Cyber (non)cooperation in the Gulf

Until recently, the Gulf Cooperation Council (GCC) remained a strong bloc of the six Gulf nations of Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates (UAE). Since its inception in 1981, it has been regarded as the only effective political and economic alliance in the Arab world. However, on 5 June 2017, three GCC countries – Saudi Arabia, Bahrain, and the UAE, as well as Egypt – cut all diplomatic, trade, and travel ties with Qatar, sending shockwaves across the Middle East and beyond. The four countries accused Qatar of supporting terrorism and destabilising the region. Qatar rejected the allegations and accused its neighbours of trying to curtail its sovereignty.[1] Three years later, despite multiple mediation attempts, the GCC remains divided and both sides are entrenched in their positions with no sign of resolution on the horizon. This internal rift and ongoing wars in Yemen, Syria and Libya, combined with escalating US-Iran tensions and the outbreak of COVID-19 pandemic, have created a perfect storm that unfolded in cyberspace, making the region a prime target for myriad cyberattacks and propaganda campaigns.

GCC member states have long faced significant threats in cyberspace, including ransomware, fraud, hacktivism, and state-sponsored campaigns.[2] These threats have targeted individuals, private-sector organisations and state entities, including critical infrastructure and flagship state-owned energy firms. More specifically, the GCC has been the target of a number of destructive advanced persistent threats (APTs) such as the Aramco and RasGas attacks in 2012, and the more recent attack on the Bahraini Electricity and Water Authority.[3] [4] Many of these attacks have been traced to Iran or its proxies.[5] Alongside conventional cyber threats, the region has seen a dramatic rise in propaganda campaigns targeting social media users with fake news, doctored imagers and bot-generated misinformation.[6] The 2017 GCC crisis itself was sparked by an offensive cyber operation that inserted fabricated pro-Iran comments onto the website of the Qatar News Agency.[7] Twitter bots – known in the region as “electronic flies” – continue to spread divisive content and amplify governments’ propaganda.

Even before the growing friction between its members, the GCC had failed to achieve one of its main objectives: the implementation of an effective, collective security architecture.[8] Inconsistencies in threat assessment, lack of trust, and inadequate communication and institutional structures have all crippled the Gulf nations’ ability to strengthen their collective security. This also meant that the level of information and intelligence sharing required for effective cybersecurity cooperation was difficult to attain. In an effort to overcome some of these challenges, a joint security agreement was signed in 2012 with the aim to improve cooperation, coordination and intelligence sharing between the Gulf’s security agencies.[9] It stressed the need to harmonise measures and processes to help strengthen wider joint security work. However, when it came to cybersecurity, efforts remained fragmented with each of the member states having separately built its own cyber-infrastructures and pursued varying levels of cyber-readiness.[10]

Formal GCC-level frameworks were, therefore, deemed ineffective and limited to token gestures.[11] For instance, the Council decided to launch its first CERT in 2006 to support “effective coordination, integration and inter-connection between the Gulf Council Member States.”[12] Despite its ambitions, the initiative remained largely dormant. More recent GCC cybersecurity initiatives include the establishment of the Standing Committee for Cyber Security. During its first meeting in 2017, only four months before the outbreak of the crisis, committee members highlighted the importance of exchanging cybersecurity information, best practices and field visits between the Gulf countries.[13] Another example is the sole GCC-wide cybersecurity drill organised by the Qatari CERT in 2016 whose main objective was to enhance coordination and ensure continued collective efforts against cyber threats.[14]

Each of the GCC states, individually claim to have made considerable progress in protecting their governments, businesses, and individuals from cyber threats, as part of their ambitious national strategies and future visions. Nevertheless, several challenges to cybersecurity in the region, including the absence of effective information sharing structures, put those plans at risk. The upcoming Dubai 2020 EXPO (rescheduled to 2021) and Qatar 2022 FIFA World Cup are two global events that will attract immense media scrutiny and hundreds of thousands of visitors. They will also attract threat actors from all over the world who will try to exploit the opportunities presented by both events to advance their financial and political interests. Evidence from previous global events suggests that the two high-profile events will only increase cyberattacks on the region, making the need for cooperation and information sharing greater than ever.[15] [16]

Recent developments can be seen as modest signs of renewed interest in cooperation ahead of both the Dubai EXPO and the World Cup. Over the past year, the GCC’s Standing Committee on Cyber Security has met three times.[17] The GCC also held several meetings of the national CERTs, as well as a workshop to discuss the impact of the coronavirus (COVID-19) on the GCC electricity and water sectors.[18] [19] Beyond the Middle East, the GCC as a bloc has also pursued international cooperation with countries such as the UK and US to improve capacity building in the face of increased Iranian adversities.[20]

Despite substantial differences in their ideologies, it is vital for the Gulf countries not to lose sight of the importance of information sharing and cooperation in achieving effective cybersecurity. Cyber information sharing is not a panacea: it is, however, an important step toward bolstering cyber defences. If implemented correctly, cyber intelligence sharing enables an enhanced situational awareness of the regional and international threat landscape and, therefore, an increased ability to defend against new threats.[21] Given their economic and geographical integration, cyber information sharing between the GCC states can improve collective response to evolving threats and limit the likelihood of cascading effects across the entire region.

[1] https://www.bbc.com/news/world-middle-east-40173757

[2] https://www.chathamhouse.org/sites/default/files/CHHJ8019-GCC-Cyber-Briefing-200302-WEB.pdf

[3] https://www.theregister.com/2012/08/29/saudi_aramco_malware_attack_analysis/

[4] https://www.wired.com/2012/08/hack-attack-strikes-rasgas/

[5] https://www.wsj.com/articles/high-level-cyber-intrusions-hit-bahrain-amid-tensions-with-iran-11565202488

[6] https://ijoc.org/index.php/ijoc/article/view/8994

[7] http://reut.rs/2r75Wc6

[8] Ulrichsen, Kristian Coates, ed. The Changing Security Dynamics of the Persian Gulf. Oxford University Press, 2018. Oxford Scholarship Online, 2019. doi: 10.1093/oso/9780190877385.001.0001.

[9] https://gulfnews.com/world/gulf/saudi/gcc-ministers-sign-major-security-agreement-1.1104761

[10] https://www.chathamhouse.org/sites/default/files/CHHJ8019-GCC-Cyber-Briefing-200302-WEB.pdf

[11] Shires, J. (2019). ‘Cybersecurity governance in the GCC’, in R. Ellis and V. Mohan (ed.) Rewired: Cybersecurity Governance. Wiley-Blackwell, 2019.

[12] https://www.qcert.org/sites/default/files/public/documents/EN.pdf

[13] https://www.spa.gov.sa/1590520

[14] http://www.gulf-times.com/story/521096/Q-CERT-holds-GCC-Cyber-Security-Drill

[15] https://www.ft.com/content/026a6ce0-f27e-11e7-b220-857e26d1aca4

[16] https://www.itgovernance.eu/blog/en/anonymous-hackers-steal-terabyte-of-passwords-from-italys-expo-2015

[17] https://www.gcc-sg.org/en-us/MediaCenter/NewsCooperation/News/Pages/news2020-2-17-7.aspx

[18] https://www.gcc-sg.org/en-us/MediaCenter/NewsCooperation/News/Pages/news2020-4-15-1.aspx

[19] https://www.gcc-sg.org/en-us/MediaCenter/NewsCooperation/News/Pages/news2019-12-9-2.aspx

[20] https://amp.thenational.ae/world/europe/uk-teams-with-gulf-countries-to-deter-iranian-cyber-attacks-1.1036836

[21] https://www.csis.org/analysis/cyber-threat-information-sharing

Scroll to Top