Bahrain National Cyber Security Strategy
Modern technology has rapidly advanced and has become embedded in all aspects of
commerce, government, and society deeply. Every organization, citizen, and resident
of Bahrain is connected to the internet which enables everyday activities,
innovation, and growth. By using and connecting to the internet, risks will emerge
in the form of cybercrime, destruction, espionage, and vandalism. The best means for
addressing cyber threats is to develop a comprehensive National Cyber Security
Strategy. Bahrain's National Cyber Security Strategy is leading the efforts for
improving Cybersecurity through over a period of four years. The strategy is
organized into five pillars that support the cyber security needs of the Kingdom,
which are strong and resilient cyber defenses, effective cyber security governance
and standards, building a cyber aware nation, collective defense through partnership
and cooperation, and cyber workforce development.
This strategy makes cyber security a national priority and addresses the needs of critical national infrastructure (CNI) sectors. The CNI sectors are represented by the financial sector, Government sector, Healthcare sector, Information and Communications Technology (ICT) sector, Transportation sector, Gas, Electricity, and Oil (GEO) sector, and Critical Industry (CI) sector.
The NCSC will contribute to consulting cybersecurity experts and stakeholders to ensure the collection of valuable observations and suggestions to improve the national strategy for cybersecurity. In addition, NCSC will continue to provide workshops for each vital sector and national conferences within the Kingdom of Bahrain to ensure effective communication with cybersecurity experts and stakeholders. Moreover, NCSC will contribute to the evaluation of progress against the objectives of the National Cyber Security Strategy. NCSC will monitor and evaluate the progress in achieving the national strategic goals and take corrective measures for national initiatives and projects as required.
This strategy will provide the platform for a Secure and Trusted Cyberspace in Bahrain. A comprehensive National Cyber Security Strategy is necessary to harness the full capability A comprehensive National Cyber Security Strategy is necessary to harness the full capability of Bahrain's people, businesses, and government in an organized and effective fashion to properly address cyber security. This strategy provides an ambitious vision and decisive set of objectives to address cyber security across the Kingdom. The scope of the strategy is broad and encompasses Bahrain's government, CNI sectors, private companies, regional and international partners, and the whole of Bahrain's population. The strategy is organized around the five pillars, each of which provides an essential component required to achieve the ultimate vision. This strategy also includes sector-specific discussions that address the unique needs, key objectives, and responsibilities of CNI sectors. The end result is a comprehensive plan to dramatically improve the Kingdom's cyber security over the next four years.
Five Pillars for a Cyber-Secure Kingdom
The national cyber security strategy is made of the following five mutually supporting pillars that together comprehensively support the Kingdom's cyber security needs. Each pillar represents a significant focus area and line of effort that provides an essential component required to achieve the ultimate vision which leads to a cohesive and comprehensive framework for creating a secure and trusted cyberspace for the Kingdom.
Pillar 1: Strong and Resilient Cyber Defenses
The first pillar in the national strategy aims to raise cyber security readiness, as well as protect systems and networks in the institutions of CNI sectors. This is accomplished by developing modern and advanced security systems that enhance mechanisms to address and detect potential cyber-attacks and threats in a comprehensive and accurate manner. This pillar includes the following strategic objectives:
- Protecting critical national infrastructure: Adopting a comprehensive methodology to achieve the necessary cyber protection by defining cyber security requirements, taking into account all factors related to the infrastructure of critical institutions, identifying and analyzing risks, preparing and implementing security controls, and conducting continuous tests, in order to ensure proactivity in confronting threats and protecting electronic systems and services.
- Enhancing response to cyber incidents: providing mechanisms to respond to cyber incidents to assist the institutions of vital national sectors in confronting and containing cyber attacks and ensuring a rapid return to normal operations while minimizing negative impacts.
- Raising cyber security readiness in vital institutions: Preparing programs and plans to confront electronic threats and attacks at the level of vital sectors and at the national level, developing scenarios for potential threats and implementing practical exercises for plans in order to enhance the level of readiness of institutions in vital sectors.
Pillar 2: Effective Cyber Security Governance and Standards
This pillar provides a governance framework for setting and enforcing cyber security standards, controls, and procedures. In addition, ensure that CNI institutes support the adoption of risk management and adhere to the standards and controls for managing and protecting sensitive information and systems. This strategy implements requirements for strong cyber security leadership in organizations to provide individual accountability. This pillar includes the following strategic objectives:
- Applying risk management at the national level: applying the concept of risk management in the institutions of vital sectors to reduce cyber risks by conducting risk management operations, which include identifying assets belonging to critical infrastructure institutions, defining risks, evaluating risks, and working to reduce and limit them, as well as ending control and monitoring risks to provide maximum safety.
- Developing cyber controls, policies and supporting the compliance process: Developing cyber controls and policies at the national level, setting up mechanisms that support the process of their application, and defining procedures to ensure the compliance of the concerned authorities with the controls and policies, with the aim of enhancing the protection of the systems and services of institutions and companies, with a focus on the institutions of vital sectors.
- Developing effective cyber leaders: Developing guidelines aimed at defining the importance and role of effective leadership in the field of cyber security and preparing programs that seek to raise the level of knowledge of institutional and partnership leaders to support cyber security programs and develop their human cadres.
Pillar 3: Building a Cyber Aware Nation
The third pillar is concerned with raising the level of awareness in Cyber security among all individuals in the Kingdom of Bahrain, by creating awareness campaigns and programs to ensure that all individuals gain appropriate knowledge about cyber security. By raising cyber security awareness, individuals will have the ability to distinguish between misinformation and disinformation. The strategy targets all individuals, including students at all study levels, workers in all fields, and non-workers. This pillar includes the following strategic objectives:
- Raising awareness in the field of cybersecurity at the national level: working to spread awareness of cybersecurity and building an informed public in the Kingdom of Bahrain by implementing awareness and education campaigns and programs targeting various segments of society, making everyone a contributor to strengthening cybersecurity at the national level.
- Supporting cybersecurity in all stages of education: Work to integrate the content of cybersecurity in the national education system to build a generation familiar with the areas and requirements of cybersecurity and aware of the measures related to cyberspace risks.
Pillar 4: Collective Defense Through Partnership and Cooperation
The fourth pillar develops a comprehensive national model to enhance cyber security defense through partnership and cooperation. This pillar seeks to support cooperation and partnerships to protect CNI entities within the kingdom by establishing mechanisms to protect against cyber threats and attacks effectively. This pillar includes the following strategic objectives:
- Strengthening partnerships in the field of cybersecurity: setting procedures, policies, and controls that regulate the process of sharing cyber threats at the national, regional, and international levels, and supporting partnerships in preparing, developing, and implementing programs and measures necessary to raise the level of cyber security.
- Support collaboration for cyber protection: Develop and share standard operating procedures with others. Collaboration provides less wasted resources, helps improve communication and interoperability, has easier training, enhances teamwork, and frequent revision of best practices over time.
Pillar 5: Cyber Workforce Development
The fifth pillar provides the framework for cultivating cyber security expertise at a more advanced level for cyber security practitioners and leaders. This pillar helps the Kingdom of Bahrain develop domestic talent and retain it for long-term careers in the Kingdom with the objective of creating the domestic training capability to generate more qualified individuals as needed. Workforce development can also help take the trained talent that entities already have and give them the additional skills needed without hiring from outside the entity. Cyber workforce development is a long-term requirement that is supported through collaboration with colleges and universities and complemented by initiatives that promote a cyber security industry. This pillar includes the following strategic objectives:
- Supporting capacity-building and qualified national cadres: Developing high-quality training and educational programs based on specific and studied standards compatible with technical developments to build cadres and capabilities necessary to meet the national need in the field of cybersecurity.
- Promoting the local cyber security industry: Supporting local cyber security entrepreneurs, products, and services to enable the growth and prosperity of the Kingdom of Bahrain.
CNI Sector Strategies
Six additional customized strategies have been developed for the CNI sectors to enhance the National Cyber Security Strategy. The sectoral strategies cover the needs of each CNI sector. A brief for each strategy is provided below:
Financial sector strategy
The strategy aims to protect financial systems and implement cybersecurity requirements to enable the financial sector to implement banking services and digital economy initiatives.
Government sector strategy
The strategy focuses on enhancing the protection of government systems and networks and defining measures to address cyber threats. The strategy also promotes the development of mechanisms for the development of secure and reliable electronic government systems and services.
Health sector strategy
This strategy is concerned with maintaining the security and privacy of health information and data. The strategy also enhances the protection of health systems, including operational technology (OT) and the Internet of Things (IoT).
Information and Communication Technology (ICT) Sector Strategy
This strategy aims to promote secure handling of information and communications technology and networks, including modern and advanced systems such as the 5G generation networks.
Transportation Sector Strategy
This strategy includes the importance of implementing a security program to manage cyber risks that may face various transportation systems and the supply chain. The strategy also enhances international cooperation and compatibility in the field of cyber security at the sectoral level.
Gas, Electricity, and Oil (GEO) Sector and Critical Industry (CI) Sector Strategy
The two sectors were merged into one strategy due to their reliance on information technologies and operational technologies. This strategy enhances the protection of operational systems used in factories and refineries.