Eng. Badar Ali Said Al Salehi, Chair of OIC-CERT and Director General of Oman National CERT (OCERT), addresses the evolving landscape of cybersecurity and digital transformation.
The OIC-CERT has established working groups for 5G security and cloud security over the past few years and released related frameworks. What are the key missions of these two working groups, which were discussed during the recent roundtable?
The 5G Security and Cloud Security Working Groups (WGs) are among the more developed within OIC-CERT, addressing essential technological concerns critical to any nation’s digital transformation roadmap. As the industry advances towards 5.5G, the OIC-CERT 5G Security WG will assist in demystifying and facilitating the adoption of this technology by the OIC-CERT member countries and OIC community. The 5G WG developed a 5G Security Framework to establish sustainable security and resilience of the 5G ecosystem through a standardised, impartial, and non-discriminatory manner for regulatory authorities of the member countries.
The OIC-CERT 5G Harmonised and Unified Cybersecurity Certification System (HUCCS) is a cross-recognition assurance methodology with the plan to establish critical 5G evaluation and certification facilities.
Meanwhile, the Cloud Security WG will develop a cloud security framework providing work towards high-level guidance on direction and strategy based on common open certifiable standards. The framework will be technical operating procedures and technical specifications that align with national strategies and regulatory compliance requirements. To kick off, the WG is planning a pilot implementation for the OIC-CERT Cloud Security Framework, with a Central Asia Cloud Security whitepaper, alongside a series of Cloud Security roundtables, which is replicating what had been done last year for the Middle East region.
In addition to those existing WGs, some new activities, such as AI study groups and supply chain working groups, were proposed. Can you please elaborate further on those points?
The OIC-CERT recognised the emergence of new technologies and the security threats they pose such as AI security, AI governance, supply chain security, post-quantum cryptography, and data security governance that were well covered during MWC. We’ve had expert group workshops discussing these issues in December 2023, and OIC-CERT plans to form study groups and WG to facilitate OIC-CERT member countries and the OIC community in mitigating security issues of these technologies in the digital transformation journey.
It’s encouraging to see more OIC-CERT members leading these new areas of work, tapping into the collective expertise from the 57 OIC member countries globally, ranging from Africa to the Middle East and from Central Asia to Southeast Asia.
Regarding the private and public collaboration case study, the Cybersecurity Industry Development Strategy Maturity Model (CIDSMM) was announced at last year’s Regional Cybersecurity Summit in Abu Dhabi, UAE. What are the main activities promoting this project?
The CIDSMM will be a critical initiative within OIC-CERT, serving as a model to assist Arab and OIC member countries understand their cybersecurity strengths and weaknesses. This will assist in the development of each technology or industry vertical in a measurable and repeatable way. We’re currently considering a pilot site implementation per region and alignment with other international best practices and industry standards.
How does the OIC-CERT Cybersecurity roundtable discussion mark a new departure to enhance OIC-CERT’s efforts to instil digital trust and resilience? What was the importance of having this roundtable during MWC 2024?
The roundtable symbolises a significant milestone for OIC-CERT, marking our emergence as a major player in the global cybersecurity industry. We’re demonstrating our commitment to building a safer, more secure, and resilient cyberspace.
With the strong support from OIC-CERT member countries participated in the roundtable discussion such as Oman, Malaysia, United Arab Emirates (UAE), Indonesia, Azerbaijan, Brunei, Egypt, Bangladesh, Jordan, Nigeria, Uzbekistan, Pakistan, etc., the biggest OIC contingent ever to be seen making a physical presence at any MWC of the past signifies the intention of OIC member countries taking charge of their responsibilities and positioning OIC-CERT in the digital realm.
The resolutions passed during this roundtable should be the flag that we would like to plant at the summit of Mt. Everest of Cybersecurity cooperation, thereby staking our unwavering commitment to the OIC member countries and the international community as a whole. Cybersecurity is never the concern of one country or one region alone but the collective concern of the entire world.
