Cybersecurity in the Kingdom

With the significant acceleration of digital transformation, the rates of cyber attacks and the risks of data breaches have increased, making the Kingdom keener to provide a secure environment for data and digital operations through a robust security system. Here comes the role of the National Cybersecurity Authority in developing, implementing, and supervising strategies.

The Anti-Cyber Crime Law aims at preventing cybercrimes by identifying such crimes and defining their punishments. The objective is to ensure information security, protection of public interest, and morals, protection of rights of the legitimate use of computers and information networks, and protection of the national economy.

The National Cybersecurity Authority (NCA) has issued a number of controls, frameworks and guidelines related to cybersecurity at the national level to enhance cybersecurity in the country in order to protect its vital interests, national security, critical infrastructure and government services. Controls, frameworks and guidelines issued by NCA include the following:

• Organizations’ Social Media Accounts Cybersecurity Controls
• Essential Cybersecurity Controls
• Cloud Cybersecurity Controls
• Telework Cybersecurity Controls (TCC)
• Critical Systems Cybersecurity Controls
  
• Operational Technology Cybersecurity Controls
  
• Data Cybersecurity Controls
  
• The Saudi Cybersecurity Workforce Framework (SCyWF)
  
• The National Cryptographic Standards (NCS)
  
• The Saudi Cybersecurity Higher Education Framework (SCyber-Edu)
  
• Cybersecurity Guidelines for e-Commerce

 

The National Cybersecurity Strategy was developed to reflect the strategic ambition of the Kingdom in a manner that is balanced between security, trust, and growth. It is created to achieve the concept of (a safe and reliable Saudi cyberspace that enables growth and prosperity)
It also includes six main concepts:

• Integration

• Regulation

• Assurance

• Defense

• Cooperation

• Construction
  

The national strategy aims to:

• Integrated cybersecurity governance at a national level
• Effective management of cyber risks at the national level
• Protecting cyberspace
• Strengthening national capabilities in defense against cyber threats
• Strengthening partnerships and cooperation in Cybersecurity
• Building national human capabilities and developing the cybersecurity industry in the Kingdom

The indicative Center for Cybersecurity

In order to raise awareness of Cybersecurity and avoid cyber risks and reduce their effects, the National Cyber Security Guidance Center has been launched to work on issuing alerts about the latest and most serious gaps, and it also works on launching awareness campaigns and programs and cooperates with other guidance centers.

Saudi Federation for CyberSecurity

For the sake of local professional capabilities in Cybersecurity, software development, and drones, the Saudi Federation for Cybersecurity was launched under the Saudi Olympic Committee's umbrella. To provide activities and programs that contribute to increasing community awareness of Cybersecurity, programming, drones, and support and encourage young people to become professionals in this field.

National Academy of Cybersecurity

An initiative launched by the Ministry of Communications and Information Technology in cooperation with the Human Resources Development Fund (Hadaf) to raise the level of national digital capabilities in various fields of modern technology to keep pace with digital transformation requirements. It includes several paths:

• Analyzing artificial intelligence data
• Cloud Computing
• Web and application development
• Games design and development
• Executive Programs

Hasseen Initiative

The Hasseen initiative was launched to enhance Cybersecurity at the national level, and it is concerned with protecting emails from spoofing and unauthorized use. It works to empower entities to:

• Knowing the level of implementation of the Hasseen initiative for the entity
• Create domain name records
• Survey of domain name registries
• Raising awareness among national authorities of the importance of activating domain name documentation and methods of implementing it.