Exclusive Interview with Dr. Salah Rustum from CIEL Lebanon (Commercial Industrial Enterprises of Lebanon)

Interview with Dr. Salah A. Rustum, President of CIEL Lebanon

Tell us about CIEL.

CIEL stands for Commercial Industrial Enterprises of Lebanon. From a commercial point of view we wanted to have a logo such as CIEL instead of being CIE Lebanon. That is how we decided on the name CIEL. We want to market CIEL. The sky is the limit we’re going all the way up. CIEL was founded in 1974 and ever since it was established we have dealt with cyber security in as much as the word meant at that time. Of course it wasn’t really as urgent and pressing as it is now but still there was a need for it. Later on in 1996 I introduced the barcoding symbology in both Lebanon and the Middle East and Syria through CIEL of course. When I learnt about the electronic digital signature I spoke with the guys in Belgium and we started working with the electronic digital signature and introducing it in both Lebanon and the surrounding region. Now we are a Registration Authority in the hierarchy of the Certification Authority for the electronic digital signature which secures anything that goes on the internet. You have the Certification Authority, CA and then you have a registration authority, RA. RA can appoint a local Registration Authority. We are a Registration Authority for Lebanon, the Middle East area and the continent of Africa. Of course we can deal in other places but every case has to be discussed with Globalsign independently and on its own merits. Nowadays Cyber-security issues are a prime topic. It is crucial and very important that not only the private sector should deal with cyber-security but governments as well. Whether it’s a home government or governments abroad they should deal with these cyber security issues and the protection of data. The protection of data is basically done through the X509 protocol. I’m not going into technical details but this is basically how you could sum it up. There are four basic aspects to the X509 4. Firstly it authenticates the sender. This means that I know that the email I received was definitely from you because it was signed with your digital ID. So I’m 100% positive it’s from you. Secondly I can be 100% sure that the content of the message hasn’t been hacked and it has come to me exactly as you have sent it. This means that the integrity of the email is 100% safe and secure. If a hacker has altered it or changed any of its content and sent it on to you then you would receive a big red line across the screen that will tell you to not trust this mail. Thirdly you will have non-repudiation. This means that the sender of the email cannot deny sending the email. You cannot deny it in a court of law. The recipient cannot deny receiving the email either. Fourth, if the content of this email or document is confidential you can encrypt it. This encryption would take quite a long time to decipher. This is the core of our business. Of course we also secure websites. We secure servers. We secure databases and at the same time we authenticate the device. We authenticate the domain name and we authenticate the machine if it’s a server or not. That is basically what we do. CIEL is approximately 40 years old now. We have been around since 1974 and it’s doing pretty well. It has emerged from crisis that lasted from 1966 to 1990 and we’re still going strong. We’re doing pretty well. We are teaching the region about the importance of the digital certificate and how everybody should use it. Now and for years to come the rate of hacking is going to grow high so if people are not careful and they don’t secure themselves you will hear of lot of crashes of companies and individuals and that would be detrimental to the general economic situation or condition of any specific city or government or country regardless of its location, whether it’s the U.S. or U.K., London or Beirut, Lebanon or Tokyo, Japan. This is what we do and of course we’re described as a trust company. We don’t ignore irregularities. We’re very straightforward in our dealings with people and at the same time we’re very straightforward with our dealings with each other in the company members and we are very straightforward with our dealings with the head office. I would say that it is very important that people should realise the importance of securing their email and internet. A good example of this is the smart television. If a hacker gets your smart TV frequency he could switch on it and he could see you in your own home. Security is very important. If the security of your house is internet based a hacker could lock on to your frequency and gain access to your home. Security is at the core of many businesses now. It will be upgraded over time.

We are teaching the region about the importance of the digital certificate and how everybody should use it.

Which companies do you partner with?

The company that we deal with basically is Globalsign which is the Certification Authority. CIEL is the Registration Authority and has signed with Globalsign. I did not sign as an individual but as a company because a company is more than one person. It could flourish and have many partners, shareholders and many employees as well because doing business is not only about making money. It’s about creating jobs so that many people can benefit. This is the concept of business. If companies don’t believe in this theory the will ultimately fail. The main assets of a company are its employees and its shareholders. If they don’t believe in the company it would be better to quit and leave. So there are assets such as the tables and the chairs and the air conditioners and the servers. But the main assets and the valuable part of the business are the human factor of the company. That is what we stand for and that’s what we count on.

Are you the only company in Lebanon involved in the cyber-security in this particular area?

We are the only company that has registered offices in Lebanon and the Middle East area as well as Africa. All the way down to South Africa. We’re the only certified office in this region. Of course we can do business online but if a Lebanese company, Cairo Company or a company from Abu Dhabi call, they need support. It’s very important for us and for them that they call us. We can speak with them in Arabic, English, French and even Italian if needs be. We try to provide the best service that we can. The best maintenance and the best support that we can render. That’s how a business flourishes. It is not just striking a deal and then tomorrow I don’t have time for you. No. We pamper our customers to the extent that we’re ready to fly to wherever the client is and help them with as much as we know and are capable of.

From which of the countries do you get most of the requests nowadays. Where do you see the need for cyber-security?

Mostly from Lebanon although Lebanon has slowed down in the last while. The general economic issues have subsided a little bit but Beirut has maintained its status as the digital city in the area here. Of course we’re getting lot of business from the Emirates, Qatar, Bahrain and Egypt. Much to my regret there isn’t much business from Tunisia and Morocco. Not because we don’t speak French. We speak French but we haven’t really managed to access that market yet in as much as we would like to. To go into the digital business you have to educate people to know the importance of what they are buying because if you have a digital certificate installed on your browser it is not something tangible. You don’t see it. You can see a camera. You can view footage if somebody breaks in and you can see the thief. A digital certificate works quietly and doesn’t bother you when it repels the hacker. Without you noticing it. Many people ask us why they would need it. It’s exactly as if you have a car and you don’t have insurance. If your car was stolen you would never see the money you invested into it again. This is the same business. And when you lose in the digital sense you lose 100’s and 1,000’s of dollars. You’re not being hacked for $5 or $10 or $20. You could be hacked for everything you or your business has.

How are you trying to spread the word? Do you attend conferences? What are you doing to educate other companies?

We do free seminars. We do free educational lessons here in our conference room for 6 to 8 people at a time. We participate in different IT conferences and workshops. Sometimes we sponsor a workshop or conference because generally you cannot speak at one of them without sponsoring. You need to raise awareness and you just can’t raise awareness by sending out an email. Most people when they receive that type of email believe it to be spam mail. They don’t realize that it contains important data. If the user is ignorant then he cannot differentiate between real spam and an email that he has received telling him please read it because it’s important. It’s very difficult.

What is your strategy to reach out to these markets where you’re not much established?

We have to fly there and we have to get in contact with the various chambers of commerce and we have to tackle banks. The banking sector yes. Commercial sector and we have to speak with the public sector as well to see how to protect the feeding in of information, for example, to the ministry of finance. If you are required to send your financial statement by email but you don’t encrypt it a hacker can change figures on it and cause you some significant trouble with your government. So we have to go and educate, really educate or bring to their attention the importance of encrypting their data.

So you’re on a mission.

We’re on a mission at the same time, yes of course. It’s not philanthropic. But in our type of business you have to be philanthropic and at the same time you have to do business otherwise you cannot continue.

Do you have interests in West Africa like Nigeria and Kenya?

Yes we have done business in Nigeria, the Congo, the Ivory Coast, the Morris republic, Egypt and Gabon. Not in Ghana so far. It is difficult in Africa because when you deal with our type of work it is exactly like having a public notary online. I witness that you are you, who you claim to be and I give you a digital certificate for that. So to do that I need to know you. I need to authenticate you and then give you the digital signature so that you can use it to certify that. You say this is me. This is my ID online. And yes of course everything has its pros and cons. I think the world is changing and changing exponentially and cyber-security is expected to be a 14.4 trillion dollar business by the year 2020. So you can imagine the leap towards security. People are going into security. Nobody used to care who read their email. They assumed if their office door was shut and they sent the mail and nobody could see it. That was the impression that people had. Nowadays it’s changing because the minute you say send it’s gone on the internet where potentially anybody could see it. Take Wiki Leaks as an example. How did that happen? The servers where the data was stored weren’t configured to the proper security measures. Why? Human error. The IT technician who was responsible for that particular server didn’t think it was important when he received a notice to upgrade or to shut a port. He didn’t do it. He thought it could wait till tomorrow. When you receive a note in our business it’s exactly like when a heart surgeon in a hospital is operating on a patient. It has to be done immediately. It cannot wait till tomorrow. Because it could cost the company or the government or the individual 100’s of 1,000’s of dollars in loss of revenue.

There have been many attacks like that such as in Estonia…

The virus isn’t really the problem. It isn’t really the issue. The issue is that people believe there is no need for security. When someone like Microsoft for example comes and says, hey you can put up your own digital security it’s a double standard because if you put on your own self-signed thing from Microsoft it is not recognised when you send an email over the internet. It’s not safe. Within your premises you’re safe. You’re safe from your IT guy. From your employee. But you’re not safe whenever you send it over the internet. And that’s what’s happening there. The hacker could send you a Trojan and all it takes is just to open the email. It goes into your browser and it stays there and it gathers all your information and sends it to the hacker. And you don’t know it’s there. Sometimes when we talk to IT specialists and we emphasize the importance of cyber security and what should or shouldn’t be done they feel that they know better.  A lot of the time they don’t have the latest information. They’re not in the business. We’re in the business. We know what the latest update is. In academia you can teach something that happened two years ago or three years ago maybe but in this business you have to follow the latest notification you receive. And you cannot fail. You fail, you pay. And we’re trying to save people the agony of being hacked.

Lastly, tell us about yourself and your career.

I have a PhD in aerodynamics. I know computer science and information technology. I worked in the States for many years of my life. I worked in big companies. I can’t mention them but they were big companies and I held very high positions. When it was time for me to retire I thought I should return to my home country and repay my home country. That’s why I returned but I couldn’t work in aerodynamics, in aviation. The people here didn’t think they needed the information I had so I said, ok, let’s do it with other technologies such as barcoding. Barcoding was first symbology and then later on a technology with the electronic digital signature. I held very good high positions. I was the chairman of the Future Planning Commission of Rome airport. I was on loan to the Kuwait government and built up the basis of the modern Kuwait airport. My first extra-territorial position was as assistant project manager in Abadan at the time of the Shah with the Iranian oil company. We built airports throughout the oilfields. I was the facilitation officer of the airlines operating in Italy for a period of 6 years. I worked with Boeing and I was the chairman for the Introductory Commission of the Jumbo jet B747 to the world. I was the Rapporteur for the United Nations ESCWA countries regarding IT matters. I was also secretary general of the chamber of commerce here in Lebanon in updating its IT system and I worked with His Excellency the minister of economy and trade, Dr. Nasser Al Saidi. The Lebanese digital law which is still hibernating in one of the drawers in parliament. It’s been there since just about the turn of the century. Something like 15 years. And it’s still there. When parliament is going to introduce it I don’t know. The latest was that all it needed was to be put on the agenda of the general assembly to be voted upon but I lost hope in following up on it. I founded and established the IT and internet association in Lebanon. I’m its founder and president and I am a board member of the Belgium business council in Lebanon because Globalsign is basically a Belgium company. And based on that I applied for membership and I am a member of the Belgium business council. I really represent a large portion of what Belgium can offer. There is the ipv6 and the ipv4 on the internet. Most of the world is working with ipv4. Internet protocol version 6 or Ipv6 as the latest and that is coming very soon. Belgium is the first country in the world to have shifted completely to ipv6 from ipv4. Lebanon hasn’t started thinking of it yet in spite of the fact that I’ve made official visits to the ministers concerned and urged them to do something about it or to at least highlight it to both the private and public sector. If by 2018 or 2019 Lebanon hasn’t migrated to ipv6 it would be cut off from the world. It will be isolated. The rest of the world will be on ipv6 and we would still on ipv4 and there is no compatibility between the two. You’re either ipv4 or you’re ipv6. During the migration from ipv4 to ipv6 you could have some part of your system working on ipv4 and some part on ipv6 and you could gradually convert to ipv6 but that takes time. That is why I was so keen on telling the people here that they need to start working on the convergence now. Not tomorrow. It’s not something where you press a button and you just switch over. You have to work for it and you have to be mentally prepared and you have to be physically prepared for the migration. So this is what I’m also doing. I also teach. I have taught at some universities about cyber-security. I have taught at the judge’s institute and explained to the judges what an electronic digital signature is which really gave the judges a clear idea on how to rule in such cases. That was a few years ago and I worked there for two hours a week for eight months. There is one part of my CV that I can’t disclose. Nothing shameful but it’s confidential. I have taken an oath that I wouldn’t disclose any information about security in Aviation.

What do you see for the future?

I see a very bright future for Lebanon. We are not Dubai but if the Lebanese had to withdraw from Dubai, Dubai would go backwards very quickly. Lebanon has the brains there and the stamina to do the work. They have the money. I think with the oil here now and with the gas on land and in the sea that we will emerge stronger than ever. Exactly like CIEL did when we suffered as a company during the war here. It was difficult for a period of 15 years. It was very difficult to keep up and to work and to train and to move from one place to another. It was very difficult but thank God we are mighty fine. We’re very grateful to the lady of Lebanon.

FAIR USE POLICY
This material (including media content) may not be published, broadcasted, rewritten, or redistributed. However, linking directly to the page (including the source, i.e. Marcopolis.net) is permitted and encouraged.