National Cybersecurity Authority

The National Cybersecurity Authority (NCA) is an independent government entity specializing in cybersecurity in the Kingdom of Saudi Arabia. It is the national reference in cybersecurity affairs, aiming to enhance the protection of the state's vital interests, national security, critical infrastructure, priority sectors, government services, and activities in line with Saudi Vision 2030, which prioritizes digital transformation and the development of digital infrastructure among its goals. The NCA was established by a Royal Decree on October 31, 2017.

The NCA has several responsibilities, including:

- Developing the national cybersecurity strategy, overseeing its implementation, and proposing updates.

- Establishing policies, governance mechanisms, frameworks, standards, controls, and guidelines related to cybersecurity and risk management frameworks, communicating to relevant entities, and ensuring their implementation and updates.

- Classifying and identifying critical infrastructure, entities, and sectors related to cybersecurity.

- Notifying relevant entities of cybersecurity-related threats.

- Developing measures for addressing cybersecurity incidents, ensuring compliance with them, and updating them.

- Building, supervising, and operating national cybersecurity operations centers and the like, including control, command, surveillance, monitoring, and information exchange and analysis centers, sectoral operations centers, and cybersecurity platforms.

- Conducting activities and operations related to cybersecurity either directly or through associated entities.

- Organizing and overseeing the mechanism for sharing information and data related to cybersecurity between different entities and sectors across the Kingdom.

- Supporting relevant entities for digital forensics and the investigation of cybersecurity crimes.

- Establishing national policies and standards for encryption, monitoring compliance with them, and updating them.

- Establishing the necessary standards or controls for clearance and licensing the import, export, and use of high-security-sensitive hardware and software as defined by the NCA, monitoring compliance with them, and updating them without compromising any approved standards or controls by other relevant entities.

- Building national capabilities in cybersecurity, participating in the development of relevant educational and training programs, preparing professional standards and frameworks, establishing and implementing relevant professional certification measurement and testing, and raising awareness of cybersecurity.

- Licensing individuals and non-governmental entities to engage in activities and operations related to cybersecurity as defined by the NCA.

- Communicating with similar entities outside the Kingdom and private entities to exchange experiences and establish mechanisms for cooperation and partnerships with them in accordance with applicable procedures.

- Exchanging technical and knowledge production, and exchanging data and information with similar entities outside the Kingdom.

- Representing the Kingdom in relevant organizations, institutions, committees, and bilateral, regional, and international groups, and monitoring the implementation of the Kingdom's international commitments related to cybersecurity.

- Promoting the growth of the cybersecurity sector in the Kingdom and encouraging innovation and investment in it.

- Conducting studies, research, development, manufacturing operations, technology transfer, and development in cybersecurity and related fields.

- Proposing mechanisms to enhance efficiency in cybersecurity spending.

- Developing performance measurement indicators for cybersecurity and preparing regular reports on the cybersecurity status across the Kingdom.

- Proposing the issuance and amendment of laws, regulations, and decisions related to cybersecurity.

The logo of the NCA represents its mandate, core mission, and scope of work. The gradient tech vectors symbolize cyberspace, which is the NCA's field of expertise, depicted in blue and green. The shield formed by these vectors represents the key mission of securing and protecting cyberspace. It is surrounded by a cavity representing the map of the Kingdom, within which the two swords and the palm tree are depicted.

Having a comprehensive and secure national digital infrastructure is an essential factor in enabling growth and prosperity. However, this expansion comes with an increased vulnerability to security breaches and cyber threats. This necessitates the enhancement of cybersecurity to protect networks, IT systems, operating technology systems, and components, including hardware and software, as well as safeguarding the services provided and the data they contain from any unauthorized access, disruption, alteration, access, use, or exploitation. It is also crucial to strengthen secure technical connections among government services and support the digital economy.

The NCA is responsible for developing policies, governance mechanisms, frameworks, standards, controls, and guidelines related to cybersecurity. These are then communicated to relevant entities, with compliance and updates being closely monitored based on need.

This does not absolve any public, private, or other entities from their responsibility towards their own cybersecurity in a manner that does not conflict with the NCA's mandates as stipulated in its regulations. The aim is to achieve a secure and trusted Saudi cyberspace.

The NCA has issued several national controls, frameworks, and guidelines related to cybersecurity to enhance cybersecurity in the Kingdom, improve efficiency, and increase effectiveness. These include essential cybersecurity controls, critical systems' cybersecurity controls, remote work cybersecurity, data cybersecurity, computational computing, national encryption standards, and cybersecurity tools.

The NCA launched the national portal for cybersecurity services "Haseen" on May 25, 2022, with the aim of elevating cybersecurity levels across the Kingdom, improving the provision and management of cybersecurity services and solutions, and enhancing communication mechanisms for national beneficiaries.

The portal was designed to enable national entities to fulfill their cybersecurity responsibilities by enhancing the service delivery mechanism, automating processes, and improving their experience through a unified portal to access cutting-edge services and solutions in the cybersecurity sector. Its services target over five hundred national entities by August 2023.