Qatar’s NCSA publishes recommendations on standards of securing operational technology

The National Cyber Security Agency (NCSA) in Qatar has released recommendations for securing operational technology (OT) in the electricity and water sectors. These recommendations are based on industrial cybersecurity standards ISA 62443. The NCSA will collaborate with the Qatar General Electricity and Water Corporation (Kahramaa) to implement these standards.

The Wednesday statement mentioned that the recommendations aim to incorporate the best international practices and standards in the electricity and water sector. This includes adopting and approving the international standard (ISA 62443), which is developed by the International Control Association and the International Electrical Commission. The goal is to strengthen the ability of OT to address cyber threats and establish a cybersecurity framework for organizations to improve resilience plans.

One of the key recommendations is to appoint an OT security expert or specialist in all relevant institutions within the electricity and water sector, who will be responsible for developing strategic plans and overseeing their implementation. Their role will involve assessing cyber risks, implementing best practices to address them, and enhancing the internal systems of the institutions to ensure cyber security.

The NCSA is committed to promoting cybersecurity readiness in the electricity and water sector. To further this goal, they recently launched the second session of a training program on securing OT in partnership with Kahramaa. The program aims to train 70 specialists in information security and OT, following the end of the first courses last week.

Dana Al Abdullah, director of governance and national cyber assurance affairs at NCSA, said that a series of training courses have been launched on applying OT security standards in the electricity and water sector, which will extend throughout the beginning of next year. This will help establish the agency’s role in developing and updating policies, governance mechanisms, controls and guidelines to enhance cybersecurity, and circulate them to relevant institutions and raise the level of cybersecurity in vital sectors.

Eng. Muhammed Yousef Al Kubaisi, director of the Electrical Control Department at Kahramaa, commended this announcement. He said “considering that it bears strategic importance, coming from the fact that the strength and reliability of the country’s electricity and water infrastructure is largely related to the strength of its cyber security, which reflects positively on the stability of electrical and water supply operations in the country, which in turn is largely related to economic, social and security stability in general.”

The recommendations on securing OT in the electricity and water sector are the result of the NCSA’s assessment of the national cybersecurity situation in collaboration with Kahramaa. The assessment, initiated in 2021, included evaluating several electrical power generation and distribution stations in Qatar.

Additionally, NCSA has also developed the necessary plans to develop cybersecurity readiness levels in the electricity and water sector, to reach high levels of flexibility and business continuity in this important sector.

In conclusion, the agency assesses that the step comes as part of its continuous endeavor to enhance cybersecurity and protect OT, in cooperation with its main partners in the important infrastructure sectors of vital information. This helps to emphasize its role in enhancing and achieving its vision of being a partner for ‘pioneering’ a secure cyberspace that achieves safety and prosperity for the State of Qatar.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.