The recent malware attack on Saudi Arabia’s transport sector and other government agencies shows yet again that, despite high investment in sophisticated cybersecurity measures, cybercrime remains a major threat for the GCC governments and businesses alike. And with high mobile penetration rates, a large and growing number of internet-linked devices, and the governments’ supposed prioritization of “the digital economy”, this is a threat which is only more likely to escalate.
Coincidentally, just a few days after the Saudi attack was revealed, an international coordinated operation managed to successfully dismantle a global cyber-criminal network known as “Avalanche”. This was the result of four years of investigation and cooperation between police in 30 countries and agencies such as FBI, Europol, Eurojust.
Despite the obvious benefits of using international cooperation in cybercrime, the Gulf countries remain outside these international efforts, thereby exposing their governments, corporations and citizens to increased vulnerability.
More aggressive, complex, organized and unpredictable
But two major reasons should be enough motivation for the GCC countries to revisit how they are approaching this globally daunting challenge. Firstly, on a strategic level, international cooperation helps identify the best responses to emerging challenges in cybercrime. Today’s cybercrime is more aggressive, more complex, more organized and – importantly - more unpredictable than before.
In trying to combat it and mitigate its impact, governments are finding themselves in uncharted waters coping with situations they are not able to predict or contain. And the life span of counter-cybercrime responses tend to be short-lived as new ways and techniques for perpetrating cybercrimes are developing on a continuous basis. So what might work today might not work in a month or even in weeks.
The technological knowledge of cyber criminals often exceeds that of the law enforcement agencies tasked to fight them, which intensifies the challenge of combatting cybercrime and makes the initiated efforts rudimentary. Therefore, the only way forward to fight cybercrime is one that is based on imagination, creativity and above all, cooperation.
Countries need to be sharing information, intelligence, experiences and lessons learned in order to find the best ways to curb cybercrime and tackle its emerging challenges, just as cybercriminals do the same within their own networks. The regulatory, legal and technological tools should be developed collectively and updated on a continuous basis. This is what international cooperation aims to achieve.
Secondly, on an operational level, international cooperation helps overcome challenges to cross-border criminal investigations and prosecutions. Cybercriminals have an upper hand over law enforcement agencies due to their modus operandi. They tend to operate in organized groups, based in one or more jurisdictions while their actions affect computers and victims in other jurisdictions, and therefore other countries.
Given that law enforcement agencies, such as the police and the prosecution offices, are confined to their own national jurisdiction, their efforts in prosecution and in the timely collection of electronic evidence are made more complicated. And because of national sovereignty, any cross-border investigations have to be subject to proper legal channels to request assistance.
This process can be lengthy and complicated, limiting the success of the entire investigation and, more often than not, letting cybercriminals off the hook. However, international cooperation platforms, such as the 24/7 points of contact, do help mitigate this challenging environment, and international cooperation also provides law enforcement agencies with powers enabling them to effectively “join hands” in transnational criminal investigations - removing national barriers while still respecting the safeguards of the rule of law.
The simple reality is that, as things stand, current international cooperation is a conversation involving just one-third of the world. The Convention on Cybercrime (also known as the Budapest Convention) is considered the most relevant international instrument on fighting cybercrime – but currently it only has 50 states as parties to it and another dozen as either signatories or countries in the process of accession. And none of the GCC countries are signatories.
This situation is having a negative impact on the global fight against cybercrime and is widening the global divide in terms of capacity and response. Being vigilant is not enough. In 2012, the Shamoon malware attack on oil giants Saudi Aramco became known as the world’s biggest hack in history. And yet, fast forward to November 2016, and it is known that the attack on Saudi’s transport sector and other government agencies used the same malware.
The investigation into the attack is still ongoing, the motivation behind it and the ultimate damage caused is yet to be announced. But clearly little has been learned in those four years. By maintaining a solo approach, the GCC is unnecessarily jeopardizing its security and economic prosperity by exposing its governments, corporations and citizens to increased vulnerability.
Counter-cybercrime efforts can no longer be developed in isolation, and international cooperation is essential to successfully combatting the threats. If the GCC countries want to ensure safe internet infrastructure and boost their economic prosperity, they must couple cybersecurity investments with international cooperation efforts and establish themselves as major players in the fight against cybercrime.