Telecoms & IT

Digital’s Double-Edged Sword

Cyber security

The benefits of the digital revolution often overshadow the new threats and vulnerabilities posed by the same technology. Kuwait's cyber security initiatives strive to address these threats and vulnerabilities.

The battlefields of war are changing with new battlegrounds increasingly being fought on the internet. Further technical progress corresponds to an expansion of cyber crime, costing billions of dollars worldwide. With the increasing integration of the internet and technology into businesses across sectors and the push for e-government, both governments and the private sector are targets, as the 2012 Saudi Aramco attacks remind us, in which two viruses erased all corporate data on 30,000 computers. In this type of war, physical land borders become arbitrary, and states are as vulnerable as ever to cyber attacks, struggling to secure cyberspace for both governments and businesses. Given the current geopolitical tensions in the region, GCC states have taken to modernize their legal and organizational defenses against such attacks.

Kuwait is the prime target for cyber attacks: a rich country, whose economy is high-tech and highly dependent on the internet and connectivity, in the middle of an unstable region. Furthermore, as of now, Kuwait lacks any national effort to prevent or fight cyber attacks. With tensions running high in the Middle East and the Gulf, threats can come from both state and non-state actors, representing a threat to strategic infrastructure and enterprises.
The main target of any threat to the country, by far, is the oil and gas infrastructure; petroleum alone accounts for more than 50% of the GDP and more than 90% of the government income. Any paralysis of oil and gas production would deal a blow to the country’s economy. Still, an attack on other sectors could severely disrupt the functioning of the economy. The banking system necessitates more and more internet operations, and every industry is now making intensive use of ICT. The diversification the government also calls for extensive use of the internet and technology, making it particularly vulnerable to cyber threats.
The government has taken note of the danger. Qusai Al Shatti, Deputy Director General of the Central Agency for Information Technology told TBY that, “Most of the critical infrastructure today is run by cyber and information technology via automated systems, for example, in the financial sector. This means any breach or attempt to breach security impacts the entire infrastructure. For example, the power grid in Kuwait is extremely important and if the grid goes down, the entire country will be hit hard. Today, hacking is no longer a hobby or an individual activity; it is organized crime. Today, there is state-to-state espionage. Kuwaiti citizens use our e-services to pay fees, traffic violations, and more. We need to be resilient and protect ourselves from such breaches.”
Additionally, he insisted that a national strategy had been signed, drafted and initiated by the Communication and Information Technology Regulatory Authority (CITRA). There are few details on the 2017-2020 national cyber security strategy, but it aims at protecting the critical infrastructure, creating a national cyber security system, reinforcing cooperation between public agencies, and reinforcing public knowledge regarding basic security on the Internet. Many security breaches indeed are a result of human error; therefore, a major part of ensuring security is teaching people to safely handle sensitive information.
Still, half of GCC members experienced a denial of service (DoS) attack in 2015, not due to human errors but simply an external, malevolent, and deliberate overuse of the website, so it is clear that while the human factor is key, dealing with the human factor alone is not enough to ensure an acceptable level of security. This hassled to a GCC-wide surge in cyber security spending. The GCC cyber security market should reach more than USD10 billion by 2022.
Kuwait’s cyber security apparatus has not yet reached the level needed to ensure optimal security, but the national plan and increasing spending should greatly improve the current situation. However, cyber threats constantly adapt and improve, requiring a constant vigilance and counter-adaptation in the digital age of warfare.