If 2017 was the year global cyber threats came of age, will 2018 be the year that the security response to them also becomes global? Ironically, the danger facing the world that is least respectful of borders and national sovereignty is also the challenge that has — until recently — had national or regional responses, pursuing individual country’s interests above the universal.
One of the factors in the globalization of this danger and the response to it has been the development of these strategies from state-sponsored (or at least state-aligned) tools to weapons in the arsenals of terrorist groups.
ISIS-inspired hacking attacks are becoming more common. And just like with other ISIS-linked operations, the Muslim world is the main target. It is precisely because Muslim-majority countries the primary targets that they must lead the response.
This problem has been developing for some time. In 2012, a cyberattack against Saudi Arabia’s state-owned company Aramco destroyed 35,000 computers and the same virus attacked Qatar’s RasGas Company. More recently (December 2016) the Saudi Civil Aviation Authority was subjected to a huge cyberattack.
Many fear that such attacks are just the beginning. Eugen Kaspersky, the creator of one of the world’s most well-known computer security companies, believes that the Middle East in particular is at high risk of future terrorist attacks. The historical lack of a coordinated pre-emptive response to such threats, coupled with high profile events in the near future in the region, can only exacerbate this. The Dubai 2020 Olympics and the Qatar World Cup in 2022 are obvious targets.
But beyond this, there are countless other mid-level, and even ‘soft’ targets that can jeopardize Muslim-majority countries’ ability to maintain and develop their infrastructures at what is a crucial time in many such nations’ development.
The intersection between cyber security and broader citizen safety and the maintenance of civil society is glaringly obvious in the wake of alleged Russian cyber-ops in relation to the 2016 US Presidential Election, and the continued distortion of civic and political life by sophisticated offshore networks of bots.
As the world recognizes that the threat cannot be eliminated, it must at least be defended against.
Since 2004, the convention on cybersecurity has united over 50 signatories in a treaty drawn up by the Council of Europe with active participation of the Council of Europe’s observer states Canada, Japan, South Africa, and the United States.
But until recently the Islamic world has lagged behind in some ways. The most inclusive of Muslim-world intergovernmental organizations, the OIC (Organization of Islamic Cooperation) has a unique role here. It brings together regional powers who may not always be the closest of natural allies in other respects, and creates a safe space for them to work together on shared goals, away from other more divisive issues.
In 2006 the OIC created CERT, the Computer Emergency Response Team. It has allowed our 57 member states to establish common criminal justice norms and security procedures to protect their citizens and state apparatuses.
And that was just the beginning: this year, we are planning a permanent cybersecurity center where the Islamic world can build capacity and execute real-time responses to cyber threats.
The Islamic world should not only be participating in this space, but actually leading the way. ISIS may have been defeated in the physical battle space, but this appears to have driven them deeper online – including the dark web.
Their failure in physical war appears to have created the threat of ‘ISIS 2.0’ – a distributed, fluid network of online propagandists, hackers and bots. By 2016, Twitter had suspended 360,000 accounts for violation of its policies regarding the promotion of terrorism. However, Twitter published a statement adding: “there is no one ‘magic algorithm’ for identifying terrorist content on the Internet.”
In the absence of magic algorithms, the only weapons we have are hard work, coordinated across borders. And it is about more than security per se: it is also about establishing counter-narratives to the extremist millennial culture that has been allowed to germinate online for too long.
Many ISIS defectors, when interviewed, credit their radicalization not to defective religious education or to socioeconomic factors, but to being sucked into a kind of twisted virtual reality of online extremism. And this parallel digital universe is not medieval or parochial from their perspective – on the contrary, some online extremist propagandists post largely positive, inspirational messages, increasing their victims’ emotional dependency. They operate, in other words, just like a traditional cult.
When social media firms act, it is too often focused on Western-based activity, with a bias towards English-language activity, as opposed to many Muslims’ native languages such as Arabic, Urdu or Malay.
This is ironic, because social media matters more in many Muslim-majority countries than in the West. Saudi Arabia for example, leads the world in both Twitter and Snapchat usage.
This is why the Muslim world must act now to get our house in order. Because although we may have won the physical battle against ISIS, the cyberwar may only be beginning.
Wajdi Homaid Al Quliti is director of information technology at the Organization of Islamic Cooperation. He was previously senior IT and security consultant at the Saudi Embassy in Washington from 2004 to 2010. He has also worked for the Ministry of Defense and Aviation of Saudi Arabia.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of The Daily Caller.