What are the efforts of Saudi Arabia in cyber security?
As part of the Saudi Vision 2030 plan, Saudi Arabia has developed and issued the Essential Cyber Security Controls (ECC). Through these actions, the government and its affiliated organizations want to assert their position on cyber security, as basic cyber security controls were created keeping the needs of all businesses and sectors in Saudi Arabia in mind.
Over the past few years, government agencies in the Kingdom have set strategic and tactical goals to strive towards achieving the Kingdom's Vision 2030. This includes the digital transformation of many key sectors and industries. The National Cybersecurity Authority (NCA) in the Kingdom has issued several cybersecurity regulations that all government agencies and Critical National Infrastructure (CNI) must abide by. As such, cyber security has become an essential business mandate by all government and CNI entities.
The first "National Information Security Strategy (NISS)"
In 2011, the Ministry of Communications and Information Technology (MCIT) - one of the government agencies responsible for cybersecurity and the digitization of government services in Saudi Arabia - began developing the country's first "National Information Security Strategy (NISS)". While the strategy focuses on providing a safe and robust digital environment, it also points to the cybersecurity skills gap in the country as an impediment to achieving the desired goal.
To address the cybersecurity skills gap, the Ministry of Communications and Information Technology launched talent development programs and partnerships with global IT companies to train more than 56,000 young Saudis in key ICT skills between 2017 and 2020. It also established a National Academy of Information Technology in cooperation with Saudi Arabia. Aramco to train and develop Saudi talents.
In 2016, Saudi Arabia witnessed a large number of cyber attacks that had a significant impact on its government agencies and private sector companies. The Kingdom has been subjected to about 1,000 cybersecurity attacks targeting critical infrastructure, seeking to steal data and cause service outages.
Saudi Arabia's efforts in cyber security
Potomac's assessment revealed that Saudi Arabia, which is believed to be one of the most vulnerable countries to cyberattacks, is making efforts to improve its cyber preparedness at the national level. The Potomac Institute for Policy Studies (PIPS) recently published a report on “A Snapshot of Cyber Readiness in Saudi Arabia” which provides a comprehensive analysis of cybersecurity efforts and capabilities in the country.
SC Magazine quoted the report as saying that the Kingdom of Saudi Arabia is striving to achieve its ambitious goals of the Vision 2030 strategy, the latter of which is based on the strategic location of the Kingdom of Saudi Arabia as a hub linking Asia, Europe and Africa.
According to the Cyber Readiness Index (CRI) 2.0 methodology, the newly established Presidency of State Security in Saudi Arabia aims to enhance cyber resilience in the country through the following measures:
Develop and formalize a national cybersecurity framework and strategy
Define clearly defined roles and responsibilities of ministries and organizations
Promote information exchange and cooperation
Building cyber security capabilities and raising awareness
Saudi Cyber Security Workforce Development (SCyWF)
Define clearly defined roles and responsibilities of ministries and organizations
Promote information exchange and cooperation
Building cyber security capabilities and raising awareness
Saudi Cyber Security Workforce Development (SCyWF)
The Saudi National Cybersecurity Authority (NCA) leads the national effort to protect the country's cyberspace. This job requires a qualified national cyber security workforce capable of carrying out all types of cyber security work. The NCA's mandate was issued by Royal Order No. 6801, dated October 31, 2017. This includes building the national cybersecurity workforce, participating in the development of education and training programs, preparing occupational standards and frameworks, and developing and running exams to evaluate cybersecurity professionals. NCA developed the Saudi Cybersecurity Workforce Framework (SCyWF) as an essential step towards implementing this mandate.
The SCyWF categorizes cybersecurity work in Saudi Arabia, defines job roles within each category and outlines the requirements for each job role in terms of tasks, knowledge, skills, and abilities (TKSAs). The main objective of SCyWF is to serve as a reference model and guideline for the preparation, development, recruitment, promotion and management of a cybersecurity workforce. Provides a common lexicon that improves communication and content development for talent management activities. It also helps define learning outcomes for education and training programs with the knowledge, skills, and abilities (KSA) required for different job roles in the field of cyber security.
Add New Comment