Tackling Cybercrime: Time For The Regional Gulf Cooperation Council To Join Global Efforts

Uploaded on 2016-12-20 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Law Enforcement, FREE TO VIEW

International cooperation is essential to successfully combatting the threats posed by cybercrime. So, despite another major attack recently, why won’t the regional Gulf Cooperation Council (GCC) join the global fight?

The recent malware attack on Saudi Arabia’s transport sector and other government agencies shows yet again that, despite high investment in sophisticated cybersecurity measures, cybercrime remains a major threat for the GCC governments and businesses alike. And with high mobile penetration rates, a large and growing number of internet-linked devices, and the governments’ supposed prioritization of “the digital economy”, this is a threat which is only more likely to escalate.

Coincidentally, just a few days after the Saudi attack was revealed, an international coordinated operation managed to successfully dismantle a global cyber-criminal network known as “Avalanche”. This was the result of four years of investigation and cooperation between police in 30 countries and agencies such as FBI, Europol, Eurojust.

Despite the obvious benefits of using international cooperation in cybercrime, the Gulf countries remain outside these international efforts, thereby exposing their governments, corporations and citizens to increased vulnerability.

More aggressive, complex, organized and unpredictable

But two major reasons should be enough motivation for the GCC countries to revisit how they are approaching this globally daunting challenge. Firstly, on a strategic level, international cooperation helps identify the best responses to emerging challenges in cybercrime. Today’s cybercrime is more aggressive, more complex, more organized and – importantly - more unpredictable than before.

In trying to combat it and mitigate its impact, governments are finding themselves in uncharted waters coping with situations they are not able to predict or contain. And the life span of counter-cybercrime responses tend to be short-lived as new ways and techniques for perpetrating cybercrimes are developing on a continuous basis. So what might work today might not work in a month or even in weeks.

The technological knowledge of cyber criminals often exceeds that of the law enforcement agencies tasked to fight them, which intensifies the challenge of combatting cybercrime and makes the initiated efforts rudimentary. Therefore, the only way forward to fight cybercrime is one that is based on imagination, creativity and above all, cooperation.

Countries need to be sharing information, intelligence, experiences and lessons learned in order to find the best ways to curb cybercrime and tackle its emerging challenges, just as cybercriminals do the same within their own networks. The regulatory, legal and technological tools should be developed collectively and updated on a continuous basis. This is what international cooperation aims to achieve.

Secondly, on an operational level, international cooperation helps overcome challenges to cross-border criminal investigations and prosecutions. Cybercriminals have an upper hand over law enforcement agencies due to their modus operandi. They tend to operate in organized groups, based in one or more jurisdictions while their actions affect computers and victims in other jurisdictions, and therefore other countries.

Given that law enforcement agencies, such as the police and the prosecution offices, are confined to their own national jurisdiction, their efforts in prosecution and in the timely collection of electronic evidence are made more complicated. And because of national sovereignty, any cross-border investigations have to be subject to proper legal channels to request assistance.

This process can be lengthy and complicated, limiting the success of the entire investigation and, more often than not, letting cybercriminals off the hook. However, international cooperation platforms, such as the 24/7 points of contact (opens in new window), do help mitigate this challenging environment, and international cooperation also provides law enforcement agencies with powers enabling them to effectively “join hands” in transnational criminal investigations - removing national barriers while still respecting the safeguards of the rule of law.

The simple reality is that, as things stand, current international cooperation is a conversation involving just one-third of the world. The Convention on Cybercrime (also known as the Budapest Convention) is considered the most relevant international instrument on fighting cybercrime – but currently it only has 50 states as parties to it and another dozen as either signatories or countries in the process of accession. And none of the GCC countries are signatories.

This situation is having a negative impact on the global fight against cybercrime and is widening the global divide in terms of capacity and response. Being vigilant is not enough. In 2012, the Shamoon malware attack on oil giants Saudi Aramco became known as the world’s biggest hack in history. And yet, fast forward to November 2016, and it is known that the attack on Saudi’s transport sector and other government agencies used the same malware.

The investigation into the attack is still ongoing, the motivation behind it and the ultimate damage caused is yet to be announced. But clearly little has been learned in those four years. By maintaining a solo approach, the GCC is unnecessarily jeopardizing its security and economic prosperity by exposing its governments, corporations and citizens to increased vulnerability.

Counter-cybercrime efforts can no longer be developed in isolation, and international cooperation is essential to successfully combatting the threats. If the GCC countries want to ensure safe internet infrastructure and boost their economic prosperity, they must couple cybersecurity investments with international cooperation efforts and establish themselves as major players in the fight against cybercrime.

Chatham House:   

Joyce Hakmeh is a recognised expert on cybercrime and an Academy Fellow at the Royal Institute of International Affairs, London 

 

 

« Amazon Makes First Successful UK Drone Delivery
Making Sense Of Cyber Insurance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.