MoTC Announces Version 3 of National Information Assurance Policy

31 October 2019, Doha-Qatar: The Ministry of Transport and Communications (MoTC) today announced key updates to the National Information Assurance Policy. The new version, which will be launched soon, contains three critical updates including: National Information Assurance Standard (NIAS), Cloud Security Standard and Industrial Control Systems Security Standard.

The announcement was made today at the sidelines of the Qatar IT Conference and Exhibition (QITCOM 2019), which runs until Nov. 1 at QNCC under the theme “Safe Smart Cities.”

To secure against global technology threats, Q-CERT (Qatar Computer Emergency Response Team) driving the cybersecurity sector, has been continually developing and updating the National Information Assurance Policy with a specific focus on industries of hospitality, education, energy and aviation among others, that are known to be more vulnerable to technology threats.

The NIAP will serve as a central document, catering to the whole spectrum of ICT users and providers including small, medium and large enterprises, and government & non-government entities. It acts as an umbrella framework for defining and guiding actions related to the security of the information infrastructure. The policy will provide an overview of what it takes to effectively protect information, information systems and networks and gives an insight into the government’s strategy for protecting cyberspace in the State of Qatar. The NIAP will apply to all industries and can be implemented by any organization. It is based on the concept of Information Asset classification and is inspired by the Three-level IT Baseline Security System ISKE developed by Estonia, which in turn has been adopted from the IT Baseline Protection Manual developed by BSI, Germany.

On this occasion, Mr. Eng. Khalid Al Hashmi, Assistant Undersecretary for Cyber Security Sector, MoTC, said, “Since the launch of the first version of the NIAP in 2009, we have been regularly updating the policy to ensure market relevance. Our primary objective is to improve the cyber security posture of Qatar and help organizations mature their cyber security processes. We drive this through a holistic program that includes developing robust and pragmatic policies and standards, capacity and capability building and ensuring compliance through certification. We ensure that our policy documents are updated regularly and are current.”

Some of the other initiatives taken by Qatar’s Cybersecurity Sector include frequent interaction with stakeholders and the Information Risk Expert Committee (IRECs) and conducting STAR-6, the annual National Cyber Drill. Starting in 2013, cyber drills have been conducted to simulate cyberattacks to determine companies’ level of preparedness and response to breaches and other IT security risks. There are two primary exercises conducted: A process exercise and a technical exercise to help organizations test, verify and improve processes, technologies and skills. At least 95 institutions participated in the STAR-6 exercises conducted in 2018. The 7th edition of the National Cyber Drill (STAR-7) is scheduled for December 2019 and envisions a higher rate of participation.

Since its inception, QITCOM has been responsible for bringing together investors, global digital experts and end-users to understand, envision and build Qatar’s digital future. QITCOM 2019 aims to attract 30,000 visitors, sign MoUs, enter strategic sponsorships and showcase many smart solutions to power Qatar’s digital transformation. This year’s event will further contribute towards creating connections across the Smart Cities ecosystem at a national, regional and global level.