08:30 – 09:00 Registration and welcome refreshments
09:00 – 09:05 Welcome address by Dr. Salim Sultan Al-Ruziqi, CEO, ITA
09:05 – 09:10 Opening remarks and speech by Ebrahim Al-Hadad, Director, ITU Arab Regional Office
09:10 – 09:15 Welcoming Address by the Summit’s Chairperson:
Marco Obiso, Cybersecurity Coordinator, International Telecommunication Union (ITU)
09:15 – 09:30 Opening address
Cyber defence and the GCC landscape
The opening address focuses on what the GCC is doing to develop its own security controls, in order to highlight the region’s vision for the future of IT in the Middle East.
Speaker:
Eng Badar Al-Salehi, Director Oman National CERT, Information Technology Authority (ITA)
09:30 – 10:45 Opening panel discussion
A global approach to a global threat – cyber security
This panel addresses cyber security as a worldwide challenge which can only be tackled effectively through cross-border and pan-regional collaboration.
Viewpoint one: Emerging threats in a global cyber landscape
As computer and network complexity of critical infrastructures grows exponentially, so do the number of potential vulnerabilities within them. This viewpoint elaborates on the emerging intricacies of new-age cyber-attacks.
Viewpoint two: Worldwide collaboration for effective cyber defence
Information sharing is key to effective cyber defence; cross-border and pan-regional information and intelligence exchange enables greater transparency and heightened threat awareness. This viewpoint considers viable strategies on information sharing and their benefits.
Viewpoint three: Fostering international cooperation on cyber security: A global response to a global challenge
Growing numbers of developed countries are beginning to appreciate the repercussions of global cyber warfare. Taking into account the recent attacks on critical infrastructures and the effect they have had on the world, this viewpoint addresses the fostering of international cooperation on a global level.
Panelists:
Eugene Kaspersky, Chief Executive Officer, Kaspersky Labs
Suleyman Anil, Head of Cyber Defence/Emerging Security Division Challenges, NATO HQ
Marco Obiso, Cybersecurity Coordinator, International Telecommunication Union (ITU)
Moderator:
Philip Victor, Director Policy and International Cooperation, IMPACT
10:45 – 11:00 VIPs exit
11:00 – 12:00 Panel discussion
The role of CERTs
With security providers and defence experts being challenged themselves, how is the role of CERTs changing?
Global: National cybersecurity strategy partnerships
Since we do not have a world government, we are as secure as the most insecure country. Thus, this session presents a holistic model for creating multi-sector national cybersecurity strategy partnerships.
Asia: Cyber Security Malaysia
As one of the leading cyber security authorities in Asia, Cyber Security Malaysia concentrates on the current regional developments and emerging threats in the region.
GCC: Qatar CERT
Qatar CERT has a wealth of experience in the GCC region when it comes to cyber defence, and this viewpoint assesses the cyber threats specific to the GCC and what it is doing to address them.
Panelists:
Dr Frederick Wamala, CISSP® Cybersecurity Advisor, UK
Lt Col (R) Husin Jazri, Chief Executive Officer, CyberSecurity Malaysia
Khalid Sadiq Al-Hashmi, Executive Director Cyber Security, ictQatar
Moderator:
Eng Badar Al-Salehi, Director Oman National CERT, Information Technology Authority (ITA)
12:00 – 13:00 Networking coffee break and one-to-one business meetings
13:00 – 14:00 Panel discussion
The need for total enterprise-wide approaches to cyber security that take into account the complexity of the attack and its target
How responsible collaboration and leadership accelerates economic growth
The global community is shaping the global cyber landscape to enable all stakeholders to establish a cyber-domain that is transparent, accessible, dynamic, and secure. Digital Convergence and the global ubiquitous use of the cyber domain demands unrestricted use for maximum mutual benefit through collaboration. Sound Policy, Strategy, and Governance decisions yield a global win-win situation for all cyber stakeholders. These decisions are improved by Cyber Defence Exercises.
Case Study: Cyber-Attacks on Critical Infrastructure
Describe the latest cyber-attacks and their many dimensions of damage to the systems and operations of a typical process facility in the Middle East. Demonstrate how cyber-security audits can be easily facilitated and result in greater network defense of SCADA networks with resulting better Public Private Partnerships with government. Demonstrate how the cyber eco-system integrates the four cyber functions – Anticipation, Awareness, Action, and After-Action.
Cyber Analytics, Product & Technology Evaluation, Network Defence Applied
Examples of successful Tools and Solutions will be discussed. The Cyber Operations Maturity Model and the Cyber Solutions Network Model enable the foundation for assessing and resolving gaps in organizational cyber-security capabilities. Multi-modal Access, Logic Based Access, Biometrics, Multifactor Identification, Advanced Persistent Threat, Public Key Infrastructure etc. are all key components needed successfully resolve cyber threats. It takes a network to defend a network.
Speakers:
Terry Thompson, Vice President, Booz Allen Hamilton
John Mauthe, Principal, Regional Manager, Booz Allen Hamilton
Tom Dlugolecki, Principal, Booz Allen Hamilton
Moderator:
Roger Cressey, Senior Vice President, Booz Allen Hamilton
14:00 – 15:00 Networking lunch
15:00 – 15:45 Panel discussion
Critical infrastructure threats
There are large groups of ruthless and aggressive individuals who are targeting the financial services, banking, oil and gas, water, electricity, telecoms and central government sector’s sensitive networks with greater sophistication. This panel discusses several of the specialised elements that need to be addressed when protecting such targets.
Sector: Banking/Financial services
What can the banking and financial services sector do to enable effective protective measures for their critical data?
Sector: Oil and gas
As the torch bearer of the GCC region’s economy, cyber security in the oil and gas sector is a highly justifiable cost. The catastrophic consequences of the BP oil spill are well known - the financial, environmental, and economical implications were widespread and have left a lasting impact. How is the oil and gas sector to be defended in order to ensure against another catastrophe?
Panelists:
Yousuf Al Harthy, Managing Director, InfoShield
Furqan Ahmed Hashmi, Network and Security Architect, Emirates Investment Authority
Moderator:
Martin McHugh, Technology Director MENA CIBWM and Retail UAE, Barclays
15:45 – 16:30 Panel discussion
Emerging regulatory challenges for critical national infrastructure protection
Undoubtedly there are a number of challenges associated with cyber defence regulation. When numerous stakeholders are involved, where does the responsibility lie?
Viewpoint one: Critical infrastructure protection needs to be taken into account in a larger, national cyber security agenda
Cyber security threats cannot be addressed on an ad hoc basis. Recognising that there is a need for a comprehensive and consistent plan, Microsoft is helping governments to define their cyber security agendas that need to encompass country’s threat landscape, IT environment, local market, the government’s own agenda and general technology trends. As an essential part of a successful cyber security agenda, this viewpoint addresses why the critical infrastructure protection, or the protection of all the sectors or industries that keep the country going, is not only about protecting the typical sectors like energy, water, telecommunications and transport but also about key vendors and suppliers.
Viewpoint two: Defining your critical infrastructures
In order to have sensible regulatory standards for cyber defence of critical infrastructures, each country has to first define their parameters. This viewpoint considers why vagueness in definition enables loopholes for an attack.
Viewpoint three: Regulatory challenges for critical infrastructures
Given the ever-evolving cyber threat and the new advanced attacks on critical infrastructures, this viewpoint studies why establishing a regulatory standard in the cyber world proves to be a challenge.
Panelists:
Cyril Voisin, Chief Cloud and Security Advisor, Microsoft Gulf
Ahmed Ali Al-Mukhaini, Vice Principal, SASLO Legal Training Centre
Biju Hameed, Chief Information Security Officer, Dubai Airports
Moderator:
Dorairaj Balasubramanian, Information Security Consultant, Petroleum Development Oman
16:30 – 17:30 Open business meetings and networking coffee break
17:30 End of day one
DAY 2
08:30 – 09:00 Registration and welcome refreshments
09:00 – 09:05 Chairperson’s welcome address:
Marco Obiso, Cybersecurity Coordinator, International Telecommunication Union (ITU)
09:05 – 09:40 Opening keynote
Staying ahead of the game
It is widely known that cyber criminals are normally one step ahead of the governments and authorities protecting their countries. This keynote addresses the adoption of intelligent and sophisticated discussion that focuses on prevention rather than cure, and how we can work together more effectively to stay one step ahead of the criminals.
Speaker:
Shawn Henry, Former Executive Assistant Director, Criminal, Cyber, Response, and Services Branch, Federal Bureau of Investigation (FBI)
09:40 – 10:25 Panel discussion
Evaluating the security threats and vulnerabilities of SCADA networks
SCADA networks are crucial to industrial critical infrastructure operation and thus need to be fully protected against cyber-attacks. No network is ever 100 per cent secure, but it is imperative for the region that SCADA networks are secure enough.
Viewpoint one: Stuxnet in-depth
Stuxnet, a highly intelligent and targeted computer worm, is now infamous for successfully penetrating networks yet remaining ‘inactive’ until it reached its target - an Iranian nuclear turbine. This viewpoint brings together the key experts involved with Stuxnet from its inception to its final target, to understand what can be done differently.
Viewpoint two: SCADA vulnerabilities
It is highly necessary to understand the vulnerabilities of SCADA networks and resolve them to prevent international attacks. This viewpoint evaluates SCADA vulnerabilities and addresses key areas of improvement to ensure high protection of the critical infrastructures of the Middle East.
Panelists:
Guy Meguer, General Manager Middle East, Cassidian
Michael Duren, Information Assurance Technical Director, Sypris Electronics
Moderator:
Shawn Henry, Former Executive Assistant Director, Criminal, Cyber, Response, and Services Branch, Federal Bureau of Investigation (FBI)
10:25 – 11:25 Networking break and one-to-one business meetings
11:25 – 12:10 Panel discussion
Detection and forensics
A study on the tools and services available to organisations proactively chasing security breach possibilities and, if an intrusion is detected, what organisations can do to track down the originator and take action.
Viewpoint one: Prevention
Every IT administrator is responsible for knowing the weaknesses of their networks. Neither field testing security nor trying to beat your own defences is now unacceptable. This viewpoint discusses the growing need for organisations to stress test their networks and understand their own weaknesses from within.
Viewpoint two: Detection
Sometimes it’s inevitable. The criminals gain access and you need to know what happened, what systems were accessed, and what was done. This viewpoint looks at the forensics and options available to find out what has happened and plan how to deal with it.
Viewpoint three: Response
There are many avenues of response. These include civil legal action, criminal action and aggressive protective measures against the offending party. Viewpoint three assesses the available options and how linking your ISP to your local business can help hinder such unauthorised activities.
Panelists:
Haitham Hilal Al Hajri, Digital Forensic Specialist, Oman National CERT
Joe Yeager, Director of Product Management, Lancope
Dr Ihab Ali, Vertical Solutions Practice – Technical Lead, DELL
Moderator:
Shawn Henry, Former Executive Assistant Director, Criminal, Cyber, Response, and Services Branch, Federal Bureau of Investigation (FBI)
12:10 – 12:55 Panel discussion
Security and cloud migration for the public sector
Across both the public and private sectors there is a noticeable drive to limit the use of costly and redundant IT infrastructure. Government organisations see the potential of cloud applications as a way of becoming operationally more cost effective - however the consequences of being hacked can be far more serious.
Viewpoint one: Public cloud for the public sector
When it comes to virtualisation, each critical infrastructure, government entity or business model has certain requirements for its operations which need to be custom-managed. Most importantly, each has to decide if a public cloud is a good fit for the public sector, and why?
Viewpoint two: How secure is the cloud?
In addition to the recent hype associated with the cloud, the natural question of security arises. Generally there is a lack of understanding in the region on what the cloud really is, and this viewpoint addresses how secure the cloud is to host critical national information infrastructures.
Viewpoint three: Lawful interception and digital espionage
Once the data is in the cloud, a number of people and organisations can potentially access it. Those working on a matter of ‘national security’ will be granted access to any data in the cloud; be it private or public. This viewpoint addresses the benefits of the cloud versus the obvious downfalls of numerous people being able to gain access to your critical information.
Panelists:
Mohamed Nayaz, Director IT Risk and Assurance, Ernst & Young
Alexander Zarovsky, Chief Business Development Officer, InfoWatch
Tamer Gamali, Chief Information Security Officer, National Bank of Kuwait
Moderator:
Martin McHugh, Technology Director MENA CIBWM and Retail UAE, Barclays
12:55 – 13:40 Panel discussion
Managing secure enterprise mobility
This discussion explores the opportunities and considerations of implementing secure mobile applications and programs across an enterprise.
Viewpoint one: Balancing data security and functionality in the mobile enterprise
Undoubtedly, one of the biggest threats to an organisation is its own people – so how can you provide mobility and ensure security simultaneously? This viewpoint addresses the importance of maintaining a balance between keeping business infrastructures secure and enabling enterprise mobility.
Viewpoint two: Application vulnerabilities within the enterprise
With the emerging number of business and enterprise applications which simplify a number of tasks, the number of opportunities for a potential attack increase exponentially. Viewpoint two evaluates application vulnerabilities within the enterprise and how potential loop-holes in security can be tackled.
Panelists:
Maitham Al Lawati, Head of Information Security, Oman Arab Bank
Robert Forster, Managing Member, Edgemount Solutions
Moderator:
Martin McHugh, Technology Director, MENA CIBWM and Retail UAE, Barclays
13:40 – 13:45 Chairman’s closing remarks
13:45 – 14:45 Networking lunch
14:45 – 15:45 Open business meetings
15:45 End of summit