Missile fired at Saudi capital was Iranian: US official

US Air Force’s Central Commander in Qatar, Lt. Gen. Jeffrey L. Harrigian, right, addresses a press conference in Dubai on Friday. (AP)
Updated 11 November 2017
0

Missile fired at Saudi capital was Iranian: US official

JEDDAH: Iran manufactured the ballistic missile fired by Yemen’s Houthi militia toward the Saudi capital and remnants of it bore “Iranian markings,” the top US Air Force official in the Middle East said on Friday.
“There have been Iranian markings on those missiles... To me, that connects the dots to Iran,” said Lt. Gen. Jeffrey L. Harrigian, who oversees the Air Force’s Central Command in Qatar.
“How they got it there is probably something that will continue to be investigated over time,” he said. “What has been demonstrated based on the findings of that missile is that it had Iranian markings on it. That in itself provides evidence of where it came from.”
The missile was shot down on Nov. 4 near Riyadh’s international airport. Saudi investigators examining the remains of the rocket found evidence proving “the role of the Iranian regime in manufacturing them.”
French President Emmanuel Macron also described the missile as “obviously” Iranian.
He said that he was “very concerned” by Iran’s ballistic missile program, and raised the prospect of possible sanctions.
“There are extremely strong concerns about Iran. There are negotiations we need to start on Iran’s ballistic missiles,” he said.
Nikki Haley, the US ambassador to the UN, said in a statement on Tuesday that a missile launch in July involved an Iranian Qiam-1, a liquid-fueled, short-range Scud missile variant.
Iran used a Qiam-1 in combat for the first time in June when it targeted Daesh militants in Syria over militant attacks in Tehran.
US warships have also been attacked by the Houthis. In October 2016, the US Navy said that the USS Mason came under fire from two missiles launched from Yemen. Neither reached the warship, though the US retaliated with Tomahawk cruise missile strikes on three coastal radar sites in Houthi-controlled territory on Yemen’s Red Sea coast.
At the time, authorities said the missiles used in that attack were Silkworm missile variants, a type of coastal defense cruise missile that Iran has been known to use.
Dr. Hamdan Al-Shehri, a Riyadh-based Saudi political analyst and international relations scholar, said that Lt. Gen. Harrigian’s comments supported Saudi Arabia’s case against Iran.
“This confirms what Saudi Arabia has stated,” he told Arab News. “This conclusively proves Iranian intervention in the region. Iran is using its deadly arsenal through the Houthis and Hezbollah.”
He said the statement was “a big indication” that the US shares the Saudi concern and was ready to back Saudi steps against Iran.
“Iran is exposed. The missile attack on Riyadh will not go unpunished. Saudi Arabia will take serious measures against Iran,” he said.
Harvard scholar and Iranian affairs expert Majid Rafizadeh said Lt. Gen. Harrigian’s statement is significant because a high-level official is confirming what many experts and policy analysts have said, which is that the Iranian regime was behind the attack against Saudi Arabia.
“It re-confirms the Iranian regime’s continuing belligerent behavior in the region, its pursuit for regional hegemony and its deep antagonism toward Saudi Arabia,” Rafizadeh told Arab News. “It shows that Saudi Arabia has never made allegations against the Iranian regime without proof and evidence.”
According to Rafizadeh, the Iranian regime’s involvement and cooperation with the Houthis “is much deeper than what the public generally knows.”
He said Tehran provides sophisticated training for conducting terror attacks, and that it arms and funds the Houthis on a much higher level.
Oubai Shahbandar, a Syrian-American analyst and fellow at the New America Foundation’s International Security Program, said: “The Iranian Revolutionary Guards have been caught red-handed.
“For any skeptic that still denies the Houthis are a direct proxy of the Iranian government, keep in mind that the transfer and launch of such a sophisticated missile against the Saudi capital would not have been possible without the approval at the highest levels in Tehran.
“What this means is that there are likely Iranian Revolutionary guard officers or possibly Lebanese Hezbollah operatives on the ground embedded with the Houthi militias to help facilitate the movement of these missiles and the targeting process.”
Shahbandar wondered what the reaction would be if Riyadh had authorized a missile strike against Tehran.
“There would have been international uproar. Iran’s signature was literally discovered on the missile itself. It’s a dangerous escalation and it is important to publicly call out Iran for its direct involvement in the missile strike without any equivocation,” Shahbandar said.


KSA must become more resilient against cyberattacks

Updated 22 July 2018
0

KSA must become more resilient against cyberattacks

  • Healthcare data is of particular interest to hackers because it can be used to blackmail people in positions of power
  • A trained security professional cannot win the battle against cybercrime with just a mere knowledge of IT security

DUBAI: Cybercrime attacks could double over the next two years and cost Saudi Arabia’s economy up to SR30 billion ($8 billion) by 2020, according to security experts who warn the Kingdom is the most targeted county in the GCC for online fraudsters.
While Saudi Arabia is stepping up the war against cybercrime, the Kingdom must invest in training its own security professionals, expand its pool of skilled workers and strengthen its cybersecurity regulation to become more resilient against emerging attacks.
“Based on our relationship with key Saudi clients, we see that cybercrime in Saudi is growing faster than in most of the countries in the world, with more than a 35 percent increase in the number of attacks during the past year,” said Simone Vernacchia, a partner in Digital, CyberSecurity, Resilience and Infrastructure for PWC Middle East.
“Based on our experience in the GCC, Saudi is being targeted more frequently, and the cost of cyberattacks is 6 to 8 percent higher than in the rest of the GCC countries. The Saudi economy provides a more appealing target for cyberattackers.”
Vernacchia said it can be difficult to measure the true direct and indirect cost on Saudi Arabia’s economy each year.
“This said, we would expect direct and indirect costs arising from cyberattacks to total $3 to $4 billion (SR11.25 billion to SR15 billion) for 2018,” said Vernacchia.
“Assuming the growth will not be affected by large-scale events, we expect the direct and indirect impact of cyberattacks to grow up to $6 to $8 billion (SR22.5 billion to SR30 billion) by 2020. Among the major external events that can affect this figure, uncertainties in the region can result in an even more aggressive surge of cyberattacks.”
Vernacchia said there was a lack of willpower in organizations to invest in security measures, and urged them to invest in the manpower and technology that will enable them to become more resilient in the face of growing attacks. While Saudi is “not completely unprepared,” most businesses in the Kingdom are investing in cybersecurity far less than the leading countries.
“We see the average investment in cybersecurity awareness and capability to be on average about 60 percent lower in Saudi Arabia than what is invested by organizations of the same size in leading countries.
“This is a result of limited regulatory requirements for private entities, as private companies are trading the immediate benefit of spending less on cybersecurity protection with the high cost of one — or more — potentially highly effective targeted cyberattacks.”
An increase in cybersecurity regulation could also strongly limit the growth of cyberattacks, Vernacchia said. “The limited amount of cybersecurity-related regulation is a key issue, as it’s having two key effects. On one hand, some businesses are underestimating their exposure, and thus not investing in cybersecurity as they should — de facto increasing their risk. Other businesses are waiting for regulation to be drafted before investing in cybersecurity, in fear that the organization, processes and solutions they would implement may not be in line with the regulatory requirements which are coming.”
Amir Kolahzadeh, CEO of cybersecurity firm ITSEC, said Saudi-based business are reluctant to invest in adequate cybersecurity measures as they fail to recognize the long-term value of the initial investment needed.
“The core issues that every business is looking at in cybersecurity is a line item expense instead of looking what the cost would be if there is a breach,” he said. “This is a worldwide epidemic at the moment. However, it is much more evident in the GCC due to lack of truly trained IT security professionals who can show the business acumen, foresight and the communication skills to demonstrate that potential losses are exponentially greater than the cost of securing the enterprise.”
David Michaux, of online security company Whispering Bell, said as Saudi Arabia forges ahead with its knowledge-based economy and becomes “more online,” the potential for attacks will grow.
With Saudi Arabia’s Vision 2030 of a “knowledge economy,” growth in the ICT will be fueled by digitization — including IT innovation, big data projects, smart city initiatives, and cloud-based services. In addition, Saudis are among the most active social media users in the world — and largest adopters of Twitter in the Arab region.
Mathivanan V., vice president of ManageEngine, said while Saudi Arabia has taken “significant steps” to achieve cyber-readiness, including the introduction of the National Authority of Cyber Security which aims to enhance the protection of networks, IT systems, and data through regulatory and operational tasks, he warned that sophisticated cyberthreats have evolved in the wake of digitization and urged companies to better employ sustainable IT practices and state-of-the-art cybersecurity tools.
“A trained security professional cannot win the battle against cybercrime with just a mere knowledge of IT security,” he said. “What he needs is the right weapon to master the art of cybersecurity.”
James Lyne, head of R&D at SANS Institute, which specializes in information security, said given Saudi Arabia’s visible agenda to lead the charge in smart cities, connected industry and to develop a knowledge economy, it is key that the Kingdom also has an equally ambitious cybersecurity skills strategy.
“A gap between the two will lead to substantial attacks and reputation damage for the region,” he said.
“Firstly, Saudi Arabia needs more cybersecurity practitioners overall — particularly with the ambitious development projects being undertaken as part of the Kingdom’s 2030 Vision. Secondly, existing cybersecurity practitioners also have to continue to sharpen their skills to increase the depth of their expertise.”
He urged companies not to ignore the fact that employee behavior is a weak link in cybersecurity and is becoming an increasing source of risk.
“Many of the breaches that occur still take advantage of basic cybersecurity failures and, as such, education has to be a huge part of the solution. Everyone in Saudi Arabia has a role to play in making sure that cybercriminals get fewer clicks on their nasty emails, documents and phishing links.”
He said it was difficult to truly grasp the overall financial figures associated with cybercrime.
“That said, even the tip of the iceberg that we do see is very substantial and it has already been demonstrated that Saudi Arabia is a major target. Given attackers have already had success compromising facilities, it is extremely likely other cybercriminals will follow.”