Talking 5G Security, AI & Cloud With Eng. Badar Ali Said Al Salehi

In a recent roundtable discussion during the Mobile World Congress (MWC) 2024, Eng. Badar Ali Said Al Salehi, Chair of OIC-CERT and Director General of Oman National CERT (OCERT), addressed the evolving landscape of cybersecurity and digital transformation. Here’s what Eng. Al Salehi had to say on these matters.

  1. The OIC-CERT has established working groups for 5G Security and Cloud Security over the past few years and released related frameworks. What are the key responsibilities of these two working groups, discussed during the recent roundtable?

The 5G Security and Cloud Security Working Groups (WGs) are among the most advanced within OIC-CERT, addressing essential technological concerns critical to member nations’ digital transformation roadmap. As the industry advances towards 5.5G, the OIC-CERT 5G Security WG will assist in demystifying and facilitating the adoption of this technology by the OIC-CERT member countries and the OIC community. The 5G WG developed the 5G Security Framework to establish a sustainable security and resilience model for the 5G ecosystem that is standardized, impartial, and non-discriminatory and intended for regulatory authorities of the member countries.

The OIC-CERT 5G Harmonized and Unified Cybersecurity Certification System (HUCCS) is a cross-recognition assurance methodology that aims to establish critical 5G evaluation and certification facilities.

Meanwhile, the Cloud Security WG aims to develop a cloud security framework that provides high-level guidance on direction and strategy based on common open certifiable standards. The framework encompasses technical operating procedures and technical specifications aligned with national strategies and regulatory compliance requirements. To kick off, the WG is planning a pilot implementation for the OIC-CERT Cloud Security Framework via a Central Asia Cloud Security whitepaper, alongside a series of Cloud Security roundtables, replicating what was done last year for the Middle East region.

  1. In addition to those existing WGs, some new activities, such as AI study groups and supply chain working groups, were proposed at the recent roundtable discussion. Can you please elaborate further on those points?

The OIC-CERT recognizes the emergence of new technologies and the security threats they pose, such as AI security, AI governance, supply chain security, post-quantum cryptography, and data security governance, which were covered well during MWC. We held expert group workshops discussing these issues in December 2023. Consequently, OIC-CERT plans to form study groups and a WG to empower OIC-CERT member countries and the OIC community to mitigate security issues these technologies pose in their respective digital transformation journeys. It’s encouraging to see more OIC-CERT members leading these new areas of work, tapping into the collective expertise from the 57 OIC member countries globally, ranging from Africa to the Middle East and Central Asia to Southeast Asia.

  1. Regarding the private and public collaboration case study, the Cybersecurity Industry Development Strategy Maturity Model (CIDSMM) was announced at last year’s Regional Cybersecurity Summit in Abu Dhabi, UAE. What are the main activities promoting this project?

The CIDSMM is a critical initiative within OIC-CERT, serving as a model to assist Arab and OIC member countries understand their cybersecurity strengths and weaknesses. This will help develop each technology or industry vertical in a measurable and repeatable way. We are currently considering a pilot site implementation per region and alignment with other international best practices and industry standards.

  1. After the recent OIC-CERT Cybersecurity roundtable discussion, how does this mark a new departure to enhance OIC-CERT’s efforts to instill digital trust and resilience? What was the importance of having this roundtable during MWC?

This roundtable symbolizes a significant milestone for OIC-CERT, marking our emergence as a major player in the global cybersecurity industry. The strong support from OIC-CERT member countries that participated in the roundtable discussion – such as Oman, Malaysia, the UAE, Indonesia, Azerbaijan, Brunei, Egypt, Bangladesh, Jordan, Nigeria, Uzbekistan, Pakistan and others – demonstrates our commitment to building a safer, more secure, and resilient cyberspace.

Notably, the largest OIC contingent ever at the Mobile World Congress signifies the intention of OIC member countries to take charge of their cybersecurity destiny and position OIC-CERT firmly in the digital realm.

The resolutions passed during this roundtable represent the flag that we would like to plant at the summit of Mt. Everest of Cybersecurity cooperation, thereby staking our unwavering commitment to the OIC member countries and the international community. Cybersecurity is never the concern of one single country or region but the collective concern of the entire world.