The rise and subsequent ubiquity of digital devices is perhaps the most significant shift in the daily lifestyles of individuals for the past two decades.
Whether working behind a desktop computer, typing on a mobile device, or consuming entertainment from a laptop or tablet device, citizens and society around the world have benefited greatly from today's connected world.
Yet such progress invariably comes at a cost, as incidents, breaches, and attacks regularly thrust cyber security into the limelight, and prompt governments and civilians to become vigilant in the face of what is a global threat. Considered one of the most connected countries in the world, Qatar uses computing and networking technologies to multiply the nation's capabilities and goal of transitioning toward a knowledge-based economy.
At Qatar Computing Research Institute (QCRI), a research entity under Hamad bin Khalifa University, a member of Qatar Foundation, cyber security forms a key research group. With an objective to become a center of excellence in the application of real-time data analytics for the detection of cyber attacks, and to anticipate and ultimately defeat cyber attacks on Qatar’s cyber infrastructure, QCRI addresses what has been dubbed one of the nation’s ‘Grand Challenges’, as per the Qatar National Research Strategy of 2012.
In late 2015, the research entity published the second edition of its annually recurring report on cyber security, titled 'QCRI Emerging Cyber Threats 2015 Report'. The report discusses the unique facets of current cyber threats, with the hope of providing a basis from which Qatar can foster an open dialogue on the outlined issues.
“QCRI has been a proponent of cyber security information exchange since we began our cyber security activity and took the lead to publish these yearly emerging threat reports as a first step toward sharing and disseminating threat information,” said Dr Ahmed Elmagarmid, Executive Director, QCRI.
The report outlines QCRI’s on-going cyber security efforts, and identifies four threats: ‘Lack of visibility into threats and attacks hinders cybersecurity planning and operations’, ‘Attackers increasingly target critical infrastructure and the supply chain’, ‘Malware and actors grow more sophisticated with an increasing diversity of goals’, and ‘Adoption of connected technology increases economic opportunities, but poses privacy risks’.
Lack of visibility into threats
The first threat of QCRI's report focuses on what is deemed a ‘lack of visibility’ into threats, advocating the sharing of data on attacks among critical sectors.
“I believe that the society and organizations of Qatar are as informed and aware of cyber threats and dangers as anywhere else in the developed world,” stated Dr Dimitrios Serpanos, Principal Scientist, Cyber Security, QCRI. “That does not mean we are where we need to be. However, I believe that the government and the major organizations are well aware of the threats that exist.”
In this regard, QCRI is investigating ways to mine extremely large sets of network data using a variety of analysis techniques to find indicators of likely attacks. Such Big Data initiatives are a key focus of QCRI’s scope.
“Smart cities, an important part of Qatar’s growth plan, employ technologies that store and process huge amounts of data, including sensitive data that needs to be managed appropriately, to avoid violation of people’s privacy,” said Dr Hosein Badran, Special Projects, QCRI.
“QCRI has been active in policy-based data processing technologies for a long time and includes privacy in all its projects that address problems related to sensitive information, such as data mining, data analytics, and social computing.”
Attacks on critical infrastructure
The question of whether Qatar’s cyber security measures need to, or can, expand and grow with the same pace as its most critical sectors of industry, is raised in the second threat detailed in the report, which outlines the risk of attempts to target critical infrastructure systems of Qatar and businesses that supply technology and services. On this matter, Dr Serpanos of QCRI believes Qatar has made great strides.
“Cyber security is not just a technology, it's a process that is continuously evolving because there is always new technology and services that are being provided,” he said.
“Since technology constantly evolves, there is no point at which it is a problem that could be completely resolved. In the critical infrastructure sector, however, Qatar is in a very good state because it has had the opportunity to integrate modern technology in its processes.”
Within this area, collaboration between QCRI and the Computer Science and Artificial Intelligence Laboratory (CSAIL) at Massachusetts Institute of Technology (MIT) is driving detection technology advances designed to identify when critical infrastructure misbehaves. Both entities have built systems that include models of correct process behavior, which then warn of deviation from correct behavior. One such system, dubbed 'ARMET', detects events that indicate an attack, diagnoses the problem, and decides the most appropriate actions to contain its effects.
The issue of sophisticated malware forms the basis of the third threat recognized by QCRI, and addresses how social engineering has become a method of cybercriminals to compromise the machines and devices of their attackers.
While local media such as discs and USB memory sticks had represented infections in the past, more targeted types of malware have emerged that incorporate simple and sophisticated techniques, from fake e-mail messages to infecting specific visitors of legitimate websites.
“Infections from the internet have been massively increasing over the past year,” explained Ghareeb Saad Muhammad, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab, an IT security solutions provider that contributed to the report. “The shift has resulted in new, more targeted types of malware becoming popular – banking trojans, spyware, keyloggers, and adware.”
In order to test suspicious files for malware, QCRI is currently building a system that will be an open exchange and analysis platform, with the intention to partner with local internet providers to gain greater awareness of and insight into such attacks.
“It is important to have that capability, that expertise in-house,” said Dr Marc Dacier, Principal Scientist at QCRI. “We want to try to understand who is attacking us, and by building a platform that companies can use, we can share the intelligence with others.”
Adoption of connected technology
The final threat outlined by QCRI relates to the rapid adoption of devices and technologies in Qatar that connect to the internet. Though adoption increases economic opportunities, privacy will become an increasingly important issue for citizens.
“We need to ask what impact will these devices have – the good and bad – on the traditional way of life,” said Dr Jaideep Srivastava, Research Director, Social Computing, QCRI. “How this will play out is very much in the open. It is happening very fast.”
Yet in the words of Dr Serpanos of QCRI, such security concerns are the inevitable result of living in today’s increasingly connected world. Through QCRI’s report and its exhaustive efforts, cyber security in Qatar is sure to remain an issue of huge importance and area upon which vigilance and awareness – be it from governments, organizations, or individuals – is of the utmost importance.
“Cybercrime is crime,” he said. “You will never fully get rid of it because of the human element. People will always have their own way of thinking and acting, and crime is a part of human nature.
“In the case of cybercrime, we must all adopt the same approaches and vigilance as we do toward regular crime.
“We can educate people, so that they are compliant with the law and aware of cyber security dangers, and at QCRI we can use our technology and research to lessen the risk for all concerned.”