief Information Security Officer Doha Bank Dr. Munir Tag Program Manager, ICT, Qatar National Research Fund (QNRF) Qatar Foundation Mustapha Huneyd Head of Corporate Information Security Ooredoo Qatar Sameh Sabry Associate Vice President Spire Solutions Sami Al Shammari IT and Telecommunications Manager Oryx GTL Eng. Samir Pawaskar Head of Cyber Security Policy and Standards Ministry of Information & Communications Technology (ictqatar) Satyanarayan Banjapally Head of SAP and IT Qatar National Cement Company Simon Goldsmith Director Cyber Security (Commercial), Middle East BAE Systems Applied Intelligence Trevor Moore Chief Information Officer Qatar University

10 10 OFFICIAL SPONSORS Official sponsors GOLD SPONSORS SILVER SPONSORS

11 11 OFFICIAL SPONSORS BRONZE SPONSORS TRAINING SPONSOR

12 12 PHOTO GALLERY Photo gallery Chairperson Samir presenting the opening remark to over 120 CIOs and CISOs Energy sector cyber security being elaborated by Aarn, Claudio, Sathar, Yasir and Jim

13 13 PHOTO GALLERY Kalle, Sameh, Gilles and Jim briefing the audience on APT, next generation threats, security automation and SCADA-IT Security. One-to-one business meeting to source cyber security solutions and services

14 14 PHOTO GALLERY Tailored peer-to-peer networking International and local solution and service providers presenting their offerings

15 15 PHOTO GALLERY Protection of disruptive technologies (cloud, mobile, big data and social media) being discussed by Sami, Satya, Aftab and Mohamad. International cyber security solution providers discussing local requirements

16 16 PHOTO GALLERY Capacity building and collaboration discussion featuring (L to R) Aarn, Dr. Tag, Gaurav, Trevor and Dr. Dacier Speed dating with a business card - corporate networking with a twist To view the complete image gallery, please click here

17 17 ATTENDEE LIST Attendee list COMPANY NAME AECOM Al Jazeera Media Networks Al Muftah Group Aspire Zone Foundation (Qatar) Aspire Zone Foundation (Qatar) Audit Bureau Bein Media Group Bein Media Group College of the North Atlantic - Qatar ConocoPhilips Customs and Ports General Authority Customs and Ports General Authority Dar Al Sharq (Media) Dar Al Sharq (Media) Doha Bank Doha Cables Doha Cables Doha Film Institute Energy City Qatar Energy City Qatar Exxon Mobil Ezdan Holding General Retirement and Social Insurance Authority Gulf Drilling International Ltd. (Q.S.C.) Gulf Drilling International Ltd. (Q.S.C.) Gulf Warehousing Gulf Warehousing Hamad International Airport Hamad Medical Corporation HSBC Bank Middle East Ltd International Medical Company Investment House Jaidah Group JX Nippon Oil & Gas Exploration (Qatar) Limited, Doha Office KEMCO Group JOB TITLE (ATTENDEE NAME) Head of Technology Architecture I T Manager Information Security Officer Head of IT Strategy & Governance Head of IT Executive Director of Technology Dean of I T & BP, Russia,Caspian,Africa & Middle East Network & Security Manager Network Manager ITI Section Head Information Security Officer Assistant Head of Information Technology CTO Sr. Electrical Manager Middle East System and Network Unit Supervisor IT Security & Governance Specialist Senior Internal Auditor Senior Manager IT IT Audit Manager IT Security Manager HICT Manager Country Head-Security and Fraud Risk Internal Audit Manager IT Director

18 18 ATTENDEE LIST COMPANY NAME KG Group Khalid Cement Mada (Qatar Assistive Tecnology) Mall of Qatar Masraf Al Rayan Ministry of Administrative Development Ministry of Economy and Finance Ministry of Economy and Finance Ministry of Interior Ministry of Interior Ministry of Interior Ministry of Interior Ministry of Labour and Social Affairs Ministry of Youth and Sports Mowasalat Nasser Bin Khaled New Port Project Occidental Petroleum - OXY Ooredoo Petroserv Primary Health Care Corporation (PHCC) Q Post Q Post Qatalum Qatar Aeronautical College Qatar Central Bank Qatar Computing Research Institute - Qatar Foundation Qatar Development Bank Qatar Foundation for Elderly People Care Qatar Fuel - WOQOD Qatar Fuel - WOQOD Qatar Fuel Additives Company Qatar Gas Transport Company Qatar International Islamic Bank Qatar International Islamic Bank Qatar Investment Authority Qatar Investment Authority Qatar Lubricants Co. Ltd JOB TITLE (ATTENDEE NAME) Director of IT Information Security Manager Head of System Administration IT Director Senior IT Advisor IT Security Head IT Security Officer IT Security Officer IT Security Manager Information Security Manager IT Director IT Applications Manager Director of BIT Finance & Team Lead - IT Infrastructure & Operations Head- IT Security Head of IT Head of IT Projects Chief of Systems Development IT Director Head of IS/IT infrastructure & security IT Consultant & Acting Head of IT Head of Information Security Unit Manager of Research Computing IT Security Administrator Applications Development Manager Application Security Manager Head of ICT Head of Infrastructure, Information Technology Head of Information Security Head of IT Infrastructure, Support and Delivery Enterprise IT Security IT Service Manager Systems Manager

19 19 ATTENDEE LIST COMPANY NAME Qatar Meteorology Department CAA Qatar Meteorology Department CAA Qatar National Cement Company Qatar National Library Qatar National Research Fund Qatar National Research Fund Qatar News Agency Qatar Olympic Committee Qatar Petrochemical Company (QAPCO) Qatar Petrochemical Company (QAPCO) Qatar Petrochemical Company (QAPCO) Qatar Petrochemical Company (QAPCO) Qatar Petrochemical Company (QAPCO) Qatar Petrochemical Company (QAPCO) Qatar Ports Management Company Qatar Power Qatar Red Crescent Society Qatar Steel Company Qatar Steel Company Qatar University Qatar Vinyl Company LTD Qatari Investors Group Qatari Public Prosecution Qatari Public Prosecution Ras Laffan Power Company (RLPC) - Qatar Petroleum Salam International Investment Sidra Medical and Research Center The Commercial Bank of Qatar The Commercial Bank of Qatar The Commercial Bank of Qatar The Commercial Bank of Qatar The Group Securities Total Global Transind Holding United Bank Limited Weill Cornell Medical College Weill Cornell Medical College JOB TITLE (ATTENDEE NAME) Network Manager Head of Networks head of IT and SAP Associate Director for Library Information Technology Program Officer IT Advisor CIO IT Security Consultant Head of Automation & Head of E & A Head of Automation Assistant Head of Engineering E & A Lead Specialist IT Security Lead Assistant Head of IT Security Director of Information Technology Information Security Lead Information Security Manager Senior Information Security Officer Consultant Network Manager Senior Security Consultant Administration Manager Unix and Security Manager Head of Systems Security Acting Head of Information Security Head of Information Security Information Security Specialist Senior IT Auditor IT Perfomance Manager Lead IT Security (RSSI-L), Compliance (IMCM) and Projects Head of IT Head Of I T Director, ITS Operations Senior Manager Network/ Telecommunications/Audio Visual

20 20 TESTIMONIALS Testimonials Majority of the attendees were decision makers and key influencers. We are confident of doing business with them soon. Spire Solutions Associate Vice President Naseba staff were very well organised and helped us to the maximum extent. The event is successful for us. BAE Systems Director Cyber Security (Commercial) Middle East This truly is better than regular exhibitions and conferences. We will definitely consider participating again. Fidelis Cyber Security Chief Cyber Security Strategist Lots of high level attendees. One to one meetings are a great idea. Very satisfied. Ooredoo Head of Corporate Information Security Very professional and well organised platform. Global Security Network Chief Executive Officer

21 21 UPCOMING EVENTS Upcoming events Hotel Technology Summit November 22 nd - 23 rd 2015 Dubai, United Arab Emirates Municipality Expansion & Excellence Summit (Smart Cities) November 25 th - 26 th 2015 Riyadh, Saudi Arabia 8 th Edition Cyber Defence Summit February 23 rd - 24 th 2016 Riyadh, Saudi Arabia 7 th Annual Kingdom Smart Government Summit May 8 th - 9 th 2016 Riyadh, Saudi Arabia 9 th Edition Cyber Defence Summit September 6 th - 7 th 2016 Doha, Qatar Upcoming training Certified Information Systems Risk and Compliance Professional Training February 14 th 18 th 2016 Dubai, UAE COBIT 5 Foundation Certification Training November 29 th December 1 st 2015 Doha, Qatar Lean IT Management Foundation Course February 7 th 9 th 2016 Doha, Qatar

22 22 CONTACT INFORMATION Contact information NASEBA Boutique Villa No 5, Dubai Media City Dubai - United Arab Emirates P F [email protected] WE ARE ON Contacts NAVEEN BHARADWAJ Senior Project Manager [email protected] ROMELL GUMMBS Sponsorship Manager [email protected] SUMEDHA JOSHI Marketing Manager [email protected] PATRICK WILLIAMS Delegates Manager [email protected]

23 23 ABOUT NASEBA About naseba Naseba offers business facilitation expertise in growth markets. We create deal flow, foster networking and enhance knowledge exchange. Naseba supports you with educating your workforce, entering new markets, raising capital, securing partners and closing sales. Our services include investor introductions, industry meetings, leadership forums, and professional trainings. Investor introductions provide pre-qualified business cases with direct meetings with pre-screened investors. Industry meetings connect pre-screened purchasing decision makers with solution providers to shorten their sales cycle. Leadership forums bring together business executives through an interactive agenda of keynotes, panels and workshops produced to drive change. Professional trainings offer a wide range of executive courses, crafted to advance careers and execute business strategy. Naseba partners with governments, key figures in media, industry and academia to add real value to our network worldwide. Since inception in 2002, Naseba has connected over 80,000 executives globally through more than 700 proprietary business platforms. Naseba operates from 4 main offices in India, Saudi Arabia, United Arab Emirates and the United States, and local representatives in Algeria, China, Malaysia, Portugal and Spain. Naseba. Creating opportunity.... For more information visit

24 24 ABOUT NASEBA Since inception in 2002 naseba has produced over 700 events and played host to 80,000 delegates globally. 700 INITIATIVES DELEGATES Naseba operates from 4 main offices in India, Saudi Arabia, United Arab Emirates and the United States, and local representatives in Algeria, China, Malaysia, Portugal and Spain.

25 Investor introduction Industry meetings Leadership forums Professional training