Saudi Arabia News

Cybersecurity regulations for national events in Saudi Arabia

Naqa News5 days ago
0 8 2 minutes
Cybersecurity regulations for national events in Saudi Arabia

In a strategic move reflecting the Kingdom of Saudi Arabia’s commitment to protecting its digital space, the National Cybersecurity Authority (NCA) has launched a comprehensive set of cybersecurity controls designed to safeguard national events and occasions. This pioneering initiative aims to secure the critical infrastructure of government-sponsored events and fortify it against any potential cyber threats that could hinder their success. These strategic steps align with the aspirations of Saudi Vision 2030, which is rapidly working to enhance the Kingdom’s position as a leading and secure global destination for hosting major international events and conferences.

Strategic context and the importance of launching cybersecurity controls

Over the past few years, Saudi Arabia has undergone an unprecedented transformation in hosting major international events, from large-scale entertainment seasons like Riyadh Season to global technology conferences such as LEAP, international sporting events, and its preparations for Expo 2030. This historic shift has made the digital space of these events a potential target for sophisticated cyberattacks. Hence, the critical importance of these controls in creating a secure digital environment. Domestically, these measures ensure the protection of citizens' and visitors' data and national infrastructure. Regionally and internationally, they send a strong message affirming the Kingdom's readiness and excellence in managing cyber risks, thus reinforcing the confidence of investors and global organizers in choosing Saudi Arabia as a safe and preferred destination.

Mandatory application and comprehensive protection structure

The National Cybersecurity Authority (NCA) has confirmed that these controls are mandatory for all events held under the patronage of His Majesty the King, His Royal Highness the Crown Prince, or any other government-sponsored event at the national level. In its regulatory document, the NCA explained that this shift necessitates maintaining and enhancing the Kingdom's cybersecurity to protect the vital interests of the state and its national security. The document revealed that the new control structure comprises four main components, from which seventeen sub-components branch out, forming a total of thirty-five fundamental controls. These comprehensive components cover cybersecurity governance, strengthening defense mechanisms, ensuring resilience, and meticulously managing relationships with external parties and cloud computing services.

Proactive simulation tests 60 days in advance

In a proactive and stringent move to ensure the highest levels of preparedness, the Authority mandated that organizers conduct penetration testing and simulations of the event's systems at least 60 days prior to its commencement to identify any vulnerabilities. The regulations emphasized the necessity of immediately addressing all discovered security flaws and implementing all protection recommendations before the event begins, with the requirement to report the final results to the Authority. To guarantee continuous monitoring, the regulations stipulated that the event's systems must be linked to a managed and Level 1 cybersecurity operations center licensed by the Authority.

Data sovereignty and securing digital and physical assets

To ensure national data sovereignty, the Authority stipulated that event systems hosting and digital data storage facilities must be located within the geographical boundaries of the Kingdom of Saudi Arabia, in accordance with relevant legislation. The directives also addressed the physical aspect of security, emphasizing the importance of activating closed-circuit television (CCTV) cameras to protect sensitive equipment and retaining recordings for a minimum of six consecutive months. Regarding contracts and support services, the Authority stressed the necessity for all external parties to strictly adhere to these controls and sign stringent non-disclosure agreements guaranteeing the secure deletion of data immediately upon service completion. The Authority also highlighted the importance of protecting digital platforms and social media accounts associated with the event to prevent brand impersonation or hacking. Finally, it added that robust cybersecurity requires conducting rigorous simulation exercises to test business continuity plans, ensuring the minimization of negative impacts and the seamless delivery of critical technical services to the public in the event of any emergencies.

Naqa News5 days ago
0 8 2 minutes
Camel News Image

Naqa News

Naqa News is an editor who provides reliable news content and works to follow the most important local and international events and present them to the reader in a simple and clear style.

Related articles

Updating the regulations for releasing goods before storage payment at Dammam Port

Updating the regulations for releasing goods before storage payment at Dammam Port

13 minutes ago

A person was caught polluting the environment by dumping concrete materials in Medina

57 minutes ago
Five honey production stations are ready at a cost of 38 million riyals to support farmers

Five honey production stations are ready at a cost of 38 million riyals to support farmers

1 hour ago
No cases of Hantavirus infection reported in Saudi Arabia: Monitoring details

No cases of Hantavirus infection reported in Saudi Arabia: Monitoring details

1 hour ago

Leave a comment

Your email address will not be published. Required fields are marked *

Go to top button