Lessons for Pakistan on how to gear up for cyber security
KARACHI: While Middle East countries have faced humanitarian disasters spawned by Syria and Yemen since time immemorial, a greater problem now faces these countries; cyber-crime.
Cyber war is a pretty new phenomenon with countries like Iran conducting their first cyber-attack against its rivals during diplomatic crises in the year 2012. A group of Iranians calling themselves ‘Cutting Sword of Justice’ launched a malware attack on Saudi Arabia’s national oil company-Aramco infected 30,000 workstations. Also, it managed to make its way into the Qatar-based RasGas.
According to Saudi Arabia, the attack aimed at curtailing all the operations in the oil and gas production company Aramco – the biggest oil producer in the world.
The operation also targeted 14 Middle Eastern countries with a focus on important sectors like education, technology, transportation, defence and telecommunication.
Similarly, in the midst of strained diplomatic ties with the Middle East, Anonymous hackers attacked key websites in Saudi Arabia’s Defense Ministry. Planned by the Syrian Electronic Army, these attacks aimed at Qatar, Saudi Arabia and any other countries in support of rebel groups in Syria.
Unfortunately most of the countries in the Middle East have not managed to take sufficient measures to build their cyber security.
Rather than taking caution and building better security protocols, cyber-attack is viewed as a threat against the nation’s sovereignty, regardless of the fact that the attack might as well have originated from within the national borders. This might be because most leaders, businessmen and the government have yet to fully grasp how to deal with the relatively new phenomena.
The most recent summit-Gulf Information Security Expo & Conference (GISEC) indicated that response from most of the countries in the Middle East is only reactionary in nature i.e. cyber security measures only come to fore in the face of severe attacks.
During the talks, many cited fear of more cyber-attacks after the last Cyber Caliphate attacks and circulating stories about the Syrian Electronic Army.
Research done by Symantec and Deloitte found more than two-third of the organisations in the Middle East were incapable of protecting themselves from sophisticated cyber-attacks. What’s more, close to 70% of the region’s IT experts lack confidence in their company’s cyber security measures. And the government does little in that regard as well, having made very few regulations and allocated few resources for executing cyber security policies.
Despite this gloomy outlook, some Middle Eastern countries like Dubai are proactively participating in cyber security measures by setting up new IT departments and creating awareness regarding significant infrastructure challenges to better secure their resources.. Last year for instance, UAE government had set up the Dubai Centre for E-Security that would help develop safe ways to exchange information within UAE countries.
In Pakistan cyber-attacks are launched differently. These usually occur in close proximity to high-profile events such as the Independence Day or the cricket matches. Also, hackers would target Pakistani and Indian websites in retaliation for some past friction.
For example, an Indian hacker group, Black Hats, accepted responsibility for the January 7 cyber-attack in Pakistan.
Similarly, in the recent past, a cyber-attack by a few Indian hackers was in retaliation of a deadly cyber-attack on the Indian Air Force base on January 2, 2016.
In Pakistan, stringent cybercrime policies have been brought in place with the Cybercrime Bill 2015. In the wake of counteractive cyber-attacks, the Pakistani legislators found it necessary to amend a bill that deals with these crimes. Section 31 of the new law states that the government is bound to sever access to any website or online sources it deems inappropriate.
According to the government, the law aims at protecting its citizens from cybercrimes. However, the bill has faced severe criticism. Most IT experts and online social media users find the new law draconian and punitive.
It is understandable that most measures taken by the government veer off to the extremist edge when reacting to cybercrimes. However, lessons from the Middle East suggest that a reactionary approach might not be the ideal solution. A proactive approach, where small measure and policies are put in place and piecemeal progress is made to build better security over time, might be closer to what Pakistan needs to better secure its national interests.