The University of Sciences and Arts in Lebanon (USAL) has been committed to contributing to scientific research for the betterment of our Lebanese community. In this context, a project has been launched in collaboration with researchers at USAL and other universities and institutions under the umbrella of the Lebanese Cybersecurity Empowering Research Team (CERT) NGO in order to spread and raise security awareness within the community against the threats that face the digital systems of the different Lebanese sectors.
The project’s main idea is to continuously evaluate the attack surface of the Lebanese perimeter in order to:
- Capture critical vulnerabilities in the Lebanese perimeter and report these with time
- Pave the way for government supported red teaming activities in Lebanon
In the first phase of the CERT project, a paper was recently published aiming at addressing some critical vulnerabilities, and showing their impact on the Lebanese sectors. To this end, the authors of the paper led an experimental study to assess the attack surface of Lebanon’s perimeter. In this study, 10 critical and severe vulnerabilities were selected as the base of the evaluation of more than 24,000 information systems in the perimeter of Lebanon. The evaluation resulted in 1645 vulnerable systems exposed to the selected vulnerabilities belonging to almost all Lebanese sectors including critical ones. The work conducted and the results obtained revealed the lack of applying two core best practices in information security which are:
- Patch management
- Incident handling.
Given these facts, we discern that the next step to enhancing cyber security level in Lebanon is to use this work as a foundation to involve international cyber security firms, Lebanese ISPs, system administrators, research teams, and delegated staff from the public sector in the evaluation and remediation of Lebanon’s attack surface, thereby, paving the way for government-supported red teaming activities in the future.