As Dubai races toward a future of self-driving cars and drones filling up its high-rise-studded skyline, cybersecurity is becoming a growing concern in a region replete with examples of cyberattacks.
The sheikhdom is hosting a cybersecurity conference this week and at it, a Dubai official involved in protecting the emirate from hacking and other electronic maliciousness offered a rare interview Wednesday describing its efforts.
“It’s relentless,” said Amer Sharaf, the director of compliance at the Dubai Electronic Security Center. “You always have to be up and ahead of the game.”
The center, created by decree in 2014, has some 60 employees and hopes to hire another 30 this year, Sharaf said. It oversees government efforts to protect Dubai’s government computer systems and infrastructure, as well as plan and respond to any threats or attacks.
Speaking at OPCDE, the cybersecurity conference being held in Dubai, Sharaf said there was a “general lack of awareness in the region” about the threat. After his speech, Sharaf spoke to two journalists about specifics.
Dubai’s government has faced email phishing scams and other small-scale incidents affecting its networks, he said. It also has been on high alert following Saudi Arabia being hit by Shamoon 2 , a new variant of a computer virus that destroyed systems of the kingdom’s state-run oil company in 2012. The emirate was not infected by it, Sharaf said.
“We haven’t seen any major compromises,” Sharaf said.
He also acknowledged the challenge he and others in the cybersecurity field face in trying to determine responsibility for an attack. With Shamoon for instance, it is widely believed that Iran, Saudi Arabia’s regional rival, carried out the attack. New research suggests the latest Shamoon attack continues in Saudi Arabia and used code and infrastructure previously tied to hacks linked to Iran.
“In many ways, it can be pretty hard” to identify those responsible, Sharaf said. “They can be hidden behind (virtual private networks) and fake companies.”
In the case of Shamoon, it came after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.
But while Dubai works on cybersecurity, the United Arab Emirates has been suspected of exploiting hacking. An Emirati activist named Ahmed Mansoor became famous in August when he worked with security experts to reveal three previously undisclosed weaknesses in Apple’s mobile operating system that then allowed hackers to take complete control of iPhones.
Mansoor and others believed the UAE was behind him being targeted. Mansoor was arrested by UAE authorities in March for his online posts and while his case wasn’t mentioned Wednesday, at least one speaker at the cybersecurity conference touched on government accountability.
“We can write about incidents that we see and then society as a whole can determine whether it’s appropriate behavior,” said Maarten Van Horenbeeck, the vice president of security engineering at San Francisco-based internet firm Fastly.