The UAE leads in online national defense tactics
UNIPATH STAFF
Hackers shut down banks by flooding websites with phony traffic, preventing customers from accessing their money. Terabytes of information are stolen from government computer systems, compromising national security. Stock exchanges are disrupted by rogue actors seeking to destabilize financial markets.
These are recent examples of cyber crimes that threaten stability and undermine the rule of law. The fight in this “fifth realm” of warfare — cyberspace — is becoming just as important as battles on land, sea, air and space. Technological advances have changed the nature of war, and military forces and governments are evolving to meet the challenge.
The United Arab Emirates (UAE) has made cyber security a priority, resulting in the country being better equipped than most nations to deal with online threats. This is critical because UAE is one of the most targeted countries in the world by cyber hackers (criminals who break into online security systems to steal or copy information) and phishers (people who attempt to disguise themselves online as representatives of banks or other organizations to obtain personal information), according to UAE security officials.
Threats such as these led to the creation of the Emirates’ latest weapon: The National Electronic Security Authority (NESA) is the first of its kind in the region and streamlines the country’s online defenses.
“Cyber security is one of the biggest economic and national security challenges countries face in the 21st century. The NESA was established in line with this modern reality and as soon as the authority was in place, we immediately initiated a thorough review of the federal efforts to defend and protect the nation’s ICT infrastructure,” said His Excellency Jassem Bu Ataba Al Zaabi, director-general of NESA.
NESA was created by His Highness Sheikh Khalifa bin Zayed Al Nahyan, president of the UAE, in a 2012 decree to address online threats to military and critical infrastructure in the region. Oil and gas installations, nuclear energy facilities and power companies are all potential targets. Medical records in hospitals and government files on personnel and citizens are also sought after, as well as intellectual property and national security vulnerabilities. Even installations as innocent as water desalination plants are constant targets of malicious attacks to disrupt or disable services. Cyber sabotage has the ability to cause so much damage that protecting the cyber realm is as critical as traditional border security.
“Critical infrastructure is a place where most of the attackers try to get into and disturb critical services,” NESA official Dr. Saud Al Junaibi said during a 2014 Gulf Cooperation Council conference on electronic warfare. “This is because oil and gas as well as utility sectors provide major and key services to countries like the UAE, and these are usually targeted by different threats to disturb services.”
That’s why NESA plays such a vital role and can serve as a model for other nations. Its functions are to protect the UAE’s communications networks, develop and implement network safeguard monitoring tools, propose and implement national policy to enhance security, and develop national emergency plans and risk assessment reports. The agency is also charged with uniting efforts to protect private and public entities against cyber crime and espionage.
In 2014, NESA published the National Cyber Security Strategy, Critical Information Infrastructure Policy and the UAE Information Assurance Standards. “NESA is committed to ensuring that all UAE government bodies are made fully aware of the responsibility they now have, to meet the requirements of these polices, and in turn, what this means in practice going forward,” Zaabi said.
The threat is real. A sophisticated cyber espionage attack uncovered in 2012 dubbed “Red October” targeted 20 countries, including the UAE, before authorities caught on that a billion megabytes of information had been stolen over five years using computer viruses. Experts believe a cyber gang auctioned much of the data on the black market to the highest bidder. It is assaults like these that remind everyone of the economic and security damage posed by online predators.
“For governments in the Gulf Cooperation Council [GCC], cyber security is just as important as military hardware,” said Theodore Karasik, director of research at the Institute for Near East and Gulf Military Analysis.
The need for cooperation
Maj. Gen. Mohammed Al Essa of the UAE Ministry of Defense said that although his country’s military and security agencies have made much progress to enhance cyber defense, success is a multinational effort. “The UAE firmly believes that cyber security can be achieved only through cooperation with the peace-loving countries,” Al Essa said at a Gulf International Cyber Security Symposium in Dubai as reported by The National.
Employing advanced technology and encouraging interagency cooperation is important, he said, but sharing expertise and experiences with allies is critical. “You can’t wait until a conflict erupts,” said Kenneth Geers, an international cyber terrorism expert based in the U.S.
During a multinational counterterrorism conference in Germany, Geers urged world governments to prepare in peacetime against terror threats. He likened illegal hackers, terrorists and criminals to pirates who want to spring tactical surprises on their opponents. A well-prepared government with effective cyber security programs can act as a deterrent for the simple reason that criminals usually don’t want to get caught, Geers said.
“Terrorists are looking for this asymmetrical pop,” Geers said. “They’re going to hit you in the face and run and hide.”
Threat awareness
Protecting cyberspace is a multinational responsibility, but some countries and individuals minimize the threat. Countries and companies can be reluctant to disclose the extent of attacks because of the potential to reveal vulnerabilities, lose public confidence and motivate copycat criminals. Experts say even basic cyber security knowledge can help protect against the vast majority of threats. Adhering to password protection policies, opening email only from trusted sources, and updating antivirus and malware software are basic protective measures.
Community awareness campaigns that promote these practices are important, and efforts such as these are already underway in the UAE. The country’s Telecommunications Regulatory Authority (TRA) teamed up with the national Computer Emergency Response Team and the Ministry of Education to educate schoolchildren on best practices for online security.
“This educational program includes online activities, lectures and case studies designed to drive home best practice to teachers, empowering them to pass it on to their students,” TRA Chairman Mohamad Ahmad Al-Qamzi said. “And, of course, from students, this knowledge passes to families and friends, enabling us to reach every home in the UAE.”
Sources: The National, PC Magazine, Symantec’s Internet Security Threat Report, Emirates Identity Authority, Emirates News Agency-WAM, Defense News