Qatar hosts the FIFA World Cup this year – the first time the event has been staged in the Arab world. Cyber security experts in the country predict that ticketing, hotel bookings and restaurant reservations will be faked by hackers to capture personal data from people travelling to Qatar. Also, phishing and social engineering will be used to steal personal and financial information from anyone using the internet to get information about the tournament.
“If there is anything we have learned about cyber crime from past encounters, it would be that it thrives around major global events,” said Mohammad Al-Kayed, director of cyber defence at Black Mountain Cybersecurity. “Both viewers and attendees are advised to keep their guard up for cyber threats in the form of online scams and malicious emails promoting the sales of tickets and sporting goods. The biggest threat of all is piracy of ongoing football matches through online platforms.”
On 25 March, Interpol gathered a group of global cyber security experts together in Qatar to analyse threats ahead of the World Cup. The meeting was part of Project Stadia, which was established by Interpol in 2012 and funded by Qatar. Although special emphasis is placed on the 2022 World Cup, the project aims to contribute to security arrangements for any major sports event.
Qatar has partnered with several countries to provide physical security for the World Cup, including Turkey, France and the UK. Turkey will send 3,000 riot police, France will send four airborne warning and control systems to track airborne threats, including drones, and the UK will providing maritime security support and counter-terror policing.
But surprisingly, the biggest announcement so far about helping Qatar with cyber security comes from Morocco, which will send a team of cyber security experts to Qatar as part of the two countries’ efforts to expand cooperation in security. Could it be that Qatar thinks it has enough home-grown expertise in cyber security not to call on help from more powerful countries?
Al-Kayed told Computer Weekly: “The Supreme Committee for Delivery and Legacy has already issued a cyber security framework ahead of the World Cup preparations to set the required benchmark for all parties involved in the [tournament] implementation. At its core, the framework identifies the cyber security requirements to protect national critical infrastructure supporting the FIFA World Cup.”
Long history of cyber security in Qatar
Cyber security has been a concern in Qatar for at least two decades now. One of the groups that has been instrumental in securing the country’s information infrastructure is the Qatar Computer Emergency Response Team (Q-Cert), which was set up in 2005 by the Qatar Ministry of Transport and Communications (MOTC) in partnership with the Carnegie Mellon’s Software Engineering Institute (Cert Coordination Centre).
Q-Cert has launched several projects recently. One is to develop a fully automated threat monitoring system to collect security-related data and perform preliminary analysis on that information. Data will be collected from distributed sensors and mechanisms, such as spamtraps.
The team is also building a threat intelligence centre to collect and analyse security-related events, alerts and threats on the government network. The threat intelligence centre will use output from the threat monitoring system, along with security-related logs from firewalls, routers and proxies to spot threats to the government network.
Another Q-Cert project is to build a malware analysis lab to analyse malicious software gathered from other projects. The lab will also be used to help investigate cyber crimes by discovering the digital footsteps of suspected criminals.
A fourth Q-Cert project involves botnet eradication, which aims to reduce the risk of theft of sensitive government, corporate or individual information. This will be done by identifying compromised systems and preventing future incidents and data leakage.
Qatar has also set up governmental organisations to combat cyber crime. In 2013, it established the National Cyber Security Committee to address cyber security at national level – and, help from the ministry of information and communications technology, wrote the country’s National Cyber Security Strategy.
The strategy specifically calls on businesses to share the responsibility for information security. It also aims to encourage the development of a local ecosystem of experts and technology providers.
In March 2021, Qatar established the National Cybersecurity Agency, which, as of May 2022, has trained 25,000 employees in different aspects of information security. Mohamed Ahmed Al-Ansari, the agency’s director of public relations and communication, recently expressed the organisation’s interest in enhancing cyber security through partnerships with major global organisations, including Microsoft, Huawei and the German Institute.
Encouraging private solution providers
Not only is the Qatari government interested in working with major global players, but it is also encouraging the development of local expertise and a home-grown ecosystem of startups, as is called for in the National Cyber Security Strategy.
“Qatar has led several national initiatives aimed at bolstering local cyber security talents,” said Al-Kayed. “Today, most Qatari universities provide educational courses and programmes on cyber security – some even for free. Also, Qatar University has been collaborating with international companies, such as Thales, to bring real-world experience to young Qatari professionals. And just last month, the training organisation SANS held an extensive training programme for Qatari cyber security professionals.”
Professional networking events are held regularly in Qatar, including the World Cyber Security Summit, an annual event targeting CISOs across industry sectors from Qatar. The summit helps security professionals share best practices and includes experts from outside the country.
As for local startups and the local offices of global firms, perhaps the most encouraging aspect of doing business in Qatar is the market predictions, which suggest the market for security services in Qatar is the fastest-growing in the region. According to Tasmu Digital Valley, the size of the Qatari cyber security market will total more than $1bn in 2022 and is expected to grow by 12.7% annually to reach $1.64bn in 2026.