Research Article published in the 3rd Annual Cyber Security for Energy & Utilities.
23 - 26 March 2014 - The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, United Arab Emirates
What's New in Teams Calling, Meetings and Devices March 2024
Cyber Crime Challenges in the Middle East
1. Cybercrime Challenges
in the Middle East
Special insights from: Mohamed N. El-Guindy, Information Systems Security Association,
Egypt Chapter, Founder and President
2. Introduction
Advanced communication technologies open the
door to advancement of humanity and crimes as
well. But Legislation and legislators are always
slower than the development of ICTs leaving our
region vulnerable to all types of cyber attacks and
will make cybercrime laws difficult to enforce.
The latest incidents in the region from Stuxnet to
Saudi Aramco attack prove without a doubt that we
are now part of global cyber conflicts.
In this analysis, I will introduce the challenges that
face both legislators and law enforcements in the
region when dealing with cybercrime phenomenon.
1st Challenge – Responsibility
In Middle East countries there is big dilemma
when it comes to cyberspace related laws. When I
investigated available cybercrime legislation in the
region1, I found that there is no one responsible
government department for drafting or dealing with
cyber laws. Many government agencies might be
involved in cyber related laws such as “E-signature,
E-commerce, domain name registration, copyright
and IP, cybercrime, cyber espionage, and cyber
terrorism”. To discuss such laws I can notice
the involvement of more than one government
departments for example “Ministry of Trade,
Ministry of ICT, Ministry of Interior, Central Bank,
Ministry of Justice, and even Intelligence and
Defence departments”.
CY B E R CR IM E C H AL L E N G E S IN T H E M ID D LE EAS T
The problem that any of the above authorities could
claim responsibility of such laws and that will be
big challenge for Middle East governments when
drafting cybercrime law. It’s important to establish
dedicated government department to deal with
cyber laws. The UAE for example appointed special
courts for cybercrime cases.
2nd Challenge – Legislative
Capabilities
Legislation is part of anti-cybercrime strategy
and not the entire solution. The problem is, when
legislators deal with cybercrime issues they will try
to apply normal jurisdictional measures that might
include civil law, criminal law, and regulatory law.
It might work in few cases but will not work in all
cybercrime cases especially crimes that depend on
the Internet. Cyber legislation or related laws are
poor or absent in the region according to my latest
findings. Even current cybercrime laws couldn’t
be considered complete and reliable to tackle
cybercrime especially at prosecution stage which is
considered one of the most complicated steps.
3. 1010101010101010101010101
01010101010101010101010
1010101010101
Evolve and adapt in SCADA, DCS and ICS security
Boo
k an
p
9 Fe ay bef d
o
bru
ary re
to s
20
ave
US$ up to 14
Evolve and adapt in SCADA, DCS and ICS security
23 - 26 March 2014
The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
650
!
Evolve and adapt in SCADA, DCS and ICS security
23 - 26 March 2014
“Free golf training session
The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
for the first 30 registered
Benefits of attending
attendees!”
Celebrity speakers:
23 - 26 March 2014
The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Bill Cheswick
Celebrity speakers: Creator of the world’s first
network firewall & Author of
Bill Cheswick
Bill Cheswick
Don Codling, Former Cyber
Don Codling, Former Cyber
“Firewalls and Internet Security: Chief, FBI,
Creator of the world’s first
Creator of the world’s first
Security Unit Chief, FBI,
Security Unit
network firewall Repelling the Wily Hacker” States
network firewall & Author of
& Author of
United States
United
“Firewalls and Internet Security:
“Firewalls and Internet Security:
Repelling the Wily Hacker”
Repelling the Wily Hacker”
VIP Keynote speakers:
VIP Keynote
speakers:
Lt. Col. Faisal Mohamed Al
Lt. Col. Faisal Mohamed Al
Dr. Jamal Mohamed Al Hosani
Dr. Jamal Mohamed Al Hosani
Shamari, Chief Information
Shamari, Chief Information
Official Spokesman & Director
Official Spokesman & Director
Security Officer, Abu Dhabi
Security Officer, Abu Dhabi
ICT, National Emergency Crisis Mohamed Al Hosani
ICT, National Emergency Crisis
Dr. Jamal
Police GHQ, UAE
Police GHQ, UAE
& Disaster Management
& Disaster Management
Authority, UAE Official Spokesman & Director
Authority, UAE
ICT, National Emergency Crisis
& Disaster
Exclusive presentations from: Management
Authority, UAE
Mohamed Al Sawafi, Head of IT Services, GASCO, UAE
Mohamed Al Sawafi, Head of IT Services, GASCO, UAE
Reimer Brouwer, Head of IT Security, ADCO, UAE
Reimer Brouwer, Head of IT Security, ADCO, UAE
Mohammed Ikrami, IT Security Officer, Fertil, UAE
Mohammed Ikrami, IT Security Officer, Fertil, UAE
Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait
Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait
Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia
Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi Arabia
Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait
Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait
Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE
Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE
Mohamed Al Sawafi, Head of IT Services, GASCO, UAE
Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE,
Mahmoud Yassin, Lead Systems and Security Data Center Group, NBAD, UAE,
Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE
Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE
Reimer Brouwer, Head of IT Security, ADCO, UAE
Gilles Loridon, CEO, Global Security Networks, UAE
Gilles Loridon, CEO, Global Security Networks, UAE
Exclusive presentations from:
Don Codling, Former Cyber
Security Unit Chief, FBI,
United States
Identify emerging cyber threats
Understand the need to protect
Identify emerging cyber threats and evolving landscape in the energy and utilities industries
Identify emerging cyber threats and evolving landscape in the energy and utilities industries
Determine best security practice
Understand the need to protect critical infrastructure and its impact on energy economics
Understand the need to protect critical infrastructure and its impact on energy economics
Determine best security practices for ICS/SCADA systems
Determine best security practices for ICS/SCADA systems
Learn to protect real time system
Learn to protect real time systems from cyber attacks
Learn to protect real time systems from cyber attacks
Know how to protect cloud comp
Know how to protect cloud computing networks
Know how to protect cloud computing networks
Tackle backdoor interface vulnerabilities in SCADA systems
Tackle backdoor interface vulnerabilities in SCADA systems
Tackle backdoor interface vulner
Understand cyber defence strategies and their subsequent implementation
Understand cyber defence strategies and their subsequent implementation
Interact and network with industry experts from leading national and Understand cyber defence strate
Interact and network with industry experts from leading national and international oil
international oil
companies, IT security solution providers, as well as banks, power and telecom companies
companies, IT security solution providers, as well as banks, power and telecom companies
Interact and network with indust
Lt. Col. Faisal Mohamed Al
Associate sponsors:
Associate sponsors:
Exhibitor:
Exhibitor:
companies, IT security solution p
Shamari, Chief Information
Security Officer, Abu Dhabi
Police GHQ, UAE
Associate sponsors:
Benefits of attending:
For more information or to
register Tel: +971 4 364 2975
Supported by:
Supported by:
Media partners:
Media partners:
Researched and
Researched and
developed by:
developed by:
Email: enquiry@iqpc.ae
www.cybersecurityme.com
Mohammed Ikrami, IT Security Officer, Fertil, UAE
Andrey Zolotavin, Senior Real Time Systems Engineer, KOC, Kuwait
For more information or to register - Tel: +971 Arabia
Habeebu Rehman, Sr. Supervisor IT Security, Petrorabigh, Saudi 4 364 2975 Fax: +971 4 363 1938
Email: enquiry@iqpc.ae
Abdullah Al-Akhawand, Sr. IT Engineer, KGOC, Kuwait www.cybersecurityme.com
Moazzem Hossain, Operations Planning and Studies Department Manager, ADDC, UAE
CYB NBAD, UAE,
Mahmoud Yassin, Lead Systems and Security Data Center Group, ERCRIME CH ALLEN GES IN T HE MIDDLE EAST
Ali Rebaei, World’s Top 51 Big Data Influencer, Expert and Consultant, UAE
Gilles Loridon, CEO, Global Security Networks, UAE
And many more…
And many more…
And many more…
Med
4. The following MENA countries have either
dedicated cybercrime law or special system to deal
with cybercrime:
UAE: Federal Law No.2 of 2006
Saudi Arabia: Cybercrime System (2007)
Oman: Cybercrime Law (2011)
Syria: Cybercrime and Communication on
the Internet (2012)
Jordan: Cybercrime temporary law (2010)
I suggest that governments learn from Council
of Europe and try to ratify CoE cybercrime treaty.
They don’t need to copy and paste, they need
to understand first then apply the procedures
and draft dedicated cyber laws that meet their
requirements and according to the Universal
Declaration of Human Rights.
3rd Challenge – Technical
Capabilities
From my experience with law enforcement
agencies in the region, I can tell that there is
big dilemma when it comes to the procedural
measures of cybercrime-related investigations.
There is also a problem to maintain the integrity of
the digital evidence during an investigation as it is
always important in a criminal case, but the nature
of the evidence in cybercrime makes that job far
more difficult. Police officers can easily damage
the digital evidence in cybercrime cases by using
normal methods of seizure and arrest.
CY B E R CR IM E C H AL L E N G E S IN T H E M ID D LE EAS T
Law enforcement officers face big challenge before
arresting the suspect, they will need to reveal
where- and who- the criminal is. Since cybercrime
is a transnational crime, the chances of tracking
down suspects could be very hard if not impossible.
However, attempts to better track online identity
raise serious issues for privacy advocates and
result in political backlash which is something
normal in the Middle East. I understand that it will
be big challenge for law enforcement officers as
they might consider activists as cybercriminals
when reporting cybercrime.
I suggest that special procedural measure should
be mentioned in any cyber law especially when
dealing with digital evidence. Law enforcement
should be trained on latest technologies related to
cybercrime investigation.
4th Challenge – Organizational
Structure
One of the big challenges in the region is
overlapping especially when dealing with
cybercrime cases. Cybercrime require highly
developed organizational structures to be in place.
Without clear competences it will be difficult to
carry out complex investigations that require
assistance of different legal as well as technical
experts. In the Middle East there is inconsistency
and lack of collaboration between many actors to
tackle Cybercrime. One of the well-know example
is the collaboration between Computer Emergency
Response Teams (CERTs) and Law Enforcement
Agencies. At present CERTs “if found” and law
enforcement agencies work mainly on their own in
the fight against cybercrime.
5. Collaboration between different actors should
be addressed in cybercrime legislation in order
to improve organizational structure to combat
cybercrime.
5th Challenge – Education
One of the most important elements in combating
cybercrime is education and awareness.
Unfortunately there is no effective strategy or
plan to improve capacity building and security
education in the region. There are few awareness
campaigns in Oman, Saudi Arabia, Qatar and UAE.
Cybercrime legislation is not the only solution to
fight cybercrime. It is part of bigger cyber security
strategy which also requires improved education
and awareness campaigns.
Governments should improve their capacity
building and education of their employees and
citizens to better tackle cybercrime.
Source:
Mohamed N. El-Guindy
Information Systems Security
Association, Egypt Chapter,
Founder and President
http://netsafe.me/
Mohamed is a well-known Cybercrime Expert in the
Middle East and works as a consultant for national
and international organizations. He is the CEO of
ASK PC Academy also serving as the president for
ISSA (Egypt chapter). He is an IT specialist with a
broad experience, worked in the field of Information
Technology for over a decade.
Mohamed is a Technical Speaker in International
events and workshops related to Cybercrime
and Information Security. He is the author of
various IT and Security courses in both Arabic
and English which approved by IEEE. Next to this
he is a Member of IEEE, IEEE Computer Society,
Professional Member of the British Computer
Society, Chartered IT Professional from BCS,
BCS Chartered Membership Assessor, Chartered
Engineer (Engineering Council-UK), MCGI Senior
Award holder from City & Guilds of London Institute,
Member of ISSA (Information Systems Security
Association), and other International Engineering
and Technology Associations.
Mohamed is listed in Marquis Who’s Who by
invitation and received many nominations and
awards from big names in the IT industry.
October 13, 2012
CYB ERCRIME CH ALLEN GES IN T HE MIDDLE EAST
6. Evolve and adapt in SCADA, DCS and ICS security
www.cybersecurityme.com
“
f
a
23 - 26 March 2014
The Westin Abu Dhabi Golf Resort & Spa, Abu Dhabi, UAE
Celebrity speakers:
Bill Cheswick
Creator of the world’s first
network firewall & Author of
“Firewalls and Internet Security:
Repelling the Wily Hacker”
Benefits of attending:
Don Codling, Former Cyber
Security Unit Chief, FBI,
United States
VIP Keynote speakers:
Dr. Jamal Mohamed Al Hosani
Official Spokesman & Director
ICT, National Emergency Crisis
& Disaster Management
Authority, UAE
Exclusive presentations from:
Mohamed Al Sawafi, Head of IT Services, GASCO, UAE
Lt. Col. Faisal Mohamed Al
Shamari, Chief Information
Security Officer, Abu Dhabi
Police GHQ, UAE
Identify emerging cyber threats and e
Understand the need to protect critic
Determine best security practices for
Learn to protect real time systems fro
Know how to protect cloud computin
Tackle backdoor interface vulnerabilit
Understand cyber defence strategies
Interact and network with industry ex
companies, IT security solution provid
Associate sponsors: