In the early years of the internet, popular culture often portrayed hacking as the preserve of youthful coding geeks or underdogs who targeted faceless corporations rather than ordinary people. At a World Economic Forum event in Dubai this week, a different and more menacing picture emerged.
“We have autonomous vehicles, robotics, critical infrastructure, supply chains,” Jeremy Jurgens, managing director and head of Centre for Cybersecurity at the WEF, told The National. “No matter where we are, where we're interacting in the world, we have to think, 'what is my kind of cyber surface that's exposed here'? It's not to scare people or have them avoid the world. It's just to be conscious of the risks that are there.”
Mr Jurgens’s perspective reflects the fact that the online world has reached into just about every part of our lives. Most people already recognise cybercriminals for what they are – not rogues exploring a new digital frontier, but international blackmailers, extortionists and thieves. The stakes are particularly high where there is a booming economy, connected populations and rapid embrace of AI, as there are in the Gulf.
Consumers are aware of the need to be judicious online, particularly with their personal data. As Dr Mohamed Al Kuwaiti, head of the UAE's Cybersecurity Council, told the opening day of the Gitex technology conference in Dubai this week, “We need the people to be our first line of defence.”
Cybercrime is an inherently a transnational problem; logic dictates that it demands a more transnational approach. Some regions are already on this journey, having set up cross-border cybersecurity organisations. In 2016, Asean – the 10-nation bloc of South-East Asian countries – established its Cyber Capacity Programme. Three years before, the EU’s law enforcement agency, Europol, set up its EC3 centre to track and prosecute cybercriminals across national borders.
In the Gulf, too, there is significant co-operation. The GCC Ministerial Committee for Cybersecurity meets regularly and Abu Dhabi-based GCCPOL works closely with international law enforcement. But as yet there is no dedicated, Gulf-wide policing body that specialises solely in fighting cybercrime. Perhaps it is an idea whose time has come.
Having a policing and investigative body that understands the unique threats posed by criminals and hackers to Gulf nations’ cyber security would be an addition to existing GCC co-operation. Such a team could fast-track cross-border investigations, evidence gathering and prosecutions. It could also share intelligence and expertise, a particular strength in the GCC’s tech-savvy societies. Gulf countries are already coming together to deliver joint projects such single visitor visas and cross-border rail networks. Taking this joint approach into the fight against cybercrime could potentially be a game-changer.
Policing has to go hand and hand with the right legal approach. Making sure national legislation closely aligns with international best standards – such as the Budapest Convention on cybercrime – would be a good step. There needs to be a global dimension too – lower-income countries are often home to some of the world’s most notorious cyber gangs. These nations can and should get financial and technical assistance from organisations such as the UN Office on Drugs and Crime and the International Telecommunication Union. As well-resourced, digital-first economies, Gulf states are increasingly in a good position to assist such efforts.
The days of the so-called “white hat” hacker are largely in the past. That people and governments invest so much in their cyber security prove this. The next step is ensure cooperation and avoid working in silos when it comes to protecting countries and their publics from this ever-changing menace.
