On 31 May 2022, AACC held a one-day-workshop entitled “Exchanging Knowledge & Expertise in the Field of Cybersecurity” at Palais Eschenbach in Vienna and simultaneously online (hybrid), moderated by AACC Secretary-General Eng. Mouddar Khouja. This high-level event was marked by the attendance of AACC Founder and Arab President H.E. KR Nabil Kuzbari and the participation of H.E. Ms. Ghada Waly, Director-General of UNOV, Executive Director of UNODC and Under-Secretary-General of the United Nations, who delivered welcoming remarks, along with AACC Austrian President Senator Dr. Richard Schenz, H.E. Mag. Wolfgang Ebner representing the State Secretary of the Austrian Federal Ministry of Finance H.E. Mr. Florian Tursky, H.E. Dr. Khaled Hanafy, Secretary-General of the Union of Arab Chambers (UAC), and H.E. Mr. Ibrahim Assaf, Ambassador of the Lebanese Republic to Austria & Chair of the Arab Ambassadors Council in Vienna.
Throughout this one-day-workshop, senior government officials and technical experts from Austria presented their knowledge and shared their expertise in the field of cybersecurity with Arab counterparts, tackling topics of paramount importance to governments, companies, and individuals, including but not limited to cybercrime, next generation e-ID (electronic identity) and trust services, secure communication, protection of critical IT infrastructure, cloud digital sovereignty and transparency, and standardisation, testing & certification.
In his welcoming remarks, H.E. Senator Dr. Richard Schenz warmly welcomed the distinguished guests and speakers and stressed the significance and relevance of the topics which the workshop sought to address. Noting the ripple effects and detrimental threats caused by cyber-attacks and cybercrime to companies, authorities, institutions, sectors and societies as a whole, Sen. Dr. Schenz urged governments and institutions to strengthen regional and international cooperation and widen their scope of focus to encompass the entire public-private cybersecurity ecosystem in order to mitigate these risks.
In her keynote speech, UNODC Executive Director H.E Ms. Ghada Waly commended AACC’s timely organization of an event on cybersecurity, a topic of growing importance. Ms. Waly highlighted the linkages between cybercrime and other forms of crime and stressed the challenges posed and harm caused by cybercrime not only to individuals but also to societies as whole and to global economy, hence the paramount importance of securing information and communication systems. Ms. Waly urged the international community to work together to equip all countries including developing countries with the necessary tools and capacities to combat and prevent cybercrime. In this regard, Ms. Waly elaborated on UNODC’s Global Cybercrime Programme, which provides technical assistance to more than 56 member states across various continents, aimed at developing their capacity to detect, investigate and process cybercrime cases.
H.E. Mag. Wolfgang Ebner underpinned the importance of information security and cybersecurity to mitigate the threats posed by (cyber) criminals. Given the fact that most threats decision-makers with one response to tackling cybersecurity threats, and that is cooperation. In this context, Mr. Ebner praised initiatives such as AACC’s which seek to address the topics of cybersecurity through multiple lenses of experts from different institutions across Arab countries, Austria and other European countries.
H.E. Mr. Ibrahim Assaf
Chair of the Arab Ambassadors Council in Vienna H.E. Ambassador Ibrahim Assaf commenced his speech by commending AACC’s endeavours aimed at strengthening economic, commercial and cultural ties between Austria and the Arab countries and for organising this one-day-workshop on cybersecurity. In a more and more globalised and digitised world, societies have been witnessing a noticeable shift towards e-commerce, digital currencies and NFTs in the recent years. As such, cybersecurity stands as one of the most crucial challenges to the global trade architecture nowadays. Ensuring a safe and reliable cyberspace thus becomes indispensable for a thriving economy, which can merely be attained through comprehensive partnerships among all stakeholders, particularly governments and the private sector. Assaf added that the League of Arab States has initiated and proposed several decisions and legislations pertaining to cybersecurity, noting that the Councils of Arab Interior and Justice Ministers adopted in 2010 the “Arab Convention on Combatting Information Technology Offences”, which entered into force in 2014. Finally, Assaf assured that the Arab states are at the core of the discussions pertaining to cybersecurity and ICT challenges and threats.
In his video message, UAC Secretary-General H.E. Dr. Khaled Hanafi asserted that cybercrime is the next world crisis. Increased use of digitalisation and ICT in the Arab world comes hand in hand with an increased susceptibility to cyber-attacks, which necessitates a heightened cyber security. Arab markets for ICT have been noticeably inclining, recording an estimate of $2 billion and are expected to reach $3 billion in the coming years, which offers ample opportunities for investment. Finally, Dr. Hanafy emphasised the significance of cybersecurity for the private sector and called for the private and public sectors as well as the international organisations, namely UNODC, to join efforts to tackle the issue of cybersecurity.
Session I brought to light the topics of blockchain cyber-attacks and frauds and the protection of IT Infrastructure, and it was moderated by Mr. Herbert Scheibner, Former Federal Minister of Defence of the Republic of Austria.
Dr. Oleksiy Feshchenko, Advisor for the Global Program on Cybercrime at United Nations Office on Drugs and Crime (UNODC), focused in his presentation on new technologies, block chain, financial crime and legislation, including topics such as the dark net, cryptocurrencies, bitcoins and the legal challenges that they pose in tracing ownership, namely in the case of smart contracts which have no owner or administrator, to which a solution could lie in on-chain security after regulating bitcoins; another challenge is multi-party computation (MPC). Dr. Feshchenko stressed the importance of understanding and regulating such phenomena and highlighted the role UNODC plays in this regard by offering a variety of trainings for experts and non-experts, providing an overview of crypto, profiling and tracing skills, seizure and regulation.
Dr. Oleksiy Feshchenko DI Dr. Herbert Leitold
DI Herbert Leitold, Director-General of Secure Information Technology Center Austria A-SIT, started his presentation with a synopsis of the Austrian Secure Information Technology (A-SIT) and shed light on ransomware, a phenomenon which increased by 435% in 2020 according to the WEF Global Risk Report 2022, after which he presented a study of the Federation of Austrian Industries, including interviews with victims, lessons learned and advice based on the actual experience. The study revealed that many organisations in the industrial sector were well-equipped and prepared with state-of-the-art technology in terms of information security. The study also showed the importance of risk mitigation through organisational and preventive technical measures (e.g., default multifactor authentication, user awareness, resilient infrastructure, etc.) in avoiding or combatting a security threat.
DI Dr. Martin Stierle, Deputy Head of the Center for Digital Safety and Security at the Austrian Institute of Technology, highlighted the importance of developing new products, technologies and solutions especially those that use artificial intelligence (AI) to address existing and emerging challenges and threats. He provided an overview of the main cybersecurity focus areas of the Austrian Institute of Technology, which include anomaly detection and threat intelligence, safety and security co-engineering (e.g., for automotives, Threatget), secure auctions of production capacities, new risk management approaches, next generation cryptography and penetration testing.
Moreover, Stierle brought to light AIT’s cyber range, i.e., cyber security trainings and exercises implemented in cooperation with the International Atomic Energy Agency (IAEA), the United Nations Office on Counter-terrorism (UNOCT) and the International Telecommunication Union Arab Regional Cyber Security Center (ITU-ARCC) in Muscat, Oman, rendering AIT an international competence centre for IT/OT cybersecurity training.
DI Dr. Martin Stierle Mr. Josef Pichlmayr
Mr. Josef Pichlmayr, President of Cyber Security Austria, stated that due to the constantly emerging cross-cutting security issues in IT risks that threaten our societies and its critical/strategic infrastructure, devising appropriate solutions and raising awareness and attractiveness of cybersecurity and digital literacy through education, discovery and promotion of young talents have become inevitable. Pichlmayr demonstrated the importance of challenges such as the Austrian Cybersecurity Challenge “Hackerchallenge”, as cyber security excellence is primarily driven by the youth’s motivation and qualifications. In light of the growing demand on IT security experts at a much faster pace than the available resources, consequences such as weakened security, reduced resilience, heightened risks and costs, delays and interruptions in infrastructure projects as well as loss of competitiveness are looming on the horizon.
In light of this, Mr. Pichlmayr urged for a sustainable cooperation among the public, the private and the academic & research sectors, with the aim of increasing the quality and quantity of graduates and experts in the field of IT and cyber security. Pichlmayr added that while digitalisation of our societies offers a plethora of opportunities, this comes hand in hand with a multitude of risks; not only does seizing these opportunities while simultaneously mastering the risks require highly motivated and qualified talents, but also it is a process that takes many years to attain.
Mr. Peter Lieber H.E. Mr. Abdulbaset Albaour
Mr. Peter Lieber, President of the Austrian Association for Small and Medium-sized Enterprises (ÖGV), Entrepreneur and CEO of LieberLieber Software, provided an overview of the presence of Lieber Group across the globe (LieberLieber, Sparx System HQ, and Sprarx System Sister and Service Companies) and presented the STRIDE threat model, a framework of security risks used by the Austrian Institute of Technology (AIT) based on the thread model technique founded by a Microsoft engineer. Lieber then elaborated on automotive cybercrime which has been on the rise and on its serious repercussions given that by 2025, connected vehicles will comprise nearly 86% of the global automotive market.
Lieber further explained how threat modeling works and illustrated innovation through threat modeling with ThreatGet, a tool based on Sparx Systems Enterprise Architect that assists in the design of many projects to search for potential threats in various domains, including automotive, critical infrastructure, industrial internet of things (IIoT) environments and railways.
Towards the end of session I, H.E. Mr. Abdulbaset Albaour, Chairman of the Libyan General Authority of Information and Communications, presented a proposal on preparing an international agreement on the use of information technology in cybercrime.
Session II focused on “Next Generation e-ID (Electronic Identity) and Trust Services” and was moderated by Mr. Albert Kronberger, CEO of a-consult and IT Advisor to various Austrian ministries.
Prof. Em. DI Dr. Reinhard Posch, Chief Information Officer of the Austrian Federal Government and the Austrian Federal Ministry for Digital and Economic Affairs, elaborated on how ID-Austria caters to users’ needs by promoting a “Mobile First” strategy that was introduced during Austria’s last EU presidency, which was a result of the practicality experienced when offering both free card-based and mobile-phone-based eID services. Prof. Posch spoke briefly about how to bring big players on board, especially in light of the increasing demands of digital sovereignty. Posch then highlighted some of the next steps, namely the new standards for attributes as per the EU’s electronic IDentification, Authentication and trust Services (eIDAS) regulation (wallet, public – private interoperability, secure online & offline use) and the introduction of legally accepted documents that would serve as a model for all sorts of documents and e-IDs on an EU level (e.g., electronic driving license). Posch added that Austria was the first EU Member State to notify mobile eID at level “high”.
Prof. Em. DI Dr. Reinhard Posch Mag. Peter Andre
Mag. Peter Andre, Senior Legal Expert and Project Leader of Electronic ID Management at the Austrian Federal Ministry of the Interior, elaborated on the Austrian digitalisation’s architecture, components and goals, also known as ID Austria, a unique, safe, modern and interoperable digital identity, for which security and usability constitute essential factors. It’s a free-of-charge service issued by the State, offered for all residents of Austria, and used by the administration as well as the private sector for authentication. This digital identity is the only one recognised across Europe under the eIDAS regulation (interoperability); it constitutes the basis for the digital ID platform, including the further development of the citizen card “Bürgerkarte” and the mobile phone signature “Handy-Signatur”. It guarantees a simple, self-determined, secure and transparent data provision, and it increases the efficiency of existing processes and enables new services. It also seeks to limit cybercrime by means of preventing identity misuse.
Andre explained why an electronic proof of identity should be verified by the state, a process that must be observed with high safety standards, comprising GDPR compliance, organisational, legal and technical security dimensions in the application. Andre also gave an overview of the “Digitales Amt” application, the basis of ID Austria implementing the “Mobile First” approach and offering information structured according to life situations and updated on a daily basis. He shed light on the EU legal framework and the Austrian legal framework with regards to eIDAS and the e-ID national regulation respectively.
Mr. Robin Heilig from the Office of the CIO of the City of Vienna on Strategic Digitisation of Public Administration presented an overview of “Mein Wien – Citizen’s Portal” which grants direct access to governmental systems and services (COVID-19 testing, parking tickets, vaccination appointments, HomeCare App, etc…), all made possible through one login via e-ID / ID-Austria or any certified identity provider, upon which the user’s identity is verified; noting that unless a login is attempted via e-ID / ID-Austria, personal data cannot be identified. The portal includes services that work across various authorities, municipalities and nations (e.g. Green Pass) and caters to people’s needs and specific life situations, which renders this portal not only for governmental services but also for societal services. As such, there is a need to meet the expectations and provide a first-class service across all areas of life, while ensuring data privacy and security.
Prof. Dr. George Dimitrov, member of the Board of Directors of Evrotrust Technologies, introduced Evrotrust, an innovative RegTech company and a certified European “Qualified Trust Service” provider which empowers and assists businesses and governments worldwide to transform digitally. Prof. Dimitrov elaborated on Evrotrust’s cross-border digital toolkit enabling a wide array of revolutionary services, such as instant and remote e-Signature of documents, eID, eDelivery and password-free access via 2FA. This digital toolkit is marked by full digitisation (paper-free), fast end-user registration, cross-border compliance and European Commission verification. This toolkit can be used across a variety of fields, including but not limited to the financial industry, telecommunications, pharma, insurance, procurement, human resources, and the legal sector.
Session III revolved around secure communication, digital sovereignty and transparency in the cloud, and was moderated by AACC Secretary-General Eng. Mouddar Khouja.
Left to right: Eng. Clemens Möslinger, LTC Daniel Wurm, DI Matthias Grabner, Mr. Walter von Weber, Mr. Peter Gulyás, Mr. Florian Veit & Eng. Mouddar Khouja
Eng. Clemens Möslinger, Head of Cybersecurity Department / Chief Information Security Officer at the Austrian Federal Chancellery (BKA), clarified the role of the department he heads, which is responsible for the cybersecurity of the Republic of Austria, the national regulation of the network and information systems (NIS), the cloud strategy of the government and the applicable regulations when dealing with external counterparts (non-Austrian or non-EU companies). Möslinger then gave an overview of data classification (confidential, restricted, internal, etc..), safety class (1-3) and where it is processed (private, governmental or internal cloud etc…). Moreover, Möslinger highlighted some of the key lessons for Austria, stressing the importance of data classification, the compliance with GDPR, and the need for a multi-cloud approach.
Eng. Clemens Möslinger LTC Daniel Wurm
LTC Daniel Wurm, Advisor at the Directorate General of Defence Policy at the Austrian Federal Ministry of Defense, noted that political sovereignty is linked with states’ technological capacities and it’s therefore crucial to consider all the links between geopolitics, technology and the use of reliable policies across governments. He elaborated on the digital sovereignty in the European Union in light of the European Commission’s declaration of the years 2020-2030 as Europe’s Digital Decade. For the EU to achieve the EU digital transformation by 2030, the Commission proposed a Digital Compass that cover a number of targets and revolves around the following 4 essential dimensions, which in a way serve to create the so-called “Brussels Effect”: secure and sustainable digital infrastructures and capacity, digital education and skills, digital transformation of businesses and digitalisation of public services (digital government).
Wurm also drew attention to the Digital Services Act, which aims to better protect consumers and their fundamental rights online, establish a powerful transparency and a clear accountability framework for online platforms and foster innovation, growth and competitiveness within the single market. Furthermore, he elaborated on digital transparency, the emergence of cyber conflicts and the importance of ensuring transparency in cyber space.
DI FH Mr. Matthias Grabner, Programme Manager at the National Cybersecurity Coordination Center of the Austrian Research Promotion Agency (FFG - Österreichische Forschungsförderungsgesellschaft), introduced the agency and its role in promoting Austria’s participation in larger European R&D programmes. He emphasised that agreeing on data availability, confidentiality and integrity is key to achieving a successful digitalisation. Mr. Grabner then presented the new initiative introduced by the European Union in line with the EU Cybersecurity Act, aimed at building a framework that strengthens the EU cybersecurity capacities, focusing on themes such as cryptography, resilience, and cybersecurity solutions among others. As such, the EU Decree 2021/887 established the European Cybersecurity Centre headquartered in Bucharest (ECCC) and the Network of National Coordination Centres (NCC) in every EU Member State, which are tasked with supporting innovation and industry policy in the field of cybersecurity, bringing together the cybersecurity technology community, including all actors from various sectors, i.e., industry, academia and research and the public sector, thus creating an interdisciplinary cybersecurity network. Grabner finally presented some European cybersecurity programmes, namely “DIGITAL EUROPE: Cybersecurity”, “HORIZON EUROPE: Cluster 3 – Increased Cybersecurity”, and the European Defence Fund (EDF), and he illustrated a comparison in the number of cybersecurity publications between Austria and other EU Member States.
Mr. Walter von Weber Mr. Florian Veit
Mr. Walter von Weber, Sales Director at Secunet International GmbH & Co. KG, introduced Secunet, a company providing digital and security services for governments, administrations and border control, digital transformation in healthcare and industrial cyber protection. He stressed the need to take the first step towards communication security, a process that lasts as long as the company, entity or enterprise continues to exist. Secunet can assist in analysing needs and in implementing technologies to make certain that the concerned party’s networks are and stay secure.
Following Mr. von Weber, Mr. Florian Veit from Secunet’s CTO Office elaborated on the different classifications of cloud environment, which range between internal / private, external / public, hybrid (mixed) and multi cloud, and highlighted the importance of a secured data storage on the cloud. He then presented the cloud operating system “SecuStack” and its different stages (secure transfer, storage, computation and connection), a secure cloud infrastructure solution based on OpenStack (the standard for open-source clouds), which enables easy scaling through automated deployment and allows for digital sovereignty through strong authentication, encrypted user data and secure client separation. Among the German-produced SecuStack’s features are its guaranteed full control over cloud infrastructure, strong authentication and encryption of user data, secure client separation, in addition to the fact that it is open-source-based and auditable and it grants key management in one’s own hands.
Mr. Peter Gulyás, CEO of Budapest-based Quadron Cybersecurity, presented the company, a privately-owned, independent international IT consulting house whose core business is cybersecurity, headquartered in Hungary with branch offices in Bahrain and the U.S.A. and a market focus on Europe, the Middle East, USA and Africa. Critical business data stored by companies, entities and institutions necessitate a cybersecurity plan; as such, Quadron specialises in building cybersecurity protection to prevent, detect and overcome any threats jeopardising the resilience and continuity of the concerned party. Quadron’s reliable team of experts includes consultants, engineers, project managers, analysts and ethical hackers. Gulyás then provided an overview of some of Quadron’s projects worldwide, such as the largest cybersecurity project in Kuwait, the first ever sector-level security strategy in the GCC in Bahrain, and the protection of the government’s media channels in Hungary from defacement and distributed denial-of-service (DDOS) attacks.
To conclude, AACC Secretary-General Eng. Mouddar Khouja thanked the AACC Team and all partners who worked hard to plan and implement this workshop, as well as all the distinguished speakers and audience who joined either in-person or virtually from all over the globe. SG Khouja particularly thanked AACC member companies who sponsored this event and actively took part in it, namely Secunet, Quadron, Lieber Group and Evrotrust. AACC member company P.O.S.C.A. GmbH was also represented at the workshop by Dr. DI Stefan Köstner, who presented the POSCA Romana red-grape-based non-alcoholic sparkling beverage.
Dr. DI Stefan Köstner