Cyber Security in the Gulf Cooperation Council

3 Pages Posted: 16 Apr 2015

See all articles by Mamoun Alazab

Mamoun Alazab

Cyber Security

Steve Chon

ANU Cybercrime Observatory, Australian National University

Date Written: April 15, 2015


The Internet is one of the fastest growing areas of infrastructure development in the union of the Cooperation Council for the Arab States of the Gulf commonly referred to as Gulf Cooperation Council (GCC). It is clear that the adoption of Information and Communication Technologies (ICTs) worldwide has helped to quicken communication and facilitate the exchange of information. The number of Internet users and Internet-enabled technological devices is increasing exponentially, including an estimated 40 million Internet users within the area of the GCC that continues to grow. It considers the fastest growing and most economically competitive region in the world. This growth is largely fuelled by oil although the region is also becoming an increasingly popular destination for local and international tourists. This trend is set to continue with upcoming global events such as the Abu Dhabi and Bahrain Grand Prix, the Expo 2020 in Dubai and the FIFA World Cup in Qatar in 2022.

As the Internet grows and reaches most aspects of society, staying up-to-date with effective security measures and ensuring online safety remains a challenge. For example, modern cars are effectively computers, and many of which are connected to the Internet. These computing devices embedded in everyday life bring about new risks. In addition, the cybercrime landscape has evolved considerably over the past decade becoming more sophisticated with an increasing diversification of organizational forms of criminal actors. Failure to understand the impact of cybercrime and the threats pose to economy, national security, and the critical infrastructure; will leave GCC states vulnerable to all cyber-attacks and easy targets. There is now evidence of malicious actors that work alone, within cohesive group structures and as larger ephemeral online communities. In addition, vectors used to perpetrate cyber crime are constantly evolving due in part to innovative tactics of criminals which continues to evolve. Attacks typically occur unbeknown to the victims and through processes that guarantee anonymity to malicious actors. For example, many cyber-attacks are propagated through networks of compromised computers and intermediary systems masking the identity, which in certain cases make it difficult to identify the source and intention of cybercrime.

The countries of the GCC share culture, and political, geographic and socio-economic interests. As “communities of shared fate”, all Internet-connected nations are at the mercy of online threats. Yet, mechanisms to respond to such activity have been reactive at best with a deficiency of crime prevention efforts. A major block to the effective control of cyber crime is its transnational characteristic. Cyber attacks occur across borders, and perpetrators and their victims are rarely located in the same jurisdiction. Cyber criminals have also taken advantage of safe haven countries - states that lack Internet crime-related legislation and the capability to enforce them. In 2014, the World Summit on the Information Society (WSIS) 10 High Level Event in Geneva, co-organised by ITU, UNESCO, UNCTAD and UNDP, highlighted the significant risks posed by insufficient responses to cyber security. As connectivity develops cyber security must be recognised as a major threat for the Middle East.

One approach to curtail malicious activities has been through international frameworks. For example, the Council of Europe (CoE) Convention on Cybercrime, known as the Budapest Convention, is an international treaty that provides a comprehensive international approach to cybercrime investigation and law. The Convention formalises mutual legal assistance arrangements between jurisdictions and primarily includes European states, as well as a number of non-European states such as the USA, Japan, Australia and Canada. However, as of March 2015, no countries among the GCC have joined the Convention. Also there is no treaty or cooperation between the GCC states on cybercrime.

Among the six GCC countries, Qatar and Oman are the only two to have developed technical, organisational and legal measures to address cybercrime (Table 1). Other countries are working on these measures but still lack capacity to address cyber issues. The following four main recommendations offer some avenues to increase cyber security capacity in the GCC:

1 - Create a national (and regional) cyber awareness initiative 2 - Establish a centralised mechanism to share information, assets and expertise with GCC states and abroad 3 - Establish technical standards to combat cyber crime through a national (and regional) framework 4 - Engage in international police and judicial cooperation, for example, by signing the Budapest Convention.

Keywords: Cyber Security, Cybercrime, Cyber Defence, Gulf Cooperation Council

Suggested Citation

Alazab, Mamoun and Chon, Steve, Cyber Security in the Gulf Cooperation Council (April 15, 2015). Available at SSRN: or

Steve Chon

ANU Cybercrime Observatory, Australian National University ( email )

Canberra, Australian Capital Territory 2601


Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics