Thursday, January 04, 2007

Qatar's Internet security

The Gulf Times announced today that OISSG is holding free security training seminars in Doha over the next couple of weeks. OISSG is a not-for-profit organization dedicated to information security. Sounds tempting, until you realise it's a sales opportunity. Expect to be frightened by cyber-criminals; baffled by the complexity of the problem; and have doubts raised about your ability to protect your systems. "Don't worry, for a small fee, you can have peace of mind by buying our stuff."

If only there was a local IT security organisation looking out for the best interests of Qatar. Well, there might be soon. Q-CERT is being set up and is recuiting. From the job specs and application procedures, you could be forgiven for thinking the jobs are limited to US academics. However, Q-CERT is undeniably a good thing - I just wonder whether its main focus will be to protect the new universities and financial centre, or whether it will also try to fix some existing problems.

The recent wikipedia silliness has exposed a security vulnerability that is politically charged. Resident web-surfers know their requests are funneled through an automated filter, which occasionally protects them from their own seedy surfing habits (or just blocks sites at random). It is also well known that there is no censorship in Qatar. Bafflingly contradictory? Nope. The local ISP does the filtering, and it is operationally independent from the government.

The filter is now a well-publicised single point of failure, which any technologist will tell you is a tempting target for an american teenager. Knock out the filter, and you knock out web access for an entire country. Will Q-CERT recommend removing the filter? If so, it might be tough to find the decision-maker responsible for censorship when the role was abolished in 1996.