We live in a time when hardly a day goes by without hearing about a cybersecurity incident. The need for a safe and secure digital world significantly grew after the COVID-19 pandemic, as human behavior merged online even more than before, and remote working became an everyday reality. Lebanon is no different to this escalating threat.
Since 2019, however, Lebanon has undergone an economic meltdown; a financial and monetary crisis alongside the challenges related to the health pandemic. Perhaps most importantly, Lebanon witnessed the collapse of its main economic pillar: the banking sector.
Out of all sectors, Lebanese banks had the biggest budgets to invest in cyber defense. As such, they invested significantly on infrastructure, technology, and awareness to reach what was deemed an acceptable protection level. On the other hand, the public sector was left under protected by a budget unable to guarantee a robust and proper digital transformation and cyber defense. What is more, the public sector was mainly dependent on international donors, since there was no national priority to step into the 21st century of a citizen-focused digital experience.
Many local institutions, particularly in 2018, have suffered attacks and breaches. Unfortunately, it is far too easy to access various entities in the public and private sectors. As a result, a secure transformation is greatly called for.
Lebanon’s Cybersecurity Status
Lebanon is ranked 109th in the world and 12th regionally in the ITU Global Cybersecurity Index 2020. Lebanon is expected to drop further in the new upcoming index. Earlier this year, in May, the Lebanese Cybersecurity Empowering Research Team, a group of ethical white hackers, found major cyber-attacks on Lebanon. More than 2.5 million attacks had been conducted within 21 days; an alarming amount.
Various public sectors, businesses, educational institutes, and the banking sector suffer from an absence of coordination and implementation of a cyber security risk strategy. The banking sector, which was once considered the forefront of digital innovation and cybersecurity spending, is now suffering from the devaluation of the Lebanese pound, and subsequent inability to pay monthly or yearly software and hardware contracts, hindering its ability to stay up to date. There is a high possibility of software expiring without being replaced, which would arouse further dangers.
Today, Banque du Liban’s Circular 144 of November 28, 2017 regarding the protection of banks against cybercrime, is not ranked as a high priority for implementation or enforcement vis a vis the financial crisis.
The migration of cybersecurity talent or human capital, skills shortage, and inadequate salaries in the private and public sector bring a lot of challenges in maintaining and enhancing cyber security operations in Lebanon, creating a climate of “low-hanging fruits” for cyber-attacks.
The Internal Security Forces are the official body responsible for combating and investigating cybercrime, but they are in dire need of new skills, the latest technologies, legislative changes and even reliable electrical power. It is worth noting that Lebanon lacks specialized judges or lawyers in the field of information technology. In addition, from a legal framework perspective, Law 81/2018 relating to electronic transactions and personal data, has yet to be enforced despite being approved by the Cabinet four years ago.
Although, the ten-year Digital Transformation Strategy was approved in May 2022. Needless to highlight that implementing this strategy is a big challenge, regarding a lack of commitment, funding, adopting simplified and standardized measures in a Lebanese national data center, as well as a waste of time and financial resources.
2019 Cybersecurity Strategy
After lengthy work, the three-year National Cybersecurity Strategy was published on August 29, 2019 by the government, two months before the October 17 uprising and the beginning of the economic downfall (technically the strategy should have been implemented by now).
Even though different international grants are actually supporting the strategy, having a well-planned implementation framework supported by state authority is crucial for robust coordination with the 2022 Digital Transformation Strategy.
The strategy aims to protect government assets, markets, commercial sectors, and citizens from cyber threats and attacks. It is composed of two main sections: 1) preparation of a cybersecurity strategy and 2) establishment of a national cybersecurity agency.
The first part rests on eight pillars:
1.Defend, deter, and reinforce safeguards against external and internal threats
2. Foster international cooperation in the field of cybersecurity
3. Expand state capacity to support the development of ICT
4. Bolster Lebanon’s educational capacity within the realm of cybersecurity
5. Build up industrial and technical capacity
6. Promote exports and the global expansion of Lebanese cybersecurity companies
7. Strengthen collaboration between the public and private sectors
8. Expand the role of security and intelligence services in cybersecurity while boosting cooperation and coordination among the agencies with the support and supervision of higher authorities
Lebanon has a chance to bounce back with the implementation of both the Digital Transformation Strategy and the National Cybersecurity Strategy, by strengthening its position and focusing on digital economy opportunities and citizen services.
The country is a greenfield environment for cyber developments, especially on the public sector side, since not many e-Government services are established or implemented. It actually lays the foundations to secure the right design to the full implementation, while focusing on citizenship centricity alongside contingency plans to ward off local, regional, and international threats.
Cybersecurity General Recommendations
Since the Cybersecurity Strategy was approved, there is an opening for Lebanon’s digital transformation, and with it comes an urgency for cybersecurity, like fighting cybercrime, maintaining good standards for data security, system integrity and preventing high-profile breaches. Such improvements will place Lebanon in a better position and give the country a chance to improve its position on the ITU Global Cybersecurity Index.
Lebanese National Datacenter
For a successful digital transformation, a national data center is not just an option but rather a necessity to host both the public and private sector; particularly considering the range of challenges like electricity cuts and high operating costs. There is fragmentation across the board at present, including within the banking sector; demonstrating the need for the cooperation of security information and critical security data sharing.
A national datacenter will (a) resolve the data residency problems, (b) provide 24/7 operations, (c) ensure business continuity, (d) secure better solutions, (e) centralize the management, (f) allow efficient security analysis and response and, (g) most importantly assure lower cost.
Cooperation Across All Sectors
A public private community partnership should be enabled; particularly to help empower the cybersecurity strategy and have a new business model to move away from outdated and inefficient systems.
Locally developed solutions coming from the private sector and the community can bridge the gap of accessing new affordable solutions; like licensing, upgrades, and more cost-effective management, whilst at the same time boosting the national digital economy.
The worsening economic situation and lack of foreign investment is significantly affecting the delivery of basic services and management of digital resources. Major capacity constraints are increasing the prevalence of old systems (hardware and software) with an outdated maintenance status. It is important to note that such obsolete systems increase vulnerabilities for hacking attacks directly or indirectly. Among the objectives of both national cybersecurity and digital transformation strategies is to realize the best approach for addressing this emerging deficiency in financial resources.
Governance and Legislation
Despite the government’s approved Cybersecurity Strategy and with it the establishment of a ‘National Commission against Cybercrime and for the Strengthening of Cybersecurity’, efforts need to be taken towards the actual formation of this commission and other relevant groups. Such a commission is essential to monitor the effectiveness of proposed interventions, sharing of data among various agencies and planning further initiatives to address the impacts of cybercrime. The commission can compel other administrations to comply with decisions or coordinate with automation projects. In this regard, a sustainable institutional framework with comprehensive mandate for co-ordination of all cybersecurity activities and interventions is also critical, and is currently lacking.
However, implementation of the strategy with appropriate human and financial resources are required for the effective enforcement of the Law 81/2018. In addition, implementation decrees for the management of cybersecurity interventions need to be formulated as soon as possible.
The legal and technical approach should also be enhanced, with the main goal of identifying penal responsibilities throughout the investigation phases, while efficiently implementing actions and measures to combat cybercrimes.
One of the main challenges is to formulate a modern legal framework and to strengthen the law enforcement agencies: Army, Internal Security Forces, General Security, and State Security to provide an updated and comprehensive security system and to establish a national Community Emergency Response Team.
Cybersecurity Skills and Research
The shortage in human resources with cyber skills is contributing further to a national vulnerability for cybercrimes. As such, capacity building and knowledge are indispensable to meet cybersecurity provisions in both public and private sectors. In addition, raising awareness and providing formal training in cybersecurity for all employees who deal with any system in any capacity is necessary to win the undeclared cyber war.
Higher education institutions, like universities, can take a lead role to direct careers towards filling the skills gap, and most importantly be at the forefront of cybersecurity research and development for arising innovation in the field.
Lastly, Being Proactive, Not Reactive
A proactive approach seeks to prevent cyberattacks from occurring in the first place which can lead to a much higher benefit, strong continuity of operations, return on investment and excellent reputation.
The only way to combat all of the above cyber threats and attacks is through the establishment of a nation-wide system capable of orchestrating a coordinated response within a unified framework incorporating technical and legal aspects.