cybersecurity Listen to this page using ReadSpeaker

facebook twitter linkedin mail share
Go

Cybersecurity Framework in Bahrain

The digital revolution and emerging technologies have forced many organizations, including the public sector, to re-think about the service delivery and customer experience. Digital transformation has re-shaped many services and introduced new channels. However, such developments will not come without any risk or cost.

Therefore, Cyber Security is a fundamental pillar of the national ICT framework in the Kingdom of Bahrain. The Kingdom has a well-defined national cybersecurity framework governed by the General Directorate of Anti-Corruption and Economic and Electronic Security at the Ministry of Interior (MOI) for the cybersecurity in different sectors such as energy, finance, education, health, and other sectors. On the other hand, Information & eGovernment Authority focuses on the cybersecurity of the government sector and protecting the government data network through implementing the most advanced technologies in the market, ensuring the quality of information security of all government organizations, conducting several awareness programs and workshops as well as providing instant support and response services for government organizations.

The Kingdom of Bahrain has achieved a “Mature Stage” of Cyber Security readiness as per the assessment of the International Telecommunications Union’s (ITU) published by Global Cyber Security Index 2018. Bahrain’s Telecommunications Regulatory Authority (TRA) has implemented several initiatives in order to address the gaps in cybersecurity readiness in the telecommunications and harmonized efforts between local and global best practices. TRA has published Critical Telecommunications Infrastructure Risk Management regulation which has played a vital role in improving Bahrain’s cybersecurity Index.

TRA further aims to continually implement initiatives to achieve further public-private collaborations to ensure that the sector is adequately prepared to counter the rising cyber threats to the availability and security of the telecommunication and digital services which are critical towards achieving a robust digital economy.  

The National Cybersecurity Strategy

The Kingdom of Bahrain is transforming into a digitalized economy that creates new dependencies. The government, organizations, and the delivery of essential services rely heavily on the integrity of cyberspace, infrastructure, systems, and data that underpin it. A loss of confidence in the integrity endangers the benefits of the technological revolution. The hardware and software developed to facilitate the interconnected digital environment lack security protection from inception. Malicious actors – hackers, organized criminals, and possibly foreign governments can exploit this gap. Thus, a comprehensive national strategy is required to address the current and rising cyber-threats as well as reduce the associated risks.

In order to address the current cyber-threats and the rising cyber-risks, the National Cybersecurity Strategy is a commitment to protect the Kingdom’s interests in cyberspace. Furthermore, the strategy outlines the nation’s vision for Cybersecurity and identifies the objectives towards its execution. It is identified by the key principles of leadership, shared responsibility and ethical values; and influenced by mandates, other national strategies, and international best practices. Overall, the strategy abides by the rules that maintain the rights and values of individuals.

Information security is an urgent requirement to face the increase in cybercrime worldwide resulted from electronic development and an increase in the use of IT. Kingdom of Bahrain is one of the pioneering countries in developing IT infrastructure; that raises expectations to cyber threats. Therefore, the government has taken the necessary procedures to address these risks in order to improve the readiness and information security in government entities and Bahrain in general.

The Information & eGovernment Authority (iGA) launched a number of programs and initiatives related to information security. Mainly, the security awareness program to government employees launched in 2016 to increase the awareness of the importance of protecting the information, prepare different devices as well as systems with the required security and securely use the technology. The iGA organizes weekly interactive training courses offered by a qualified team from the General Directorate of Information Security & Radio Communication. The program includes theoretical, practical, and discussion sessions that are designed to suit all specialities and functional levels of Bahrain government employees as they speak in a unified and simplified language. 

Vision:

Establishing a secure cyber-space to safeguard national interests and protect the Kingdom of Bahrain against cyber-threats to reduce risks.

 

Objectives:

Safeguard Critical National Infrastructure (CNI): 

Protect organizations that provide essential services to the nation such as oil, electricity and water, governmental, and financial services.

Respond decisively to cyber-threats: 

Establish a holistic approach to incidents that face both the public and the private sectors.

Establish a legislative and regulatory framework: 

Develop a cyber-law that follows the international standards on combating cyber-criminals.

Develop a vibrant, Cybersecurity ecosystem: 

Ensure a sustainable source of expertise and solutions to support plans for resilient infrastructure and safer cyberspace.

Create a safer cyber-space: 

Retain citizens trust in online public systems, thus encourage public use of online services.

International cooperation: 

Forge international collaboration to counter cyber-threats, adapt capacity building initiatives, and facilitate exchanges on cyber-laws and regulations.

Establishing a National Cybersecurity Committee

Committee Responsibilities

  • Provide a governmental structure for collaboratively addressing Cybersecurity at the highest level of the government.
  • Monitoring and coordinating the implementation of the National Cybersecurity Strategy.
  • Coordinating and developing awareness policies, risk assessments, and administrative efforts to address them.
  • Lead activities associated with developing and managing national Cybersecurity efforts.
  • Ensuring all public and private sector entities and stakeholders are adopting the right cyber-agenda.
  • Preparing annual reports on the status of the National Cybersecurity Strategy as well as following-up and providing feedback for further development.

SafeSurf Bahrain

 

It is an initiative by Bahrain’s The Telecommunications Regulatory Authority dedicated to empowering the citizens and residents of Bahrain and their families with knowledge and information for a safer cyber environment.

The SafeSurf website https://safesurf.bh/ has been launched with families in mind, putting them 'one click away' from helpful resources to help safeguard every family in Bahrain.

Bahrain, with its Cloud First Policy, is committed to accelerating the transition onto the cloud. This presents a new set of opportunities in cybersecurity for computer security companies offering products that secure cloud-based software and infrastructure.

Personal data protection

In-line to the Kingdoms efforts towards regulating and organizing the Cyber Security framework in Bahrain, the government has issued several laws and legislation related to Cyber Security and Personal Data Protection:

Projects and Programs

Cyber Trust Program

Trust program is competitive in its nature and aims towards raising the level of Information Security through governance and supporting the technical aspects to achieve regional and global leadership and the sustainability of a reliable governmental electronic environment for government agencies. It is currently optional and contains levels. The program consists of 3 maturity levels: Basic level, Advance level and Excellence level with a set of criteria required for each level to be completely achieved and moved on to the next maturity level.

For more information about the program, you could contact cybertrust@iga.gov.bh.

 

Cyber Hawks

The "Cyber Hawks" is an initiative that gathers a group of cybersecurity specialists from various governmental entities in Bahrain; aiming continuous communication and cooperation on cybersecurity issues and to discover & mitigate any cybersecurity threats.

 

Threat Advisory Service

Threat advisory is a document delivered by the Bahrain Government CERT team to provide customers with details about new malware and threats with recommendations. The document is supported with infographics to clarify and summarize threat details.

  • More than 150 Advisories have been sent.
  • Approximately 200 subscribers in the service from different sectors.
  • On the beginning of 2019, ATT&CK Matrix has been added to threat advisory (ATT&CK Matrices is a global matrix provides a knowledge base of adversary tactics and techniques based on real-world observations).

 

The Security Level Assessment of eGovernment Services & Websites

In this project, all the eGovernment websites are scanned with various security checking tools and programs. This helps raise the level of information security for these websites, maintain their confidentiality, and protect them from hacking.

The projects aim to manage information security risks to mitigate the impact of security threats and identify security vulnerabilities that may pose threats to user information and fix security breaches to alleviate risks.


Page Last Updated: 01 Aug, 2019