jordan pulse -
Head of the National Center for Cybersecurity, Bassam Al-Maharmeh, said on Sunday that the role of the center is on government institutions and private sector institutions that provide critical basic services such as water, electricity, transportation and communications.
He added, in his speech to the Sunday Economic Program, which is broadcast on the “Al-Mamlaka” channel: “These are critical sectors, and they all depend on technology. Therefore, any penetration or any disruption to the services of these institutions, companies, or infrastructures falls within the field of national security and affects the national economy. For this reason, the center focuses on The government side, but a large part of his work is concerned with critical vital sectors.
Speaking about the center, he said that the National Center for Cyber Security, in short, is the national authority concerned with everything related to cyber security at the national level.
He continued, "The center is concerned with building a national system to protect national information and protect critical infrastructure and basic governmental and non-governmental services that reach the citizen and are provided to citizens."
Al-Maharmeh added that the center mainly has a regulatory and oversight role, and it is a regulatory oversight body, and its role is to enact legislation, regulations, policies and strategies that are related to cybersecurity and regulate the cybersecurity sector.
He pointed out that the center carries out cybersecurity operations, as it monitors threats to government networks.
"The center has an oversight and regulatory role, and at the same time it has an operational role," according to Al-Maharamah. Regarding
the size of the Jordanian economy's losses due to cyber-attacks, Al-Maharamah estimated the losses at 100-200 million dollars annually.
"We at the center have capabilities that can search for these threats, find them, and stop them (...) prevention. There is no such thing as prevention. The largest institutions in the world are being hacked, but the ability to detect and then restore work and restore these services is what most strategies focus on," according to Al-Mahramah
. The number of cyber incidents that were monitored and dealt with by the National Center for Cybersecurity in the first half of this year amounted to 1087, an increase of about 100% over the number of incidents recorded in the same period last year, which was 544 incidents.
In its previous response to the Kingdom's inquiries, the center revealed that the recorded incidents in the first half of 2023 were divided into 754 cybercrimes, compared to 390 cybercrimes in the first half of 2022, an increase of 93%.
And 125 espionage incidents, compared to 16 in the first half of last year, an increase of 681%.
The number of hacking incidents rose to 208, compared to 138 in the first half of last year, an increase of approximately 51%.
The center stated that the accidents that were monitored and dealt with during the first six months of this year, according to the degrees of severity, were distributed among 17 accidents with a “very dangerous” degree, compared to 7 accidents of the same degree recorded in the first six months of last year, an increase of 143%. approximately during the comparison period.
235 "high risk" accidents compared to 95 accidents of the same degree in the first half of last year, an increase of 147%.
And 730 accidents of "medium severity" compared to 260 accidents of the same degree during the comparison period, an increase of approximately 181%.
As for accidents classified as "normal risk", they decreased by 42%; To reach 105 accidents in the first half of this year, compared to 182 accidents in the same period of 2022.
Al-Maharmeh said: "We noticed that there is a steady increase in cybersecurity incidents. If we compare the year 2022 with 2021, we will notice an increase of 70% in cybersecurity incidents."
And he continued: "If we compare the first half of 2023 with the first half of 2022, we will notice that there is a 100% increase in cybersecurity incidents, in other words, it doubled in the first half of 2023 compared to 2022."
Al-Maharmeh pointed out that some of these accidents are critical and high-risk, while the greater part, 75%, are minor, low- and medium-risk accidents.
Regarding the classification, Al-Maharmeh said: “We rely on classification on two basic factors, first the impact of the accident. Some accidents, for example, result in a service sector. Some incidents, for example, result in theft of important information. On the other hand, some accidents do not result in it, and therefore the impact of the accident.” This is a key factor."
And he continued: “The other factor is the affected party, that is, there are parties whose sensitivity is more than some parties, there are parties whose sensitivity is more than some parties, for example, there are sovereign parties, for example, that have very sensitive information and parties that are less sensitive, based on these two factors, we decide the severity of the accident.” .
Al-Maharmeh added: "We have a matrix by which we identify the affected parties, and these parties range from important to more important to sensitive, as well as impact, low impact, medium impact and significant impact. Based on this matrix, we decide to classify the cyber security incident."
Al-Maharmeh said, "We have 4 classifications, which are low-risk, medium-risk, high-risk, and critical, which constitute 2% of the accidents we are exposed to."
"Critical accidents that affect more than one sector, and their occurrence leads to theft of vital information or interruption of basic services provided to the citizen," according to Al-Mahramah.