Thursday, September 18, 2008

The Spectre of Cyber Warfare

Commentary - Executive magazine

Over the summer the spectre of cyber warfare gained international significance, spurred on by reports of cyber attacks that crippled Georgia’s infrastructure in the wake of Russia’s ‘intervention’ in South Ossetia.
Reportedly carried out by nationalistic Russian hackers rather than by the Kremlin itself, the incident has shown how vulnerable a country’s critical national infrastructure (CNI) is to cyber attacks. Even presidential campaigns are open to attack, with senators John McCain and Barack Obama’s systems allegedly hacked into by the Chinese.
The dark side of technology has also come to the attention of the private sector in the Middle East, with a handful of banks in Dubai hit by ATM card theft and fraud in September. Furthermore, cyber crime continues to rise in the region, with some 50 million incidents of hacking against the public and private sectors in March, up from 15 million in December 2007, according to a study by internet security firm Trend Micro.
How seriously Middle Eastern governments are taking cyber crime is difficult to gauge however, particularly in terms of prevention and awareness. Additionally, businesses and governments are reluctant to announce cyber attack incidents to not cause concern to shareholders and the public, while statistics like the one above need to be taken with a pinch of salt as internet security firms have a vested interest in making out that cyber crime is worse than it may actually be.
Nonetheless, last year’s Virtual Criminology Report by NATO, the FBI and other agencies stated that cyber spying is one of the biggest security threats nations face, with 100 countries having experienced some form of cyber warfare. Britain’s secret service, M15, went as far as saying the country was “four meals away from anarchy” if there was a serious interruption to CNI and the distribution of food.
That countries are starting to take the threat seriously was highlighted at a conference I attended in Crete in September organized by the European Network and Information Security Agency (ENISA), which was set up in 2005 to investigate internet security problems and make recommendations for EU member states on how to protect themselves. What struck me was how long the EU has taken to tackle the issue on a collective basis, and that between three to five years are needed for all EU countries to be at a common level of protection. Furthermore, in a speech given by German Member of the European Parliament (MEP) Jorgo Chatzimarkakis, he said he “couldn’t understand politicians who doubt the importance of this endeavour” to tackle cyber crime. ENISA itself was at risk of not even getting established at one point, while few MEPs know much about cyber crime. Meanwhile, a speech by Lord Toby Harris stressed how ambivalent Britain’s political establishment is about information security, with less than 10 out of the 1400 members of the House of Commons and the House of Lords taking a serious interest in the subject. This in a country where six government departments have reported system compromises over the past year, many multiple times, and identity theft is estimated at $3.4 billion a year almost beggars belief. But while the EU is starting to take on the challenge of improving cyber protection for governments, businesses and consumers, the fact that ENISA’s budget is only $11.5 million a year indicates that more needs to be done and for regulations to be enacted.
Naturally, I started to think about how the Middle East is prepared for this phenomenon when so many EU countries are just setting up Computer Emergency Response Teams (CERTs) and Disaster Recovery Plans (DRP). The picture is not overly rosy, with the International Data Corporation estimating that total internet security spending in the region will only touch $9.3 million by 2009, with the UAE, Saudi Arabia, Kuwait, Qatar and Bahrain the top five investors. When you consider that security systems for small networks of 100 computers cost roughly $15,000, and those involving 1,000 computers $30,000, the region’s spending is woefully inadequate to protect CNI and businesses. What is being done on the legal front also needs to be addressed.
For instance, how protected are governments and businesses from cyber attacks when European countries do not have a Data Breach Notification Law? Are there units of law enforcement adequately trained to take on e-crime? And are there Disaster Recovery Plans and CERTs in place for when the seemingly inevitable happens?
Such questions need to be asked as the region gets more connected, and will gain further importance if many Arab countries go ahead with plans to build nuclear power plants (NPPs). After all, a NPP in Baxley, Georgia was shut down for 48 hours in March after a software update was installed on a single computer, and in 2003 a NPP in Ohio had its safety monitoring system disabled by a virus.
National responses to the problem and heightened regional cooperation are undoubtedly necessary to protect CNI and citizens from what is already a global phenomenon that is not going to go away.

Anti-Money Laundering and Counter Terrorist Financing in the Middle East

Executive magazine

Since 9/11 the issue of combating money laundering and terrorist financing has taken on greater importance for the banking and financial sectors, forcing institutions to shake up their administrative divisions to comply with regulations as well as apply initiatives like ‘know-your-customer’ at the branch level. It’s been a costly and time consuming process, but with the Middle East and North Africa (MENA) region a focus of international anti money laundering (AML) and counter terrorism financing (CTF) initiatives, central banks and financial institutions were left with little choice.
The USA’s Patriot Act has been the main driver, sections 311 and 314 in particular, calling for ‘Special measures for jurisdictions, financial institutions, or international transactions of primary money laundering concern,’ and in Section 314, ‘Cooperative efforts to deter money laundering.’ The seriousness of these requirements cannot be downplayed.
Unless MENA banks comply, they will be unable to have a representative bank or depository in the US, and other day-to-day operations, such as letters of credit, face heightened suspicion if not downright refusal. Furthermore, failure to comply with the Patriot Act and the OECD’s Financial Action Task Force’s 40 Recommendations on money laundering (ML) plus 9 Special Recommendations on terrorist financing (TF) can blacklist a country and its banks, as the Commercial Bank of Syria and Iranian banks currently face. Additionally, the consequences of non-compliance are not just operation- and reputation-related but also financial, with Arab Bank fined $24 million in 2005 by US banking regulators for failing to implement AML controls at its New York branch.
The costs of implementing AML and CTF compliance certainly outweigh the risks, but are nonetheless costing institutions a pretty penny, whether installing new software, employing and training staff, or building up a compliance division. Middle Eastern banks are cagey about releasing such figures, but for an idea of the costs involved, a Pricewaterhouse Coopers report in Australia estimated the cost of AML/CTF compliance for a financial institution at $48 million to $96 million.
A recent survey by KPMG found that from around the globe, the regions that recorded the highest increase in costs of AML compliance were, “unsurprisingly,” North America and the Middle East/Africa. “This reflects the significant legal and regulatory changes in the US, and the wider impact of the extra-territorial provision of US law around the world,” the report noted. Middle East-Africa banks average percentage increase in AML investment between 2001-2004 was 68%, and between 2004-2007 an estimated 70%.
In terms of cost, topping the list was enhanced transaction monitoring, greater provision of training, sanctions compliance, remediation of ‘know your customer’ documentation, and transaction ‘look-back’ reviews.

Need for more regulation

The region has been fairly successful in curbing money laundering and terrorist financing, at least according to official accounts, with the Middle East North Africa-Financial Action Task Force (MENA-FATF), a regional body based in Bahrain, claiming a 90% decline since the body was set up in late 2004.
But tackling ML and TF is a slippery business, as heads of financial intelligence units and compliance officers unabashedly make clear. Indeed, ML and TF is considered to occur more in major financial centers, such as London and Frankfurt, where there is greater safety in numbers, than in the smaller and more risk associated markets of parts of the Middle East.
The countries in the MENA region that have warranted censure, Iran and Syria, are arguably lower in the money laundering stakes than the likes of Dubai, and in terms of terrorist financing, Saudi Arabia.
But the matter is politically tinged (see Islamic Banks and TF article, page xx), as a private sector dialogue with the US government attended by all the region’s major banks in Cairo a few years ago highlighted when there was a heated discussion about what constitutes a terrorist group. The 5% that were in disagreement concerned Hamas and Hizbullah, two groups at the top of US concerns with TF that also enjoy popular support around the Middle East, including Saudi Arabia, a known financial backer of Hamas.
Politics aside, banks are making noticeable progress in tackling ML and TF, but there is still reluctance amongst Middle Eastern banks to voluntarily adopt higher AML standards in line with global policies as it would put them at a competitive disadvantage. This was reflected in the declining importance senior management placed on AML issues in the KPMG survey, with 88% of respondents in 2004 citing AML as a high profile issue, but by 2007 only 54%.
There is optimism however, with 84% of respondents from banks in the UAE expressing the view that AML regulations should be increased. Indeed, although MENA-FATF has been carrying out country evaluations, to improve AML and CTF in the region commercial and retail banks need to be encouraged to do more, for their reputation as much as curbing money laundering and terrorist financing.

Photo by Paul Cochrane

Saturday, September 13, 2008

Into the Lebanese Night

Beirut nightlife is legendary in the Arab world and beyond. Even so, could it be improved further?

for Aishti magazine

That Beirut has the best nightlife in the Middle East has not been in question since the civil war ended and the capital replaced Jounieh as the country’s prime spot for drinking and cavorting.
Come rain or shine, conflict or peace, Beirut has always offered a vibrant scene, from restaurants to bars, to after-hours clubs.
But as Beirut can be with fashion - fickle to say the least - so is the nightlife scene. Bars open, a trend is set, other spaces are established, and hey presto, a new nightlife hub hits the capital.
Then the Beiruti capriciousness sets in, with the scene moving elsewhere as people tire of that locale or places are run into the ground. So it was with Monot street a few years ago, and now perhaps with the current nightlife hub of Rue Gouraud in Gemmayzieh, after the revival of Downtown Beirut.
There is nothing overly surprising about this – it’s the free market after all – but there is a degree of herd mentality, in not only the setting up of bars, but also how people migrate with the nightlife vibe. And that can lead to what, to some, is a bad sign: homogeneity.
“It seems Beirut has a diverse nightlife but if you scratch the surface you realize there isn’t much diversity,” says Paddy Cochrane, owner of Gauche Caviar and lounge bar Cloud 9 in Gemmayzieh. “I find it curious that 90% of Beirut’s nightlife limit itself to one street - Rue Gouraud. And how many really unique places are there? Very few. Many are a copy with slight adjustments.”
Cochrane may have a point. Many bars on Gouraud are near carbon copies of each other, offering the same drinks, the same menus and the same music in similar interiors. One recent edition to the street allegedly even asked the interior designer of one bar to do exactly the same thing for their establishment. The feeling is that if it works in one place, it will work again. But on the very same street?
Veteran bar owner Michel Saidah, behind nightlife institutions Havana (Jounieh), Pacifico (Monot), and Dragonfly (Gemmayzieh), points the finger at wannabe entrepreneurs setting up bars without any professional experience in the field. But what he thinks is really missing is passion.
“And not only passion, its taste. Those succeeding are the most professional in taste and music, lighting, technical stuff and in solving problems. Also keeping stock. It’s a whole machine, and owners have to give 90-100% of his time to do it,” says Saidah.
“I went to South America, Asia and Europe to get inspired but not to copy, and those ideas are part of your inspiration,” he adds.
Inspiration, like necessity, is the mother of creation. But when you are catering to a mere 10,000 people that are willing and financially able to have a night on the town, numbers can be a problem. On an average week night bar owners reckon between 300-400 revelers go to Gemmayzieh, and over a 1,000 are knocking back cocktails on Fridays and Saturdays.
This has prevented European-style dance clubs and live music venues from opening up. Beirut does have Music Hall, which puts on great live acts from around the world, but the venue doesn’t allow Lebanese artists to perform. And there are a number of Arabic music-orientated venues but they are not always to the taste of the Europhiles.
“People who like Lila Braun have a more difficult choice than those that like Concerto or Casino,” says Andreas Boulos, owner of Torrino Express in Gemmayzieh.
The current political situation obviously doesn’t help, but neither do cash strapped 20-somethings that want to party but can barely afford a shot. This hasn’t stopped people from thinking that larger spaces could, and should, open.
“It’s remarkable, given the Lebanese love of dancing, that there isn’t a European-style night club - the size of Basement - with a proper dance floor in the middle that would get people away from their tables and get the community spirit back,” says Cochrane.
Zeid Hamdan, the producer and musician behind bands Soap Kills, the New Government and electronic band ShiftZ, says that if a venue for alternative live music opened, he “could fill it every week.”
But the idea of opening a place that needs a good volume of people through the doors is fraught with problems. BO18 has survived as the only - and best - place in town for dancing into the small hours. But when the likes of Sky Bar and White are open during the summer months, the action is diverted there away from Gemmayzieh.
“Sky Bar pulled all customers out of the town. Every sales man was saying, ‘Can you believe how many boxes of champagne we sell everyday?’” recalls Boulos. “But that’s the thing, one hub takes it off everyone else.”
So where next for Beirut’s nightlife? Monot Street is making a bid for a comeback with the re-launch of Lila Braun, and bars keep opening in Gemmayzieh, despite the area’s near saturation point.
Boulos thinks that the strategic location of Gemmayzieh will continue to attract new bars.
“Some mention Badaro as a possibility but most likely down to Mar Mikael. We are already from Paul’s to Electricite du Liban, so will probably connect all the way to Art Lounge,” he says.
Ultimately, the question is what kind of nightlife are people looking for?
Beirut isn’t New York or London, lacking both the numbers and the cosmopolitanism of greater metropolises, but considering the population here and what is on offer, there is little to really complain about. Although a bit more passion and a lot less homogeneity wouldn’t go amiss. After all, having the best nightlife in the region doesn’t mean you can’t get even better.