DUBAI // Officials have called for more cyber security cooperation in the GCC, warning of the havoc that could be caused in the region by threats such as the Wannacry ransomware cyber attack.
Speaking at the first day of the Gulf Information Security Expo and Conference in Dubai, experts said cyber attacks could target critical infrastructure such as airports, oil installations, banks and tourism networks.
“The government has a major role to play in the field of regulation. Our focus is on national security and enabling businesses,” said Ibrahim Alshamrani, executive director of operations of Saudi Arabia’s National Cyber Security Centre.
While GCC nations share vital information through their general secretariats, more coordination is required.
“Once we start investigations, we realise it’s cross border and that we cannot work alone. The challenge is on us,” he said.
“We have a close relationship between the GCC countries and cyber security, and cyber crime falls under national security. But it isn’t enough. We should be doing more.”
Links among networks also make countries in the region vulnerable. Brigadier Khalid Al Razooqi, Dubai Police director general of smart services, said a special team works closely to check daily attempts to breach the police network.
“We receive a lot of attacks on a daily basis through different channels with people trying to break into our system, but we have an excellent team that protects us,” he said.
Recognition of the need for security systems across sectors was required, he said, particularly in a smart city that would be interconnected.
“There must be more awareness for security. For the future we need to think aggressively and introduce systems only after we have a secure environment,” Brig Al Razooqi said.
“A majority of companies do not want to spend on information security budget. When we talk to them to increase the level of security systems, they say it’s not a major concern, it’s the last thing to think about.”
Experts said it was imperative to guard against exposure to cyber attacks such as the Wannacry ransomware that has affected more than 200,000 computers in more than 150 countries since it began infecting users’ files on May 12.
Over the past few years, Dubai has introduced cyber security decrees and laws. But while there were some initiatives to raise the resilience of networks linking the GCC, a consistent cyber security approach is vital.
Among critical interconnection points are internet exchanges that GCC countries share.
“This is where the attacks, viruses, the malware are distributed from. Then you have the banking systems, where transactions go past the central banks of each country,” said Rabih Dabboussi, senior vice president of UAE cyber security company, DarkMatter.
“We need to make sure we raise the resilience of the banking transactional systems, and you also have connected transport, oil and gas and tourism that are key pillars of the economy. There is not enough being done to provide a unified front to protect us.
“We need to start by making sure that the level of regulatory framework and policies are consistent and then look at inter-connection points. There have to be policies, rules and guidelines that govern the use of technology, especially when technology is in critical national infrastructure.”
Natalya Kaspersky, president of InfoWatch, a global cybersecurity solutions firm, said regulation must be an essential prerequisite before new technology is introduced.
“Imagine if an attack like Wannacry happens in the airport where everything is electronic, even passport control,” she said.
“Regulation should be consistent and organised across governments. Before, every country assessed their own technology, but now the world is global and we need governments to exchange information.
“There should be an international committee that prescribes regulation at an international and local level.”