A Saudi Outlook for Cybersecurity Strategies Extrapolated from Western Experience
Al-Saud, Naef Bin Ahmed, Joint Force Quarterly
In the 21st century, countries across the globe have come to rely on complex computer networks that form the infrastructural backbone of even the most basic necessities of life, including electric power grids, global finance, food distribution, medical care, clean drinking water, petroleum production, and most types of communica tion. The protection of such networks, known as cybersecurity, is among the highest priorities in the civilized world, alongside planning and operations for major contingencies, including antiterrorism and land warfare.
In many countries, given the typical mandate for militaries to protect civilian infrastructure from physical attack, cybersecurity responsibilities divided between military and civilian leadership structures appear to overlap and cause confusion, particularly in times of crisis. Cybersecurity encompasses some of the most vital national security issues that may be faced by top civilian leaders and military commanders from the United States, as well as the North Atlantic Treaty Organization (NATO) and other friendly nations--especially including Saudi Arabia, which is located in one of the world's most strategic energy resource regions.
The Saudi understanding of cybersecurity is largely derived from the American and European experience in such deployments, both defensively and counteroffensively. Saudi Arabia aims to develop a deeper understanding of the American and Western policy formulation and decisionmaking experiences that are relevant to those top leaders in the Kingdom who are concerned with such vital defense parameters. Thus, it is necessary to observe the strengths and perceived vulnerabilities, as well as the proactive measures, of the United States and other Western nations in response to incidents and intrusions and to analyze them in terms of long-term cybersecurity development considerations pertaining to the Kingdom. Therefore, this article discusses recent developments; U.S. cyberstrategy mission implications for the Kingdom; future development factors toward indigenous Saudi multibillion-dollar investments in cybersecurity infrastructure, institutions, and support services; and the need for substantial long-term Saudi funding--corresponding to Saudi high employment levels in cybersecurity, which are directly related to credible national security objectives and defenses against real-world threats.
In the aftermath of the successful U.S. special operations force mission in Abbottabad, Michael Clarke, director of the Royal United Services Institute in London, observed that "we are getting close to the Hollywoodesque situation in which a U.S. president might be in a position to direct an operation tactically at the lowest levels."1 The world's most advanced armies are converging military special operations with advanced technology over ultra-complex networks that must be protected by effective cybersecurity, and Saudi Arabia aims to be among those in the forefront, while gaining from the experiences of its friends and allies in the West.
What factors determine when a particular cyberwar starts or ends? International experts in cybersecurity do not seem to fully agree, so it is challenging for government policymakers to understand all of the pertinent criteria for making decisions. (2) In November 2010, General Keith Alexander, commander of U.S. Cyber Command (USCYBERCOM), told Congress that the engagement rules were not clear about what sort of cyber attack would precipitate a U.S. response. (3) These unknown factors trigger other directly related parameters. Western government institutions such as USCYBERCOM and the United Kingdom's Cyber Security Operations Centre are intended to protect the military and the government. (4) Yet as stated in a November 2010 Chatham House report, On Cyber Warfare, "In cyberwarfare, the boundaries are blurred between the military and the civilian, the physical and the virtual, and power can be exerted by states or non-state actors, or by proxy. …