Home Cybersecurity Lebanon is finally seeking to leapfrog into digitally empowered spheres


Lebanon is finally seeking to leapfrog into digitally empowered spheres

Our hidden treasure

by Thomas Schellen

It may be Lebanon’s best bet for a long-term economic future. This underused economic resource has been idling for over 20 years. It is not of fossil origin or other conventional finite resource. Built entirely on the strength of human ingenuity and collaboration, this resource now appears ready for another attempt at making it in the real world—rather than living exclusively on the extremely patient pages of government strategy plans and ministerial Power Point presentations.

It is the new “new economy,” or more precisely the geo-economic sphere shaped by the combined implementation of first-in-history digital transformation and cybersecurity cycles. This emerging community of transnational spheres, the best thing since the invention of the internet, could provide much more to Lebanon than the country would achieve by any national implementation of an e-government project or more perfect incarnation of e-commerce in domestic markets.

In 2019, governmental efforts to activate the digital economy potential of Lebanon have not been a secret so much as hidden in plain sight. Other issues on the government’s agenda—the budget and the task of reducing the deficit, the need to implement reforms and qualify for international finance under the CEDRE paradigms, the plans for plugging the country’s main fiscal hole by improving the electricity economy, and the hopes invested in the proposition of oil and gas revenues—as well as numerous funny money worries on the part of the Lebanese population have been so much at the forefront of everyone’s concerns that the digital transformation and cybersecurity issues that have been pushed forward by a taskforce at the Prime Minister’s office for the past six months without attracting the attention that they should.

A possible result of too much attention being directed to other burning public regards in Lebanon, the digital economy file thus produced curiously little news when, at the end of August, the cabinet adopted a new cybersecurity strategy that is scheduled for implementation from next month. But this news is worth pondering.

Something from nothing

“We have done something special by advancing from a state of zero strategy [at end of 2018] to having a [national cybersecurity] strategy after six months,” Lina Oueidat, the head of the ICT committee at the Presidency of the Council of Ministers, tells Executive in September on the sidelines of a cybersecurity conference.

As Prime Minister Saad Hariri expounded a few days earlier in a Q&A session at a conference on Lebanon’s digital needs and potentials, transforming Lebanon’s public sector and economy through a digital transition would be of huge importance for the country. Hariri emphasized the importance of collaboration among all involved, highlighting that broad consensus and a disbanding of bickering is needed for reforms in the country as well as progress toward digital Lebanon.  

Delving further into the new national cybersecurity strategy, Oueidat explains that it includes a cyber-risk assessment tool for critical infrastructure, and that a first trial run of this tool was undertaken with focus on civil aviation, which was the reason for holding a cybersecurity conference at the Middle East Airlines training center on Beirut airport’s grounds. “We [thought] why don’t we start by assessing this infrastructure [of Beirut Airport], studying it, and learn lessons from it on how to deal with other governmental institutions,” she says.

“We have done something special by advancing from a state of zero strategy [at end of 2018] to having a [national cybersecurity] strategy after six months.”

According to her, general application of the new national cybersecurity strategy for Lebanon will commence from October, “as an action plan that includes [target] dates” that had been kept out of the strategy draft until it had been approved. Moreover, she describes the implementation of Lebanon’s first national computer emergency response team (CERT)—a vital entity in national cybersecurity considerations—as “very close,” based on potentials for international cooperation with Oman and internally with usage of existing structures for disaster recovery and experts at the Ministry of Telecommunications and Lebanon’s Telecommunications Regulatory Authority (TRA).  

Cyber views from the global plane

The importance of well-coordinated cybersecurity in conjunction with the digital transition of public and private realms into e-government and online economy are certainly not lost on the global community of nations or on individual states. Just last month, 27 UN member states committed to a statement on “responsible state behavior in cyberspace” at the eve of the UN General Assembly.  

Based on the notion that information technology has been transforming modern life, driving innovation and productivity etc., the tech-aware signatory states (which did not include any countries from Africa and the Middle East) decried irresponsible cyber behavior by state and non-state actors. Stating, with somewhat cryptic implications, “There must be consequences for bad behavior in Cyberspace,” they pledged to hold states accountable and called for voluntary collaboration with other states to uphold an international rules-based order in cyberspace.

On a less ominous note, e-government giant (and up until now a global political lightweight) Estonia told the world, also last month, that it is about to establish a department of cyber diplomacy at its foreign ministry, in recognition of the importance of state behavior in cyberspace. “Countries are increasingly prioritizing cybersecurity and safety in their foreign policy aims,” Estonian Foreign Minister Urmas Reinsalu said, according to a press statement from September 12. He affirmed that Estonia wants to be a global leader in this new diplomacy realm.

Lebanon has proven not long ago that it is not a total stranger to the importance of cybersecurity and digital transition issues for nations’ emerging economic fortunes. At the end of last year, the Lebanese government was one of the first 51 countries to join an initiative of French President Emmanuel Macron, the “Paris Call for Trust and Security in Cyberspace.” Signatories affirmed their commitment to international legal frameworks and their applicability to digital environments, among other things, reaffirming their support of “an  open,  secure,  stable,  accessible  and peaceful  cyberspace,  which  has  become  an  integral  component of life in all its social, economic, cultural and political aspects.” They further condemned “malicious cyber actions in peace time” and, also among other things, vowed to “welcome  collaboration  among  governments,  the  private  sector and  civil  society  to  create  new  cybersecurity  standards  that  enable infrastructures and organizations to improve cyber protections.”  (Note: These sort of moral and legal appeals for a better digital interaction among states have become quite fashionable in the 21st century, and in the case of the Paris Call, the number of adherents had grown to 67 states along with hundreds of private sector and civil society entities by August 2019).

However, what could, until now, not be said with any confidence was that Lebanon was marching determinedly into its future on two legs of cybersecurity and digital readiness. According to the International Telecommunication Union’s (ITU) cybersecurity index of 2018, Lebanon was ranked 17th among 22 Arab member countries and 124th in global terms. This low ranking reflected the absence of a national CERT, Oueidat tells Executive.

Below potential

According to indexes for e-government readiness and online economy in recent years, such as the 2018 e-government readiness survey by the United Nations and the somewhat dated networked readiness index by the World Economic Forum, there was also no denying that Lebanon has been punching below its potential. It was ranked an unimpressive 99th in the UN E-Government Development Index (EDGI) with a score that was a few notches above the average global EDGI score, but below the average score for upper middle income countries, the group to which Lebanon is categorized as belonging in the nomenclature of UN research papers. (The index covers 193 UN member countries, just as the ITU cybersecurity index entails information on 193 ITU member states.)  

In the World Economic Forum’s most recent Networked Readiness Index (2016 edition), which purports to gauge countries’ propensity to benefit from the opportunities availed by information and communications technology (ICT), Lebanon reached 88th place out of 139 economies, which was an improvement on previous years—Lebanon moved up 11 spots in the index when compared to 2015. However, Lebanon showed enormous lags in regulatory and political readiness as well as government usage of ICT, ranking 126 and 124 out of 139 countries in the index, a fact testifying to the existence of so much room for improvement that it could fill whole virtual universes. 

“Lebanon showed enormous lags in regulatory and political readiness as well as government usage of ICT.”

Not that it would have been necessary for any diligent Lebanese observer of their country’s national affairs to consult international index figures to see the state of the digital readiness, e-government implementation, or cyber threat awareness and cybersecurity implementation in Lebanon. Anyone who was unaware of the sordid stories of corruption, clumsiness, criminal cyber breaches, and selfishly motivated abuse in public and private cybersecurity, could remind themselves of the country’s low level of preparedness for defense against internal and external cyber-attacks with just a glance at the website of the TRA. On the site, when accessed by Executive at the end of last month (September 25), the authority, which describes itself as an “integral part and at the core of ongoing efforts” in addressing cybersecurity in Lebanon, was leaving no doubt on the effectiveness of such efforts in recent years. “Current Lebanese efforts fall too short of what is required to deal with the high levels of cyberspace risks and threats,” it assessed laconically, followed by a list of four shortcomings, beginning with the absence of a vision and strategy for cybersecurity.

Reading diverse signals

Regardless of all painful and embarrassing memories of Lebanon’s dismal cybersecurity past, the topic of real significance is the future of the digital economy and cybersecurity in this country, and this is where the reading of signals matters. Contemporary human groups, irrespective of how algorithmic and primitive they might act in moments of extreme pressure such as a financial panic, habitually can decipher and correlate seemingly unconnected signals in ways that surpass algorithmic recognition capacities of machine learning.

“Current Lebanese efforts fall too short of what is required to deal with the high levels of cyberspace risks and threats.”

In this sense, the signals of 2019 are positive. Signals from the cabinet and the Prime Minister’s office, such as the adoption of a national cybersecurity strategy and its prequel of having designated an ICT committee at the end of last year, fit together with other signals originating from the private sector. One surprising recent sign in this sense was the visit by one of the most familiar names in the cybersecurity industry the world over. Kaspersky Lab co-founder Eugene Kaspersky was partly drawn to Lebanon by his interest in collecting impressions from Baalbeck, one of the world’s outstanding historic sites, meaning he did not just come for business or because Lebanon is such a fantastic growth market with new high demand for cybersecurity services, but his visit and interactions with ministries and banks still can be read as positive signal on the readiness to engage into cyber issues.

Investments by private industry players always are positive signals and in this direction, it is noteworthy that Lebanese companies with stakes in cybersecurity and related IT services are exhibiting new vigor at a time when the tales from many other industries seem to only compete over which company or sector story is the most depressing.

Admittedly, using Lebanon, with its combination of highly qualified and relatively inexpensive tech labor, as a kitchen for regional business is an entrenched pattern in software and tech companies since the new economy days at the turn of the century. Nonetheless, it is encouraging to see some larger and smaller established IT services firms, such as conglomerate Resource Group or authentication specialist CIEL Lebanon grow, innovate, and drum for their offerings.

As a new addition to this sector, cybersecurity services company AXON, established last year, has recently put a very notable foot down in Lebanon’s tallest building. As Rani Haddad, managing director and founding partner of the company tells Executive, AXON is capitalizing on a combination of fresh local brains and experienced cybersecurity experts that it brought back from the Lebanese diaspora as it ventures to do regional and global business from the country but looking outward for its business development. “Our vision is regional or even global, not only focused on Lebanon. We are working on multiple fronts,” Haddad says.

According to him, the company is not a startup, but rather a venture funded by a family office. As such, its business is based on two pillars: the first providing cybersecurity services to client organizations, helping them develop and implement cybersecurity strategies, and the second on helping with the development of cybersecurity skills in the digitally native generation of university students and recent graduates in Lebanon.

“I am optimistic [about digital Lebanon], but I want to see something realized.”

Geographically, AXON is pursuing expansion into Gulf markets like many tech companies do from Lebanon, but also endeavors to design and market a threat intelligence platform for global markets. “By mid of 2020, we should have presence in a Gulf country, either Saudi Arabia or Kuwait, with offices open there. As for development of the threat intelligence platform, by mid of next year or earlier there should be a functional platform that we can go to market with,” Haddad says. He adds the project of a cyber academy, which will aim to alleviate the immense shortage of cybersecurity experts that exists in Lebanon as all over the world, is envisioned through collaboration with academic institutions and planned to be operational after around two years.

Hope on the horizon

While the market for cybersecurity in Lebanese corporations is, according to Haddad, inching forward with growing awareness, he confirms that currently most of the commercial action in these specialized services is playing out in the banking and financial sector, where AXON and competitors vie for the business of highly security aware banks.

This still narrow market notwithstanding, the productive interplay of national cybersecurity strategy, public sector efforts for better securing critical infrastructures, gradually increasing private sector sensitivity to the importance of cybersecurity and digital transformation, along with the awareness building pursued by vendors that are eager for Lebanese business, conflate into an array of hopes for digital Lebanon. 

Humans, as individuals and groups, are, however, also prone to misread signals, usually affixing too much positive information value to them because they feed their wishful thinking. Or they can perceive deceitful signals exactly as their devious emitters intend such memes and micro-narratives to be read—and thus fall for misinformation. This is why in the experience of skeptics it is good to look for many signals and counter signals when evaluating an important narrative such as the proposition of Lebanon’s progress toward cybersecurity and digital transformation.  

One attentive participant and professional receptor of digital transformation stories at the digital Lebanon conference was Raymond Khoury, partner in charge of Middle East technology and innovation management at international management consultancy Arthur D. Little, and a long-time consultant dealing with digital transition advisory in the Middle East. His efforts include Lebanon, where he was strongly engaged with the first UNDP-led e-government and digitization efforts at the Office of the Minister of State for Administrative Reform (OMSAR) around the turn of the century.

When asked by Executive if he left the conference with more optimistic feelings about Lebanon’s digital transition efforts than would have been normal in the roughly two decades during which Murphy’s Law seemed to have developed a special bond with any e-government or digital capacity building attempts in the Lebanese public administration, he notes that the problem of digitization in this country does not lie in developing plans for the process. “The plans have been there for many years. We don’t need [to devise] plans,” he says. “We just need consensus on doing the same thing consistently and coherently. The proof is in the detail, and the detail [of digitizing Lebanon] is implementation.

“We cannot talk about digital government without a connected government infrastructure. It is foundational to me that the ministers agree without any quarrels to have a secure government network, with a secure and redundant data center. If [all ministries] follow common norms and standards, each [ministry] can then deploy their own applications. But the data infrastructure needs to be standardized, the technology infrastructure needs to be standardized, and the human skills infrastructure needs to be standardized.” 

He elaborates on the need for harmonized actions in public entities before advocating that private sector companies should participate in the buildup of digital Lebanon not with minds seeking to profiteer from interactions with the government, but as public-goods servants. “If they want to do services for the government, they can take percentages of the fees,” Khoury says. “There are multi-million dollar revenue companies in the US that do this. I am optimistic [about digital Lebanon], but I want to see something realized.” 

In the sum of many recent signals, the chances that Lebanon will march into new economic realities on the strength of two legs of cybersecurity and digital transition efforts in public entities appears stronger from this time on. Figuratively speaking, working to pull the country up by its own digital bootstraps would be quite impossible, but with some international assistance, focusing more energy on the country’s digital transition could be less costly and relatively better suited to the talent pool of Lebanon than some other very costly approaches with high financing, operational, and obsolescence risks in seeking to engineer the country’s economic rescue.  

Support our fight for economic liberty &
the freedom of the entrepreneurial mind
DONATE NOW

Thomas Schellen

Thomas Schellen is Executive's editor-at-large. He has been reporting on Middle Eastern business and economy for over 20 years. Send mail
--------------------------------------


View all posts by

You may also like