Global cooperation essential to repelling Iran’s cyberattacks

Riyadh hosts the Global Cybersecurity Forum on Tuesday and Wednesday — the first conference of its kind in Saudi Arabia. This timely event is expected to draw more than 1,200 participants and 100 speakers across dozens of panels and breakout sessions aimed at “joining efforts for a better cyber world,” as its subtitle says.

Organizing this international gathering indicates how cybersecurity has become a priority for Saudi Arabia, as Iran has escalated its cyberwarfare against the Kingdom. Growing concerns about cyberattacks by Iran, as well as by terrorist groups and organized criminals, was behind the establishment in October 2017 of the National Cybersecurity Authority (NCA), directly linked to King Salman. The NCA has both regulatory and operational functions and works closely with public and private entities to improve the cybersecurity posture of the country and safeguard its vital interests, national security and critical infrastructure.

While Saudi Arabia had already been developing its cybersecurity capabilities, the NCA was set up to upgrade Saudi cybersecurity capacity and establish a national inter-agency platform. It was granted a comprehensive mandate that includes, inter alia, drafting the national strategy for cybersecurity and overseeing its implementation; setting up cybersecurity frameworks, controls, and compliance; building and running operational centers; developing human capabilities in cybersecurity; raising awareness on cybersecurity; stimulating growth of the cybersecurity sector and encouraging innovation and investment therein; and establishing ties with similar agencies abroad and private entities for the mutual exchange of knowledge and expertise.

Ahead of this international conference, the Riyadh-based International Institute for Iranian Studies released an important report on Iran’s systematic cyberwarfare against Saudi Arabia. The 400-page book, titled “Iran’s Software Piracy and Digital Militias: Its Threats and Unannounced War Against the Kingdom of Saudi Arabia,” sets out in some detail the structure of Iran’s cyber army, from the high policy apparatus to the franchised regional cyber operatives.

Iran’s cyberwarfare structure follows the Islamic Revolutionary Guard Corps’ modus operandi in non-cyber activities with its heavy use of both Iran-based outfits and regional proxies, such as Lebanon’s Hezbollah’s digital army and Syrian and Houthi cyber operatives.

The new book demonstrates convincingly how Iran targets Saudi Arabia’s cyberspace. It chronicles Iran’s cyberattacks against the Kingdom, especially attacks using the malware “Shamoon,” which started in 2012 by targeting the national oil company Aramco. That attack caused considerable damage and was billed at the time as the largest cyberattack ever recorded. After the breach was discovered and the company was able to build its cyber defenses to deal with Shamoon, the virus went through new incarnations in 2016 and 2017, albeit with less damage.

In September 2017, there was another cyberattack by Iran, this time targeting Saudi airlines and petrochemical companies. In this operation, as in the previous ones, the malware went through different stages, from “dropping” — entering and residing in the targeted network — then “reporting” the data to another network, and finally “wiping” the data.

Iran’s cyberattacks have continued, taking different shapes and utilizing different techniques, but they are all aimed at disrupting major economic activities in Saudi Arabia and stealing data. Sometimes, the attacks have resulted in the publication of sensitive documents and private information. Tehran sought both material and psychological gains in waging its cyberwar against Saudi Arabia.

Last December, cyberattacks linked to Iran targeted Saudi and other GCC computer networks, mimicking earlier attacks and focusing on economic targets. Iran has no doubt developed formidable cyberwarfare capacity, in part to make up for the deficit it has in conventional military capabilities. Cyberwarfare is part of Iran’s wider fighting doctrine: To leverage its limited resources and traditional elements of military power. Similar to cyberwarfare, Tehran has developed other nonconventional methods, such as terrorism and the use of militias and paramilitaries. For similar reasons, Iran’s proxies and partners have used forbidden weapons, such as landmines by the Houthis in Yemen and chemical weapons by the Assad regime in Syria. Both are cheap to purchase and relatively easy to use, but are indiscriminate and devastating.

As Iran appears intent on continuing its attempts to impose its will in the region by force, its use of cyberwarfare and other asymmetric attacks is expected to increase. Iran has always denied responsibility for cyberattacks. Instead, there were claims of responsibility by supposedly Syrian or Yemeni entities.

Iran’s cyberwarfare structure follows the Islamic Revolutionary Guard Corps’ modus operandi in non-cyber activities.

Abdel Aziz Aluwaisheg

For these reasons, Saudi Arabia’s establishment of a dedicated nationwide cybersecurity agency was essential to hone the country’s capabilities to withstand Iran’s frequent attacks. The Global Cybersecurity Forum is expected to present new thinking in this area, including how to best protect critical infrastructure against cyberattacks.

According to the organizers, the forum will encourage greater international collaboration, information sharing and knowledge exchange around regulation, legislation and governance, and what role international coordination can play with the increasing threats of cyberattacks and warfare. The forum also features five “sector focus sessions” addressing certain vulnerabilities: Energy and utilities; financial services; smart cities; telecommunications; and health care.

It is important that similar events to this forum continue to create a regional and international front against Tehran’s use of cyberwarfare to undermine its neighbors’ security, safety and economic well-being.

• Abdel Aziz Aluwaisheg is the Gulf Cooperation Council’s assistant secretary-general for political affairs and negotiation, and a columnist for Arab News. The views expressed in this piece are personal and do not necessarily represent those of the GCC. Twitter: @abuhamad1