The revelation last week that Saudi Arabia’s Aramco – valued at $781 billion as the world’s most valuable company because of its massive oil concessions – had been infiltrated with a computer virus should be a wake-up call for the region’s top businesses and governments. It’s not yet clear what the virus was, but there has been speculation that it was the data wiping Shamoon. The company isolated the system that was affected and cut off the spread of the virus. Surely, Aramco has some high powered firewalls and computer engineers on its staff, which raises the question: is the region prepared for highly sophisticated cybersecurity threats?
Any visit to a government office in Cairo leaves you with the impression that the answer is no. Aging desktops with outdated Windows operating systems fill the offices of Egypt’s bureaucracy, each entirely vulnerable to an attack. Can you imagine the generals of the Supreme Council of the Armed Forces even being familiar with the concept of encryption? By many accounts, they still receive official messages by fax.
By now, the Stuxnet virus that disrupted Iran’s project to enrich uranium is well known. But there are a range of other viruses that have been trawling the Middle East networks. One of the most interesting ones to emerge has been Gauss, which can spy on banking transactions and steal login information from social networking sites. According to Kaspersky, it may have emerged from the same US and Israeli laboratories that built Stuxnet and was in part directed at Lebanon.
There’s no doubt that cyber war is a theme of our times and the Arab World, with all its critical infrastructure, is far behind in its ability to defend itself.