On May 12-13, the Lebanese University hosted a two-day conference titled “Cybersecurity and Cyberdefense: Stakes and Perspective,” organized by the Agence Universitaire de la Francophonie. The conference offered a chance to gain perspective on how academics, government and authorities, and others view cybersecurity in Lebanon and how they might collaborate to address the issues it raises. These are questions governments are asking worldwide.
Among the most relevant sessions for our work on digital rights at SMEX was the presentation by Rafiq Younes, the university’s Dean of the Faculty of Engineers. Below is his presentation and a summary of his main points.
Cybersecurity is a problem the whole society is facing. It does not matter whether you are an individual, a business or a country—everybody has to deal with the threats and the problems which arise from hacktivism, cyber-espionage, sabotage, malicious actors, etc.
What has to be done
Current attempts of cybersecurity in Lebanon—as for many other countries in the world—are immature. The attackers are being more innovative than defenders, who feel trapped in a situation of fear and insecurity. This has to change for the future to provide a safe fundament for the society to develop. There are a number of changes needed: First, new strategies of cybersecurity have to seek to protect society on the whole, meaning to connect individual, business and country cybersecurity activities to provide a far reaching and secure web infrastructure. Second, fighting cybercrime, especially preemptive strategies to attack the criminals before they even launch their crimes have to be legalized.
The current situation of cybersecurity in Lebanon
Right now in Lebanon several actors are engaging in fighting cybercrime: government, police (cybercrime unit), military police, TRA, ISPs, businesses, etc. Still, Lebanon does not yet have an elaborate plan for its cybersecurity. Only a minimal collaboration between the private and the public sector is currently underway and no governmental entity is dealing explicitly with issues regarding cybersecurity. Another weakness is that even draft legislations regarding cybersecurity are not yet done.
An action plan for Lebanon
A good way to improve the situation would be to define a national strategy on cybersecurity. Also cooperation amongst the various actors should be enhanced—above all between the business and the public sector. Other important tasks would be improving the security level for the infrastructures and services provided by the government, building capacities on a national level to respond to demands and problems, sensitize the public, build international cooperations, and involve the universities to develop a major role in cybersecurity science.
The role of the universities
The universities take on a special responsibility as they educate the next generation of IT experts. Therefore cybersecurity should get a greater attention in the curricula and new study programs specialized on cybercrime and cyber defense should be established—both with a strong focus on implementation and technology.
Some recommendations we agree with more than others, but we applaud Dr. Younes and the Lebanese University for initiating a public discussion around cybersecurity in Lebanon. That said, for future such events, we’d like to encourage organizers to include views from digital rights advocates and civil society organizations who look at cybersecurity through the lens of human rights.
To date, the Lebanese government’s approach to dealing with cybersecurity has been rather opaque. The Bureau of Cyber Crimes and Intellectual Property, for instance, doesn’t have a website (that we can find), nor does it have the legal authority to operate as it does, according to the Legal Agenda.
Measures that can help ensure cybersecurity can also threaten protected rights, such as the right to free expression, the right to privacy, the right to assembly, and freedom from mass surveillance. As recent challenges to cybercrime laws in Iraq, the Philippines, Egypt, and Pakistan have shown, any proposed cybersecurity legislation in Lebanon needs to respect these rights and prior guarantees.
We thank the author for providing us with his presentation and giving us permission to publish it on our platform.