The head of the National Center for Cybersecurity, Eng. Bassam Al-Maharmeh, confirmed that the center has put forward a draft of the Jordanian National Framework for Cybersecurity for public consultation, which is “a program that represents a plan to protect information systems for the public and private sectors,” and it will be mandatory.

In an interview with the Jordan News Agency (Petra), Eng. Al-Maharmeh said that the draft consists of a set of procedures, mechanisms, controls, principles and standards that institutions must adopt and apply properly to enhance the security of the Kingdom’s cyber systems and move to a higher level in information protection, explaining that most institutions do not apply certain standards. in protecting information.

He added that the standards that will be included in the national framework for cybersecurity will be mandatory after a grace period at the beginning, expressing his hope that the center will receive feedback and respond to it to continue proceeding with its approval procedures in accordance with the rules, as each institution will apply controls and standards commensurate with the threat and danger to which it is exposed.

And he indicated that the center dealt during the past year with 1,362 accidents involving government institutions and private companies, 26 percent of which were high-risk and critical.

According to the center’s statistics, the most targeted sectors in 2022 were the health sector, with a rate of 9 percent of all accidents. The commercial sector is represented by medium and small companies that often do not have the capabilities to protect their information, in addition to other important government institutions that are constantly being hacked.

Al-Maharmeh indicated that the center does not monitor threats to private companies, but if it notices through the intelligence department that there are threats to them, it must intervene, especially since the private sector works with the government, collects its information and provides services to it, as it is part of the national system.

He said that each country is targeted according to its geographical and political situation, and is subject to targeting from certain parties, explaining that the center is a national institution that deals with attacks and threats at the level of institutions that may threaten national security, state security, or basic services in the country.

He pointed out that the center, through a set of procedures and initiatives, detects and warns of threats and breaches, and helps those exposed to them recover. It also contributes to raising awareness among citizens and guiding them to protect themselves and their information.

He pointed out that the center is also making a great effort in developing legislation, controls and regulatory frameworks that help protect against attacks, indicating that there are two types of threats: the first we call “organized cybercrime groups” that target government institutions, companies, universities, hospitals and others with the aim of stealing Information is for profit purposes, and the second type targets government institutions more and is called “state-linked groups”, which are related entities whose goal is espionage, theft and collection of information, as they have created a presence for themselves in some environments with the aim of disrupting services and others.

Al-Maharmeh indicated that the center, through building systems and setting regulatory frameworks, sets controls for dealing with technology and controls for institutions to adhere to in a way that contributes to its protection. Penetration and vulnerability scanning.

He explained that the center prepares security assessments for a large number of institutions and the public and private sectors, and gives institutions reports on their security status, which contributes to protecting state institutions and information at the national level, in addition to awareness and training campaigns through its platforms, website, and social media platforms that raise awareness and efficiency. The employees are all in the interest, service and protection of information for the country.

He pointed out that the center launched the Jordanian vulnerabilities and penetration tests platform with the aim of enabling government and private agencies to test and identify the weaknesses of their platforms and websites quickly and efficiently on an ongoing basis. Appropriate and preventive measures before exploiting these vulnerabilities by hackers.

He explained that the platform is divided into two parts based on the entity. There is the option of registering as an organization or registering as a vulnerabilities tester, aiming to ensure that the organization or institution or electronic services and digital platforms are protected and do not contain loopholes that the organization must fix, by examining them and trying to penetrate them continuously, so he called it Continuous Penetration Testing Platform.

The second goal is to develop human capabilities and talents for young people and attract people who have a hobby in the field of hacking, as it provides them with a healthy environment to practice their talent, especially with the presence of a large number of young people who have a high talent in hacking, so we try to direct them in the right direction, in addition to creating a source of income for them in In the event that the hacker or researcher was able to discover the vulnerabilities on the platforms of the digital organizations that registered on the vulnerability reward platform to obtain an examination of their platforms, they would receive a reward in the form of a financial prize for their ability to discover these vulnerabilities.

Regarding the center’s role in data protection, Al-Maharmeh indicated that the center does not directly protect data, as it is the responsibility of the entity that owns the data.

He called on the employees to abide by the information security policies issued by his organization and not to take any actions that might expose the organization to the risk of being hacked, and the employee should make a greater effort in awareness of cyber risks and develop his capabilities in how to confront and prevent them, and the employee has the responsibility to report any security incident related to information And any suspicious activities that he may notice on the information network, in addition to the need for the employee to cooperate with his colleagues and with the information technology department in his organization.

Al-Maharmeh explained about the center’s role in data piracy, that in the event of information piracy occurring in the institution, the center works to investigate the incident, find out its causes, and try to assist the affected party in recovering its information and resuming its activity as soon as possible.

Regarding some rumors that are spreading rapidly and threatening security, such as the rumor of using a specific code to identify phone hackers in Jordan, he indicated that there is a lot of false information that has spread through the media or social media, which prompted the center to publish a correction of that information.

In the same context, he said that regarding fraudulent calls or messages of unknown origin that arrive from unknown numbers, some of which are international, and which have spread in the recent period, the center works in coordination with telecom companies and through the Telecommunications Regulatory Authority to block them, but the fraudster sometimes creates fraudulent methods. We are trying to be careful in dealing with them, adding that the most important thing is citizen awareness, so we are constantly publishing awareness campaigns not to respond to any calls or messages of unknown origin or to interact and deal with them.

Al-Maharmeh touched on the “Cyber ​​Warriors” competition launched by the Center in cooperation with Al-Hussein Technical University, targeting school and university students from 12-24 years old, with the aim of empowering students who are passionate about cybersecurity and giving them the opportunity to improve their skills, learn new technologies and increase their confidence in their knowledge of cybersecurity. It includes a range of technical challenges related to computer security, such as reverse engineering, memory corruption, encryption, web technologies, and more.

He said that the second edition this year will be organized on July 6, as the first edition met with great success and created a beautiful environment in which students from schools and universities participated. Their skills and guide them to the right path by registering on the platform, as it is a competition that encourages students to enter this field because it is an important field, and there is a great shortage of these competencies and these disciplines, and it is decided that students who obtain advanced positions in the competition will enter the platform and benefit from them in examining our sites and services .

Al-Maharmeh added that the center launched and implemented several topics and initiatives to serve and protect the Jordanian national cyberspace, raise community awareness and raise the efficiency of workers in various institutions, most notably: launching the “Nashami Cyber ​​Camp”, which will last 4 months and aims to raise the capabilities of graduates of cybersecurity and information technology disciplines, develop their skills and qualify them to engage. In the Jordanian labor market, pointing to the importance of practical application in the field of cybersecurity, as the camp includes many aspects of practical application, which enable students to apply theoretical courses in a practical way that the Jordanian market needs.

And he indicated that the center will launch a platform containing educational materials, videos, messages, advice and instructions for all segments of society, from children to the elderly and people with disabilities, to be an important tributary and a means to raise awareness among citizens.

He pointed out that the center is constantly implementing awareness campaigns in cooperation with various parties, as it signed agreements with many institutions with the aim of raising awareness, counseling and training students and employees, indicating that nearly 3 thousand students representing 27 universities have been trained in order to prepare for the Cyber ​​Warriors competition.

Al-Maharmeh explained about the center’s role in data piracy, that in the event of information piracy occurring in the institution, the center works to investigate the incident, find out its causes, and try to assist the affected party in recovering its information and resuming its activity as soon as possible.

Regarding some rumors that are spreading rapidly and threatening security, such as the rumor of using a specific code to identify phone hackers in Jordan, he indicated that there is a lot of false information that has spread through the media or social media, which prompted the center to publish a correction of that information.

In the same context, he said that regarding fraudulent calls or messages of unknown origin that arrive from unknown numbers, some of which are international, and which have spread in the recent period, the center works in coordination with telecom companies and through the Telecommunications Regulatory Authority to block them, but the fraudster sometimes creates fraudulent methods. We are trying to be careful in dealing with them, adding that the most important thing is citizen awareness, so we are constantly publishing awareness campaigns not to respond to any calls or messages of unknown origin or to interact and deal with them.

Al-Maharmeh touched on the “Cyber ​​Warriors” competition launched by the Center in cooperation with Al-Hussein Technical University, targeting school and university students from 12-24 years old, with the aim of empowering students who are passionate about cybersecurity and giving them the opportunity to improve their skills, learn new technologies and increase their confidence in their knowledge of cybersecurity. It includes a range of technical challenges related to computer security, such as reverse engineering, memory corruption, encryption, web technologies, and more.

He said that the second edition this year will be organized on July 6, as the first edition met with great success and created a beautiful environment in which students from schools and universities participated. Their skills and guide them to the right path by registering on the platform, as it is a competition that encourages students to enter this field because it is an important field, and there is a great shortage of these competencies and these disciplines, and it is decided that students who obtain advanced positions in the competition will enter the platform and benefit from them in examining our sites and services .

Al-Maharmeh added that the center launched and implemented several topics and initiatives to serve and protect the Jordanian national cyberspace, raise community awareness and raise the efficiency of workers in various institutions, most notably: launching the “Nashami Cyber ​​Camp”, which will last 4 months and aims to raise the capabilities of graduates of cybersecurity and information technology disciplines, develop their skills and qualify them to engage. In the Jordanian labor market, pointing to the importance of practical application in the field of cybersecurity, as the camp includes many aspects of practical application, which enable students to apply theoretical courses in a practical way that the Jordanian market needs.

And he indicated that the center will launch a platform containing educational materials, videos, messages, advice and instructions for all segments of society, from children to the elderly and people with disabilities, to be an important tributary and a means to raise awareness among citizens.

He pointed out that the center is constantly implementing awareness campaigns in cooperation with various parties, as it signed agreements with many institutions with the aim of raising awareness, counseling and training students and employees, indicating that nearly 3 thousand students representing 27 universities have been trained in order to prepare for the Cyber ​​Warriors competition.

Favorite