The monarchies of the Gulf Cooperation Council (GCC) have survived another brush with cyberwarfare. Several U.S.-based cybersecurity firms reported on Tuesday that a new version of Shamoon — the same malware that wreaked havoc on oil and natural gas companies in the region in 2012 — had surfaced, targeting computers in the Middle East. Then on Wednesday, Saudi Arabia confirmed that the latest version of Shamoon had hit six institutions in the kingdom, including its civil aviation authority, which lost significant data and experienced complications for several days after. (The incident did not impair airport operations, though.)
In tactics and intent, the latest attack was strikingly similar to the 2012 episode. Like that attack, the recent strike seemed to be intended as a warning to GCC countries, causing data loss without interrupting operations or destroying critical infrastructure. Furthermore, the use of malware against specific targets — a more sophisticated tactic than, for instance, a distributed denial of service attack — suggests the work of a state or state-sponsored actor. Much as they did in the original 2012 case, all signs point to Iran as the perpetrator. And though it could have been far more devastating for Saudi Arabia, the incident offers a potent reminder that as countries around the world vie for influence, cyberspace may be their next theater of war.
Iran's cybersecurity strategy falls under the purview of the Islamic Revolutionary Guard Corps. For the Islamic republic, maintaining influence across the Middle East is paramount to survival. To ensure its continued prominence, Iran exports its revolutionary ideology throughout the Middle East, mainly to majority-Shiite countries and communities that it can support and advise. The country is adept at wielding asymmetric weapons and tactics, such as proxy warfare, to pursue this objective, and cyberattacks have proved a similarly useful tool.
But some countries in the region oppose Iran's ambitions in the Middle East — none more so than its economic and religious rival, Saudi Arabia. The kingdom and its fellow Gulf monarchies saw the disruptive manner in which Iran's supreme leader and clerical class attained power in the 1970s as such a threat that they formed the GCC. The bloc helped these states defend themselves against the economic and military menace that the new, revolutionary Iran embodied, despite their deep trade ties to the country. Even though GCC members compete with each other economically, the prospect of Iran spreading its ideology, while producing the third-largest amount of oil among OPEC members, encourages the cooperation that gave the bloc its name. Saudi Arabia has so far been the target of most of the cyberattacks launched in the GCC and traced back to Iran, a pattern that is likely to continue, considering Riyadh's prominent role in the GCC. The kingdom will use the threat of cyberattacks to fuel the bloc's enmity toward Iran.
As the technologically advanced GCC states have come to rely more and more on networked systems in the data-heavy sectors that drive their economies, the potential risks of a cyberattack have grown commensurately. Cybersecurity has become a frequent topic of the monthly meetings between GCC interior ministers, and the Saudi National Center for Electronic Security hosted conferences this year to raise awareness about the threat. The bloc's members have also discussed strategies to mitigate the danger, such as entertaining bids from foreign consultants and companies to secure networks in the bloc's main business hubs. Even Israeli companies have been quietly consulted, but given Israel's reputation for technical prowess and its own experience countering Iran's cyberthreats, that is hardly surprising.
The Shamoon attacks are evidence of a growing trend not just in the Middle East but worldwide. Governments, businesses and everyday citizens increasingly depend on networks and data, giving state and non-state actors alike a new means to influence or interfere with international affairs. Iran is not unique in its use of cyberthreats and attacks, in concert with more conventional methods, to pressure its enemies. In recent years, Russia, for instance, has grown steadily more aggressive in its own online activities, hacking its way to privileged information and spreading misinformation to shape perceptions within its borders and sow chaos or discord beyond. Though the recent attacks in the Middle East will draw more attention to the threat, cyberattacks are notoriously difficult to prevent. For now, the Gulf — and the rest of the world — will have to keep looking for ways to limit the damage.