I recently had the opportunity to speak at the 2016 International Cybersecurity Conference in Riyadh, Saudi Arabia, attended by over 500 global cybersecurity leaders. The purpose of the event was to bring the National Critical Infrastructure (NCI) companies from around the country together with other worldwide leaders to celebrate the opening of the National Cyber Security Center (NCSC) and learn about cybersecurity issues in the Kingdom of Saudi Arabia. The Saudi NCSC is similar in mission to the United States’ Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) of being the cyber information sharing aggregator and distributor for the entire country. I wanted to share some of the key takeaways that are applicable beyond the event.
- Global security cooperation to support digital transformation
Like most countries today, Saudi Arabia is a nation in the midst of a profound cybersecurity transformation, especially within their national critical infrastructures, such as electricity and water supplies. The security perimeter continues to expand with the evolution of cloud technologies. New regulations and an increasingly dynamic threat environment globally require new levels of threat intelligence and cooperation between the government and private sectors.
- Shortage of cybersecurity workforce
Workforce development and retention is a challenge in Saudi Arabia just like in the rest of the world, with both private companies and the government competing for top cybersecurity talent. Developing sources of education and training while at the same time identifying, cultivating and retaining good talent is a high priority to keep up with advanced attackers.
- Challenges in securing global supply chains
The software supply chain is a growing global challenge, but the need is even higher for those companies providing critical infrastructure services to the citizens of a nation. Electricity, water, telecommunications and finance are dependent upon technology now more than ever before. Understanding the complete provenance of hardware and software and supply chain risk management is of critical importance to Saudi Arabia.
- Critical infrastructure ecosystem dependency
Most critical infrastructure companies are dependent, in some way, shape, or form, upon other critical infrastructure companies. Understanding the relationships between those inter-dependencies is crucial when public services to the citizens of a nation are at risk. Exploring those relationships and how companies could work together to share cybersecurity threat and vulnerability information to their mutual benefit requires focus and dedication and has massive longterm benefits.
It’s refreshing to see professionals from around the world come together in a forum like the International Cybersecurity Conference to establish dialogue and relationships between government and private companies. I saw first-hand examples of world-class companies operating world-class IT and ICS infrastructures while facing the same technical and cybersecurity challenges as the rest of the world. This kind of collaboration is the catalyst for more effective security across the globe.