Tackling Cybercrime: Time For The Regional Gulf Cooperation Council To Join Global Efforts

Uploaded on 2016-12-20 in NEWS-News Analysis, INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

International cooperation is essential to successfully combatting the threats posed by cybercrime. So, despite another major attack recently, why won’t the regional Gulf Cooperation Council (GCC) join the global fight?

The recent malware attack on Saudi Arabia’s transport sector and other government agencies shows yet again that, despite high investment in sophisticated cybersecurity measures, cybercrime remains a major threat for the GCC governments and businesses alike. And with high mobile penetration rates, a large and growing number of internet-linked devices, and the governments’ supposed prioritization of “the digital economy”, this is a threat which is only more likely to escalate.

Coincidentally, just a few days after the Saudi attack was revealed, an international coordinated operation managed to successfully dismantle a global cyber-criminal network known as “Avalanche”. This was the result of four years of investigation and cooperation between police in 30 countries and agencies such as FBI, Europol, Eurojust.

Despite the obvious benefits of using international cooperation in cybercrime, the Gulf countries remain outside these international efforts, thereby exposing their governments, corporations and citizens to increased vulnerability.

More aggressive, complex, organized and unpredictable

But two major reasons should be enough motivation for the GCC countries to revisit how they are approaching this globally daunting challenge. Firstly, on a strategic level, international cooperation helps identify the best responses to emerging challenges in cybercrime. Today’s cybercrime is more aggressive, more complex, more organized and – importantly - more unpredictable than before.

In trying to combat it and mitigate its impact, governments are finding themselves in uncharted waters coping with situations they are not able to predict or contain. And the life span of counter-cybercrime responses tend to be short-lived as new ways and techniques for perpetrating cybercrimes are developing on a continuous basis. So what might work today might not work in a month or even in weeks.

The technological knowledge of cyber criminals often exceeds that of the law enforcement agencies tasked to fight them, which intensifies the challenge of combatting cybercrime and makes the initiated efforts rudimentary. Therefore, the only way forward to fight cybercrime is one that is based on imagination, creativity and above all, cooperation.

Countries need to be sharing information, intelligence, experiences and lessons learned in order to find the best ways to curb cybercrime and tackle its emerging challenges, just as cybercriminals do the same within their own networks. The regulatory, legal and technological tools should be developed collectively and updated on a continuous basis. This is what international cooperation aims to achieve.

Secondly, on an operational level, international cooperation helps overcome challenges to cross-border criminal investigations and prosecutions. Cybercriminals have an upper hand over law enforcement agencies due to their modus operandi. They tend to operate in organized groups, based in one or more jurisdictions while their actions affect computers and victims in other jurisdictions, and therefore other countries.

Given that law enforcement agencies, such as the police and the prosecution offices, are confined to their own national jurisdiction, their efforts in prosecution and in the timely collection of electronic evidence are made more complicated. And because of national sovereignty, any cross-border investigations have to be subject to proper legal channels to request assistance.

This process can be lengthy and complicated, limiting the success of the entire investigation and, more often than not, letting cybercriminals off the hook. However, international cooperation platforms, such as the 24/7 points of contact (opens in new window), do help mitigate this challenging environment, and international cooperation also provides law enforcement agencies with powers enabling them to effectively “join hands” in transnational criminal investigations - removing national barriers while still respecting the safeguards of the rule of law.

The simple reality is that, as things stand, current international cooperation is a conversation involving just one-third of the world. The Convention on Cybercrime (also known as the Budapest Convention) is considered the most relevant international instrument on fighting cybercrime – but currently it only has 50 states as parties to it and another dozen as either signatories or countries in the process of accession. And none of the GCC countries are signatories.

This situation is having a negative impact on the global fight against cybercrime and is widening the global divide in terms of capacity and response. Being vigilant is not enough. In 2012, the Shamoon malware attack on oil giants Saudi Aramco became known as the world’s biggest hack in history. And yet, fast forward to November 2016, and it is known that the attack on Saudi’s transport sector and other government agencies used the same malware.

The investigation into the attack is still ongoing, the motivation behind it and the ultimate damage caused is yet to be announced. But clearly little has been learned in those four years. By maintaining a solo approach, the GCC is unnecessarily jeopardizing its security and economic prosperity by exposing its governments, corporations and citizens to increased vulnerability.

Counter-cybercrime efforts can no longer be developed in isolation, and international cooperation is essential to successfully combatting the threats. If the GCC countries want to ensure safe internet infrastructure and boost their economic prosperity, they must couple cybersecurity investments with international cooperation efforts and establish themselves as major players in the fight against cybercrime.

Chatham House:   

Joyce Hakmeh is a recognised expert on cybercrime and an Academy Fellow at the Royal Institute of International Affairs, London 

 

 

« Amazon Makes First Successful UK Drone Delivery
Making Sense Of Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

ISF Annual World Congress

ISF Annual World Congress

ISF Annual World Congress, our flagship global event, offers attendees an opportunity to discuss and find solutions to current security challenges.

Second Nature Security (2NS)

Second Nature Security (2NS)

2NS provide vulnerability assessment, penetration testing, security audit, application and network security and secure software development processes.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.