Lebanon has been working towards the creation of a national cybersecurity strategy that will protect its citizens and its public and private sector institutions.
A committee formed in November at the behest of Prime Minister Saad al-Hariri, in response to a recommendation from the parliamentary information technology committee, has been tasked with formulating a national cybersecurity strategy.
Among the new committee's recommendations, which are slated to be formally presented this spring, is the formation of a national agency to address cybersecurity.
The committee comprises representatives of various ministries, economic sectors and security and military agencies, Internal Security Forces director general Maj. Gen. Imad Othman said in November.
It has been tasked with "developing a national plan to secure cyberspace and protect citizens and economic and commercial exchanges from potential threats", he said.
The national cybersecurity strategy and the anticipated new agency are expected to address the increased risk of online piracy and fraud, given the rise in online transactions and technologies, especially in the banking sector.
Vital part of national security
Cybersecurity is maintained through a set of technical, organisational and administrative means to prevent unauthorised use, misuse and hacking of online information, said national anti-cybercrime co-ordinator Lina Oueidat.
"Lebanon lacks an institution managing cybersecurity at the national level, and ranks 119th among countries in terms of cybersecurity, while ranking 67th in terms of information technology use," she told Al-Mashareq.
"Cybersecurity is an essential part of any national security policy," she said, noting that more than 130 countries have departments and plans devoted to cyberwarfare within their national security apparatus.
The proposed national cybersecurity agency will fall under the Secretariat General of the Supreme Council for Defence, which is attached to the prime minister’s office, she said.
The agency will comprise representatives of the ministries concerned with cybersecurity, security agencies and "the Central Bank, which has extensive experience in cybersecurity, as a representative of the private sector", she said.
Once the cybersecurity strategy has been finalized, in about four months' time, it will be submitted to the government for approval, and then referred to Parliament for ratification, she said.
"The cybersecurity strategies of six countries were studied, and Lebanese and foreign experts were hired to analyse the Lebanese situation and come up with a strategy that suits Lebanon," she said.
This is designed to "hold political authorities accountable and protect Lebanon from becoming a platform for cybercrime, money laundering and terrorism financing", Oueidat said.
The goal is to identify the cybersecurity issues Lebanon is facing and identify how to solve them, she added.
Cybersecurity strategy an 'urgent need'
Threats to cybersecurity come not only from states but also organised gangs that steal information to use in extortion attempts or to sell on the black market, former Internet Society-Lebanon president Gaby al-Deek told Al-Mashareq.
"A cybersecurity strategy is an urgent need today, and having one requires ample financial resources to put the required infrastructure in place," he said.
"We currently have two undersea fiberoptic lines that connect us to the world, one of which goes to Cyprus and the other to Alexandria, Egypt," he said.
"They both end in the French city of Marseilles, which puts cybersecurity at risk because they are in the same area," he added.
One way to maintain cybersecurity is to have four lines that do not all go to Marseilles, but rather provide different routes for the transfer of data, and the installation of devices to detect cyberattack equipment.
Lebanon has legal texts in place, "as a progressive piece of legislation pertaining to online transactions and personal data entered into force this month", said Charbel Kareh, president of the ICT Centre at the Beirut Bar Association.
"The private sector is also ready and has the capability to maintain the cybersecurity of companies and individuals," he told Al-Mashareq.
"All that remains is for the public sector to catch up to the private sector for security to be fully maintained," he said, adding that the public sector is not yet ready "because it lacks the necessary budget and equipment".