Catalyzing Cyber: Stimulating Cybersecurity Market through Ecosystem Development

Felix A. Barrio Juárez

The European Union’s Next Generation Action public policy aims to stimulate economic recovery through increased investment in research and development (R&D). This policy recognizes that investment in R&D is crucial for post-COVID economic recovery, specifically in the area of digital transformation.

In Spain, one in three euros invested through the Next Generation Action programme is allocated to digital transformation. This highlights the recognition of the importance of digital transformation for economic growth and recovery. Furthermore, Spain has spent over 224 million euros on R&D for small and medium enterprises (SMEs), supporting their role as a successful strategy for market catalysation.

The digital transformation and cybersecurity sector’s contribution to Spain’s economic growth has risen from 12% to 22% in just three years. This demonstrates the significant impact that digital transformation and cybersecurity have on Spain’s national economic growth.

Cybersecurity is not only essential for economic growth but also plays a crucial role in national technological sovereignty. It allows for independence in terms of national technology and ensures the protection of critical infrastructure and sensitive data.

However, there are concerns about standards becoming barriers for smaller businesses and new entrants in the digital market. The establishment of strict standards may put small companies at a disadvantage and limit the entry of new players into the market. It is essential to strike a balance between setting standards and allowing for the participation of new entrants to foster innovation and competition.

Building cybersecurity capabilities is a top priority, and there is a call for the private sector to step up in this field. Felix emphasizes the importance of prioritising the development of cybersecurity capabilities and highlights the need for private initiative in building these capabilities.

Additionally, public services have a role to play in empowering vulnerable sectors, such as consumers, to be part of the cybersecurity solution. By focusing on the more vulnerable sectors and involving the public in cybersecurity efforts, Felix believes that public services can contribute to promoting peace, justice, and strong institutions.

In conclusion, the European Union’s Next Generation Action public policy recognises the importance of investment in R&D for economic recovery, particularly in digital transformation. Spain is investing significantly in digital transformation and supporting the growth of SMEs through R&D funding. The digital transformation and cybersecurity sector are playing an increasingly important role in Spain’s economic growth. However, there are concerns about standards becoming barriers for smaller businesses and new entrants. Building cybersecurity capabilities and empowering the public are crucial aspects of addressing these challenges.

Ir. Dr. Megat Zuhairy bin Megat

In 2020, Malaysia established a cybersecurity strategy with a five-year plan to create a secure, trusted, and resilient cyberspace. The strategy is built upon five pillars: effective governance and management, legislative strengthening and enforcement, innovation R&D, capacity and capability building, and global collaboration. It aligns with the Malaysia Digital Economy Blueprint and the IR 4.0 policy, supporting the nation’s goals of industry, innovation, and infrastructure.

One argument in favor of Malaysia’s cybersecurity strategy is that it supports other nations’ strategies and policies, highlighting the importance of partnerships and collaboration in addressing cyber threats. The strategy also aims to build a strong cybersecurity workforce by promoting it as a career choice among students and collaborating with industry and academic institutions.

However, there is a concern that an excessive focus on standards might impede innovation. While standards are crucial for efficiency and consistency, too much emphasis on them could limit the rate of innovation. Striking the right balance between standards and innovation is essential for an environment that fosters both safety and technological advancement.

In conclusion, Malaysia’s cybersecurity strategy, with its five pillars and alignment with national strategies, reflects the country’s commitment to a secure cyberspace. By focusing on education, industry collaboration, and capacity building, Malaysia aims to effectively tackle cyber threats and build a robust cybersecurity workforce. It is crucial to maintain a balance between adhering to standards and promoting innovation to ensure continued growth in the sector.

Eng. Walid A. Abukhaled

The importance of cybersecurity is highlighted in the provided data, with it being described as a top priority. There is a consensus among the arguments that cybersecurity is of utmost importance and should be taken seriously by organizations and nations alike. Daily cyber attacks targeting strategic companies and assets are a major concern, indicating the widespread risk posed by cyber threats. It is emphasized that no organization is immune from these attacks, with a cautionary message to those who believe it cannot happen to them.

SAMI, a defence system, recognizes the significance of cybersecurity and takes it seriously. It is stated that SAMI develops state-of-the-art technology to ensure independence and incorporates cybersecurity into its day-to-day business operations. This indicates a proactive approach to maintaining a robust cybersecurity strategy.

Furthermore, the argument is made that education on cybersecurity is crucial. It is stated that education is the number one issue, and the role of cybersecurity in educating people is tremendous. This underscores the need for raising awareness and ensuring that individuals are equipped with the necessary knowledge and skills to protect themselves and their organizations from cyber threats.

The data also highlights the vulnerability of Saudi Arabia to cyber attacks. It is mentioned that Saudi Arabia was previously one of the most targeted countries. This demonstrates the need for a robust cybersecurity infrastructure and strategies to protect national assets and interests.

Another noteworthy argument is the creation of a regional or global command and control centre for cybersecurity. The data suggests that establishing such a centre would facilitate the identification, sharing, and prevention of cyber threats. It is also mentioned that this centre would serve as a platform for sharing best practices and regulatory reforms, contributing to the development of future cybersecurity leaders.

The relationship between foreign investments and the safety and security of a nation is brought up as well. The argument posits that there is a direct link between safety, security, and prosperity, emphasising the importance of protecting strategic assets and investments for the future economy.

The role of small and medium enterprises (SMEs) in supporting larger organizations and fostering innovation in the cybersecurity industry is recognised. It is highlighted that SMEs play a crucial role and can bring new and innovative ideas to the table. To support SMEs, the suggestion is made that regulations should be in place to allocate a certain percentage of contracts from large companies to support them. This would create a more level playing field and encourage the growth of SMEs in the cybersecurity sector.

The value of human capital is emphasised, with Vision 2030 in Saudi Arabia prioritising investment in human capital. This indicates recognition of the importance of developing and nurturing talent in the cybersecurity field.

Furthermore, the issue of salary inflation in the cybersecurity industry is raised. It is mentioned that cybersecurity specialists with four years of experience are demanding CEO-level salaries. This suggests a growing concern regarding the escalation of salaries in the industry.

Trust is identified as an integral component of the cybersecurity industry. The data highlights the need for a regulatory framework to earn trust and address issues such as data breaches, loss of personal information, and concerns about privacy infringements through apps.

Lastly, the data points out the benefits of global cooperation in cybersecurity. It is mentioned that the Global Cybersecurity Forum provides an opportunity to learn from global mindsets, indicating the value of knowledge exchange and collaboration in addressing the challenges of cybersecurity.

In conclusion, the extended summary highlights the importance of cybersecurity as a top priority, the need for increased security in the face of daily cyber attacks, and the recognition of cybersecurity by organizations and nations alike. It emphasizes the crucial role of education, the vulnerability of Saudi Arabia to cyber attacks, and the potential benefits of establishing a regional or global command centre for cybersecurity. The relationship between foreign investments and the safety and security of a nation is underscored, along with the support needed for SMEs and the value of human capital in the cybersecurity industry. The concerns of salary inflation and the importance of trust and global cooperation are also addressed. Overall, the data presents a comprehensive overview of the various aspects of cybersecurity and its significance in today’s world.

H.E. Eng. Abdulrahman Ali Al-Malki

Cybersecurity plays a vital role in safeguarding assets and systems, although it can be costly. The protection of these valuable assets necessitates a significant budget allocation. Moreover, constant losses after cyber attacks can be mitigated through proper financial investment in cybersecurity. This perspective highlights the importance of cybersecurity measures despite the associated expenses.

A substantial cybersecurity budget not only ensures the protection of assets but also has the potential to attract global solutions and foreign companies. Nations with significant investments in cybersecurity have been successful in enticing international solutions. Additionally, a strong cybersecurity infrastructure instills confidence in foreign companies, thereby encouraging their investment. This stance emphasizes the positive outcomes of allocating a high budget to cybersecurity.

Furthermore, it is crucial to provide support and cooperation to Saudi Arabia’s Cooperation Council in their leadership role in cybersecurity. Expressing support for their efforts signifies the importance of collaboration in creating effective cybersecurity measures. This cooperative approach fosters positive outcomes in achieving cybersecurity goals.

In Qatar, a comprehensive plan has been implemented to ensure sovereign security at a national level, particularly in relation to the World Cup. This comprehensive plan encompasses a national security framework that extends across all institutions, ministries, and select private sector companies. Vigilant monitoring of the framework’s implementation on a daily basis ensures the highest level of security. Implementing such a plan demonstrates Qatar’s commitment to national security.

During the World Cup, Qatar actively cooperated with international partners, receiving support from teams of other countries. This collaborative approach involved sharing problems and challenges with friendly nations and receiving analyzed data on security threats. This exchange of information and support during the World Cup helped strengthen Qatar’s security measures.

Even after the World Cup, Qatar continues to maintain relationships with the countries they cooperated with. Ongoing sharing and receiving of data on sovereign security exemplify Qatar’s commitment to sustaining these relationships. This enduring partnership remains essential in safeguarding national security.

Building capabilities and licensing workers in the field of cybersecurity is a priority in Qatar. The country has studied two directions in this realm, focusing on enhancing cybersecurity skills and knowledge, as well as licensing workers. These efforts span across different levels, including companies, organizations, as well as individual workers and engineers. By prioritizing these actions, Qatar aims to develop a workforce proficient in cybersecurity.

Identifying and managing risks within the supply chain is critical for maintaining uninterrupted services. Even the smallest entity within the supply chain has the potential to cause complete failure of the service. Neglecting to thoroughly study and address supply chain risks can lead to significant problems. This highlights the necessity of recognizing and effectively managing risks within the supply chain.

In conclusion, cybersecurity is indispensable for protecting assets and systems, despite its associated expenses. A high cybersecurity budget attracts global solutions and foreign companies, promoting economic growth. Supporting Saudi Arabia’s Cooperation Council in their cybersecurity efforts is crucial for collaborative and effective measures. Qatar has implemented a comprehensive national security plan, ensuring sovereign security at a national level. The country actively cooperated with international partners during the World Cup and continues to maintain relationships with these countries. Additionally, building capabilities and licensing workers in the field of cybersecurity is a priority for Qatar. Identifying and managing risks in the supply chain is critical to avoid service failures. These insights shed light on the importance of cybersecurity and collaborative efforts in maintaining security and economic growth.

Moderator

Summary:

Cybersecurity plays a critical role in protecting strategic companies and assets from daily attacks. Saudi Arabian Military Industries (SAMI) is developing its defense system with a commercial mindset, ensuring cyber resilience and extreme protection. Education is crucial in mitigating cybersecurity risks, as people often underestimate the likelihood of being targeted. Clear regulations and policies are necessary to provide a framework for effective cybersecurity. International cooperation and collaboration are key to combating cyber threats, with suggestions for the establishment of regional/global command centers and sharing of threat intelligence. Consumer protection, support for SMEs, and finding a balance between standards and innovation are important considerations. Qatar has a comprehensive plan for sovereign security, while international collaborations during events like the World Cup demonstrate the importance of working together. Building trust, capacity, and capability in the cybersecurity field are also emphasized.

Moderator:
Catalysing cyber Stimulating cyber security market through ecosystem development Engineer Waleed Abu Khalid Chief Executive Officer, Saudi Arabian Military Industries, SAMI Dr. Miqat Zuhairi bin Miqat Chief Executive, National Cyber Security Agency, Malaysia Felix Barrio Juarez, Director General, Spanish National Cyber Security Institute His Excellency Engineer Abdurrahman Al Malki, National Cyber Security Agency, Qatar John Defterios, Moderator, Former CNN, Emerging Markets, Editor and Anchor Okay, thank you very much. It’s great to be back for this session called Catalysing Cyber. So we’re opening session today, we looked at like the five key pillars that the GCF is looking at in 2023, and some of the companies here in Saudi Arabia, which are supporting those different pillars. But what does that mean in practice? And this panel, we have specialists from government that actually run their cyber security authorities, and how they interact with, for example, the finance ministry, the economy, ministry, the Ministry of Defense, we have the Saudi industry of military industries here, which is excellent to show an example of how that sector, the defense sector, takes this very seriously. We’re going to have a robust debate for 40 minutes, can we give them a nice round of applause for joining us today? I’m obviously not Nisha Pillai, who’s… a friend, but John Defterios as they announced, so I don’t know if they can change the board behind us, but I’m happy, and we know this community extremely well. If I may start with you, Engineer Walid, about how do you develop the system, and this is very important because you’re very much, and everybody here on this panel, very much into processes about how you develop a cybersecurity apparatus. And in the conflicts that we see around the world today, most people think of security in the military sense of action, but this is a different, if you will, enemy, but also a different opportunity. Do you want to explain how SAMI as a military industry here in the kingdom sees that development, why it’s so crucial for the security, but also the development of the country? I think that would be great.

Eng. Walid A. Abukhaled:
Please. Sure, sure. No, absolutely. Thank you, John. I just took permission to speak in English because it’s a truly global cybersecurity forum, and I think for all our benefits, first I can’t thank the organizer enough, I can’t thank NCA enough for having us here, because if there’s a topic that is at the highest level of importance, probably it is cybersecurity. If any company in the world, if any organization in the world think they are immune, they better think again. There’s daily attacks on almost every strategic company, on every strategic asset. People who believe this may not happen to them, they better think again. So the presence of this forum is amazing, it’s great, and hopefully it will add great value and I’m sure at the end of it there will be certain recommendation other than the benefits of offering it. of clear networking with subject matter experts. Look, at SAMI, we got to a point, of course we got to a point, I don’t know how much you know about SAMI, but in just 20 seconds or 30 seconds, it’s a national defense champion. It was established in 2018, 100% owned by public investment fund. Although we are owned by the government, we are 100% commercial mindset. We are in it for the business. Our mandate is to be to localize 50% of the defense spend in the Kingdom of Saudi Arabia. As such, it means we have to develop our own system, state-of-the-art technology, to ensure independence that we create our own defense system in the Kingdom of Saudi Arabia. Now, what we know for a fact, the concern is not only cyber attacks on the company for people to take sensitive information, that’s extremely important to our customers, but the system we built have to be cyber protected. So in everything we do, cyber security is part of our day-to-day business. If we are designing a system, a defense system, we need to make sure that this is very resilient, extremely protected, that no one can penetrate it. And we try our best, of course, because as I said, there is no such thing as 100% secure. From education perspective, of course, now we have about 4,000 employees. I can assure you our cyber security function plays a tremendous role in educating. Education is the number one issue, because there are many people still believe that it will not happen to me, it will happen to other people who don’t take care. No, it does happen. It’s unbelievable how many phishing emails we get per day, how many people try to penetrate and get information. And that, I can assure you, is happening to all. So as such, we take this extremely seriously. We built a very rigid, very strong defense system when it comes to cyber. And we can’t thank NCA enough, because they’re doing tremendous work in putting clear regulations, clear policies for all of us to implement, and we ensure that we are fully aligned with them. the NCA in the kingdom.

Moderator:
Yeah, your clarity on this is very, very impressive. Before I call on His Excellency the Engineer from Qatar who speaks fluent English but in deference to our audience, he’s going to speak in Arabic. For our English speakers or if you don’t understand Arabic, do grab a translation device now. I’ll therefore call on our friend from Malaysia, Dr. Magat, and I think we can start with how seriously Malaysia takes this initiative because it’s part of a national cybersecurity plan. And why, and I know Malaysia well, I’ve been there at least 15 times in the last 15 years, why it takes it so seriously as a financial center, as a trade hub, the development of the IT sector along the Silk Road and the Spice Route, I mean, Malaysia has quite deep ties in business. Why did you find it so strategic for Malaysia to have actually a five-year plan?

Ir. Dr. Megat Zuhairy bin Megat:
Bismillahirrahmanirrahim. Assalamualaikum warahmatullahi wabarakatuh and a very good afternoon, ladies and gentlemen. First of all, I would like to express my gratitude for inviting me here today, especially after two months of holding this post. Before this, I was involved in digital transformation, I was not in cybersecurity. Just to answer to your question, John, I think we established our Malaysia cybersecurity strategy in 2020. It was a five-year plan, which fight with five pillars. The first one is effective governance and management, which we established NAXA, National Cybersecurity Agency of Malaysia, which I am right now heading. Number two is legislative, strengthening legislative enforcement, of which we will establish our cybersecurity bill next year in March, which we will table in the parliament. Number three is all about innovation R&D. Number four is all about capacity, capability building, awareness, and also education. And number four is global collaboration. To respond to your Malaysia cybersecurity… strategy, its vision is to establish a secure, trusted, and resilient cyberspace. It’s just not that, it’s actually supporting our Malaysia Digital Economy Blueprint, our IR 4.0 policy, as well as the other policies. One is our science, technology, engineering, and math policy, promoting students to go into these four fields, and some other strategies. So the reason that Malaysia’s cybersecurity strategy is very important, we see it as very strategic because it supports the other strategies and policies that have been established before.

Moderator:
If I can bring in His Excellency from Qatar, and if you can drive home, it’s very interesting, if I can use an analogy, Qatar was the little engine that could, right? It’s grown so rapidly off of the strategic decision in 1992 to develop natural gas, and then to have that pervasive development in the state. Your view on the link between a robust cybersecurity system, if you will, and the ability to foster growth on the ground locally, but how that makes Qatar a global player in this idea that Saudi Arabia’s building an international hub here. Qatar’s been doing the same. Why is the cyberspace component so vital, would you suggest, Engineer?

H.E. Eng. Abdulrahman Ali Al-Malki:
Thank you, John, for that. First of all, I would like to thank the organizers of this conference for all their efforts, and we all support the Saudi Arabia Cooperation Council to move forward in this field and become the leader in cybersecurity. Back to your question, Mr. John, in terms of cybersecurity, from a general perspective, everyone knows that cyber security is very expensive. Everyone says that securing the systems and securing the sites costs a lot of money. It leads to a shortage in budgets for some ministries or even for private companies. In terms of leadership, we see it in two ways. The first way is that if you have an appropriate budget for cyber security from the beginning, you can protect your assets or systems from the greatest risk, which is the constant losses after the attack. The losses lead to the return of the system or the systems to work again. This is a much bigger loss than the initial budget for cyber security. This is one perspective. The second perspective is that the countries that made big budgets for cyber security benefited from the short and medium term, and even the long term, by attracting global solutions and providing the appropriate infrastructure for new projects and new ideas that will be applied in the future. This led to the attraction of companies, because when companies study a new topic or a new project, the infrastructure is enough to protect their investments in this project. We see from this perspective that having a high budget is not a bad thing, it is excellent. In terms of attracting foreign companies to work in these countries, and at the same time, the protection of the very foundation that is inside the country from an attack and greater impact on the return of services.

Moderator:
And I’m sure that must have been a challenge of a lifetime from a cyber standpoint. So the preparedness afterwards, if you can think about it, I’d love to get your thoughts on what was set up to make sure you could withstand a global event of that sort of scale. Felix, you’re so respected in the business. It’s great to have you with us today. I would like to discuss the role of R&D, and you could use the Spanish example or extend it out to the European example. This is a cost, so what’s the cost-benefit analysis of making the investment in R&D and how it feeds into the rest of the Spanish economy? And how did you structure the institute? Because I think it would be wise here because the GCF has its own institute now, and I think that sort of information sharing could be very useful. Please.

Felix A. Barrio Juárez:
Thank you very much, and thank you for the invitation to participate in this amazing new edition of the Global Cyber Security Forum. Congratulations. First of all, in the European Union, we have, since three years ago, public policy, called Next Generation Action, that pretends how recovery of the economy can be boosted after the COVID pandemic. And in this time, we have learned that the main successful experience has been, in fact, to invest directly in research and development in digital transformation. In fact, in the case of Spain, one of each three euros invested through this program of next generation is allocated to this purpose of digital transformation, and in particular it is very important to invest in research and development in the SMEs. Small and medium enterprises is the successful vector for this catalysing of the market, because at this moment we depend to extend all delays of provision of services and solutions in cyber security in a peripheral movement. In fact, we lack of enough small and medium enterprises to reach all the requirements that we are putting on the table around the European directives. So important is that in three years, in Spain, we have moved from 12% of our national economic growth to the 22% of the growth is depending on this purpose of digital transformation and in particular cyber security. It’s very important. This year we have spent more than 224 million euros directly in research and development for SMEs, with more than 140 different projects, and the condition is you have to be led by a small and medium enterprise, and this is directly linked to something that Mrs Abu-Halef mentioned before. He said independence of the country. We have to talk about national sovereignty in terms of technology, and cyber security allows this.

Moderator:
So interesting. I’m glad you brought it up. And I think I’d love to have this question for the entire panel, so I just want us to be very direct. That was brought up in our opening plenary session today. How do you get the… balance right between international cooperation and protecting national sovereignty? And where does international cooperation really go deep enough to the challenge of today? This is, you’re introducing AI, generative AI, into a system when we don’t know whether we have the thresholds of protection ready. Do you want to touch on that, Waleed, and where you think collaboration, you came from an international defense player, so you know the role of international cooperation, you want to use that model?

Eng. Walid A. Abukhaled:
No, no, absolutely, Rick. I believe, not long ago, I’m not sure about the statistics now, but I know for a fact Saudi a couple of years ago was one of the most targeted in a country, maybe in attacks, cyber attacks. And maybe this is 10 years ago, I saw lots of statistics, and it was definitely one of the most targeted. I believe there’s lots and lots of lessons learned. And I hope we can set up here in the kingdom a command and control global or regional command and control centers, where there are various countries who are joined or part of this command and control, and they can all share threats, they can all share the attacks, the type of attacks. Because these days, the minute you identify an attack, and of course you put the prevention where there’s another one in the way, and that’s going to be continuous, nonstop. So if there is a regional stroke global command and control center set here, with various countries included, and where we can share regulatory reforms, where we can share the type of threats that’s coming, and I can assure you it varies. Some attacks here are common in other countries, but some are different. And really put some regulatory framework where how can we develop the talents of the future leaders when it comes to cyber, how can we share best practices, and so on. I believe this will be a win-win to all. and will definitely benefit. There is a direct relationship between safety and security and prosperity of any nations. Foreign investments always link to safety and security of any nation, so if a country wants to invest in another country, they look at the safety and security of that nation. Make no mistakes, the future is all about cyber, and this is the huge security about protecting strategic assets, protecting investments, and so on. So I totally recommend and support having a regional hub, stroking global, where they can share best practices and learn from each other.

Moderator:
Good. Does it make a difference? I think this is a great question for you, Dr. Magat. To have somewhere geographically that straddles east and west and north and south, and I’m thinking of Saudi Arabia, I’m very aware of the Islamic roots going down to Southeast Asia, so this is a commonality, right, on the spice route. Could you see the kingdom serve as a bridge between the U.S. and China where they compete fiercely on technology, where you can at least, as the engineer was suggesting here, have a commonality is that we have to have the common good of protection and to share knowledge. Is that possible that could happen here in your view?

Ir. Dr. Megat Zuhairy bin Megat:
Well, I think global collaboration is always the fifth pillar of Malaysia’s cybersecurity strategy. We have been communicating or collaborating with our cybersecurity entities around the world, the globe. You are already? Yes. Oh, that’s great to hear. We have been seen as the middle ground country. We have received threat intel from ASEAN, EU, the U.S., China, and however, although with the abundance of data information, we could only respond to that with the necessary capacity and capability. We have our command center in Malaysia. We share our intel for Singapore, Indonesia. and the rest of the world. However, without capability and capacity of us receiving the information, we will not be able to translate that, whether that is a real threat or not, for example. So, coming to that, I think, unless a point of view, we see that we need to invest a lot on capacity building. In fact, for a statistic, for example, we aim to have about 25,000 or 30,000 of cybersecurity knowledge personnel in Malaysia, but we only have about less than 15,000. So, to do that, we have to do certain initiative of promoting people or students coming into Malaysia. I mean, in Malaysia, choosing cybersecurity as their career choice and their education choice, that relates to, again, science, technology, engineering, and math, promoting students from primary school, or secondary school, to choose cybersecurity as their field, then going to the industry, and then we’ll be able to have enough knowledge personnel to then translate, to receive that intel and information from which we receive from the globe, so that that intel can be translated into a real decision. So, although global collaboration has been somehow successful in Malaysia, we have not get much from that value because we do not have enough talents to use that advantage.

Moderator:
Good. Very quick follow-up for you, then. What’s the relationship between the government, the private sector, and the universities? Because I’ve always seen successful PPP models where you have industry saying, I’m lacking that expertise, we need to put this in the curriculum. What are you doing on that front in Malaysia?

Ir. Dr. Megat Zuhairy bin Megat:
It’s good that we seize that, everything that we do right now. especially in digital transformation, anything related to new policies or new direction, collaboration with the industry’s academic institutions has always been part of the strategy. So, in fact, when we draft our cybersecurity bill, number one is always about getting inputs from the industries, getting feedback from the academicians to give inputs so that our cybersecurity bill does not just look into the aspect of governing, penalising, setting standards, setting direction, which government thought we could behave and govern the industries and the stakeholders. So, it is very important, in fact, collaborating with the industries. When we draft the Malaysian qualification agencies, when it drafted the requirement of approving certain programs in the universities, they must prove, the universities have to prove that there are inputs from the industries. So, without that, that program will not be approved.

Moderator:
Okay. For those who need the translation devices, I’m going to call on engineer Al-Maliki here. And the role of international cooperation, can you answer whether it’s real? Now, we heard two regional examples, the collaboration between Saudi Arabia, UAE, Qatar, for example, the GCC collaboration, even extending, I would imagine, to the Middle East, North Africa. Dr. Mergat talked about the collaboration in Southeast Asia and the ASEAN countries. Do we have a model that works in Qatar? And you see the international cooperation, and if you want to answer this question about the World Cup, what sort of cooperation were you getting internationally on such a major event? if you can

H.E. Eng. Abdulrahman Ali Al-Malki:
and the the the for the We started with the issue of putting a comprehensive plan to see what are the problems of the sovereign security at the level of Qatar. This vision was based on what they call the national framework, which was applied to all institutions, bodies, ministries, and even some private sectors or private companies that have direct contact with the government. We started the application, but it was not just a matter of putting a framework, or a national sovereign security framework. No, we put the framework and started to monitor it on a daily basis. There is a direct monitoring with all the parties that implement it or not. Until we got closer to the date of the round itself, or the World Cup. During this period, we started our contacts with friendly countries. We had a lot of friendly countries that wanted to participate with us in the event. We all participated with them. We shared the problems and the challenges we had. Thank God, we were able to provide a working team from some countries that were present in Doha during the World Cup. They provided us with support in many ways, especially in the case of the attacks coming from the countries themselves. They were always analyzed and gave us the data. In some countries, they shared their data with us directly. The good thing is that we are still in this relationship with these countries. We receive data from them and provide them with data on sovereign security.

Moderator:
Very interesting. I didn’t realize the level of collaboration was so great. Felix Barrio Juarez, I think it would be great to talk to you about can we move this conversation to the next level, right? What I mean by that is can we harmonize standards where we have this collaboration that we talked about here in the region, Southeast Asia, the European Union. which you singled out in your first answer. How do we get harmonization in the cyberspace where we’re speaking the same language, we don’t have redundant systems that we’re putting in, the investment has a channel where you see it’s gonna be robust for four or five years in a very changing markets. How do we share those harmonization ideas, do you think, Felix?

Felix A. Barrio Juárez:
Maybe it’s the main challenge we are facing at this moment in terms of reshaping of this global market that is the cybersecurity and the digital market in a broad perspective. Because standards maybe can become a kind of barrier for the entrance, not only for foreigner vendors and providers, it’s a threat in terms of we are setting some kind of barrier for small and medium enterprises. And this is the question. In European Union, we are boosting all the moment through the standardization process in order to establish a strong lay of requirements. This morning, President Barroso explained it very well, this and how this has a purpose to accelerate the digital change, but in other hand, we have to, we should to think on the third countries. This is very real, not only for North and South countries, but also inside European Union because it’s very different the market in the Eastern countries and the Western countries and we have to work in a level where standards allow new entrance of this new generation of SMEs. In the past debates around the MIS-2 directive, the European Union Act for Cyber Security, past November, it was suspected that we will need more than 150,000 new SMEs. in Europe in order to have the capability to provide this kind of new services in cybersecurity with these new requirements of standardization. And the problem is what happens if we set some kind of standard that is a barrier for this new very small company that is based, for example, in a small town, and you depend only about the foreigner providers and big companies, big firms. So we have to work in these two different ways in order to combine.

Moderator:
What a great point. If I can share this idea, and Dr. Magat, I see you want to interject, how do we make sure this is inclusive? Because you know, Asami is a beast, right? It’s running the military sector and you’re bringing, you actually made an acquisition of a cybersecurity company, which you can bring up. Dr. Magat, you know, you have this disparity of wealth and you don’t want, the SMEs create the most jobs, but you don’t want them vulnerable. Do you want to pick it up?

Ir. Dr. Megat Zuhairy bin Megat:
I think I would like to comment on the aspect of standards itself. Sure. Although standards may actually improve efficiency when it comes to communicating and information sharing. However, I would like to relate to, I’m from the engineering, before this I was in the construction industry. And we always, our reason of not moving or change to a different, in other words, innovating. Because in construction industry, standards is all about safety, health and quality. And when you want to move away from the standards, no, we cannot do that because we are compromising these three aspects. This is similar, I think, if we, however, the bad part of it is that it actually demotes innovation. Similarly, I feel that if we are too much focused on standards, although they’re positive. The advantage of that in terms of communication and efficiency, however, it may deter or demote innovation. So you wanted to keep the innovation engine moving is what you’re suggesting. Number two is that when you are, with the standards established, and we are actually exposing ourselves that the threats knows what the standards are, and we’re actually exposing ourselves for more threats. And they know that we are not innovating, we are not improving ourselves, we’re not transforming because we are too much focusing on standards.

Moderator:
So there’s a balance between the two is what you’re saying. What a great debate. Engineer Walid?

Eng. Walid A. Abukhaled:
No, no, sure. Look, SMEs in any industry, not only cyber, play absolutely crucial parts in supporting the bigger organization and the bigger mandates of any industry. Part of my career when I was working in defense once, I was with the global, one of the largest global defense company globally. And I was with the head of strategy and he said we’re going to go acquire a company so let’s go together and just take a look to start our due diligence. And I genuinely thought we’re going to go to a huge headquarter, a huge company, big factories. He ended up going to a home and that home had a garage and we went inside the garage to see an individual who built something that’s very innovative. Where was this? That’s in the US. Wow. It’s like a Bill Gates story. Genuinely. And that was a global defense company. So you can imagine, when it comes to cyber security industries, without support of strong small and medium enterprises, I think we can kill innovations. I can tell you we are big corporations. Innovation, we try to implement as much innovation as possible, but exactly as Dr. said, sometimes you have certain standards, certain compliance issues, quality and process and policies that prevent quick innovation, quick thinking and so on. So I believe we definitely have to develop SMEs, support them, and I think we should support them by regulations. And I hope we can implement a policy where you say, if we give a contract, one of our company, advanced electronic company, SESAME Advanced Electronics, that 10% of this contract should go in supporting SMEs or 15%, whatever. I hope that we can build this in the regulatory systems where we really encourage SMEs. They are the engines for any economic community or economic strength. So I believe that’s going to be extremely important.

Moderator:
Great. I’m going to do the final question, and I want you all to chip in on this final question with no more than a minute each, because then I want to ask a question about trust at the very end, which I think is very important. It’s like, how do you maintain consumer trust? If you get onto an app and you’re trying to do a business transaction or e-commerce for a small business, you don’t have trust in the system, because of cybersecurity, we have a problem. So think about it, because that wasn’t in our list of topics. But I think trust, we assume that the companies have our back, the government has our back, but the challenge is always changing. So would you say is your biggest priority, Felix, on your side today, if you’re going to look, if we sit down for GCF in 2024, what’s going to be the priority that you have accomplished this year?

Felix A. Barrio Juárez:
Yeah. Despite we need more than ever from the private initiative in order to build this level of capabilities in cybersecurity, we have to put all the public service focused in the more vulnerable sectors, and the consumer is the main. So we built three years ago a hotline, 017 telephone number, that attends every citizen, every small and medium enterprise, every professional is suffering some kind of cyber attack, or they are suspecting they can reach us every day of the year. This is very important. We receive more than 2,000 calling demands per week. And this is the way to say to the people the message that everybody is part of the solution. are not protected by the public sector. This is a very lucrative field.

Moderator:
Very interesting. It’s very consumer-facing, I think. Engineer Al-Maliki, do you want to tackle? What’s your key priority this year?

H.E. Eng. Abdulrahman Ali Al-Malki:
First of all, we need to understand, in order to know the important things, we need to know the risks, we need to study the risks and know where they are. Of course, the risks vary from one country to another. The risks for one country are not the same as the risks for another. In Qatar, we studied this issue. We had two directions. The first direction is to build capabilities. In addition, we need to find a mechanism to license workers in the field of cyber security, at the company level, at the level of the organization, and even at the level of the workers or engineers. This is the first part. After studying this, we discovered that the biggest risk we face today is the supply chain. The chain… I don’t know how to say it. Anyway, I think the previous session discussed this issue in detail. But we found that not studying the supply chain for any service or organization causes us the biggest problem. This has happened all over the world, but for us, we discovered that the smallest entity in the supply chain can cause a complete failure of the service.

Moderator:
Excellent. Thank you for the answer on that. The two of you are going to finish up, Dr. Magat and Engineer Waleed. Quite extraordinary. 60% of attacks are on airport infrastructure, so we take for granted that our skies are secure. 66% of healthcare organizations hit by ransomware attacks. Critical, right, if a hospital goes down, the threat. 86% of global CEOs believe there will be a catastrophic event in their cyber operations. So this is a trust game and it’s a race. How do you approach it as your priority? Dr. Magatan will finish with His Excellency Waleed. Thanks.

Ir. Dr. Megat Zuhairy bin Megat:
Malaysia always feels that it’s all about secure, trusted, and resilient cyberspace. My priorities right now is all about capacity and capability building. In fact, when you promote, Malaysia always promotes digital transformation, when we establish trust, more people will come into the cyberspace. More machines, people will be coming into cyberspace. It can be a positive is what you’re saying, right? Positive, but then we have to create more resilient, more approach, more people to protect, to establish a peaceful and resilient cyberspace. So capacity building, capability building is a continuous effort, we could not stop, we cannot stop because, again, innovation, the generative AI, establish a totally different cyberspace environment, which we may not know what the solution today. So capacity, capability building, that’s my priority.

Moderator:
Great. We’re going to have a session this afternoon, just after two o’clock, on widening the lens. What’s the role of media in the process of supporting government and the consumer? Because you have to educate people to know of the potential threat and the opportunity, as we’ve all talked about. Engineer Waleed, you have the last word.

Eng. Walid A. Abukhaled:
Thank you so much. Look, His Royal Highness, the Crown Prince, have been consistent from the day of launching Vision 2030. The biggest wealth the kingdom have is its people, the youth, the human capital. It’s all about developing talents, specifically I’m talking on the domain of cybersecurity, having the right talents. But we have issues. I have, and I don’t know how NCA can help us and help other companies in this. When I have a cyber security specialist Saudi nationals who probably four years of experience they ask for a salary They’re the same as mine as a CEO of this company We we have we have that’s true inflation. That’s true inflation. God bless them. I wish I wish life can go back I would have got into cyber security specialist, but genuinely developing the right talents And regulating the market and I think we need a lot a lot more and really when I discuss with my fellow CEO From global companies. It’s no exception. I mean this this issue is not only in the kingdom. It’s issues globally So so that’s something I hope we can put certain emphasis on I totally agree with capacity and developing the right talent but when you mention trust Trust as you know is gained rather than so so MCA can put all the regulations if and we can comply 100% but still if I’m always penetrated and There’s information Lost then there is an issue that we really need to look at it The same applies for any applications if I talk to my friend and this happened recently I was telling him I’m interested in buying new car lucid and all of a sudden all the advertisements appear about lucid Should I trust this application anymore that that’s listening to me? So it’s really in my view trust is gained. We need the right regulatory framework. I genuinely hope And I’m sure that this global cyber security forum Will let will learn a lot from it I think there are global mindsets in here and I truly believe this this has been extremely beneficial to all I look forward to the next one. Yeah knowledge is power absolutely, right?

Moderator:
Absolutely, and this is one of these things where I think we have to bring the consumer along for the ride you know because if they don’t know what the Their role is in this and you have to as you said earn their trust to make sure that the government But the private sector and academia has their back in a big big way Can I thank you again for the an excellent assembly of fantastically good minds? governor to tackle this from the cyber authorities, the institutes that we have here, the government standpoint in having such an important sector such as the military. Can we give them a nice round of applause? Thank you very, very much. Thank you. Thank you. Thank you so much. Thank you. Thank you so much. Terrifically done. Thank you. Excellent. Thank you. I appreciate it. Really excellent. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you.