News Stay informed about the latest enterprise technology news and product updates.

Opinion: Yemeni CERT could turn the tide for Millennials

Providing order and security for the Internet in Yemen, where half of the population is under 18, could provide opportunity in a faltering nation.

The youth of Yemen are reaching for a cyber future. To get there, 13 million Yemenis under the age of 18 (fully one half of the population) need an Internet infrastructure that provides stability and access to the world. For that infrastructure to exist, the country needs the same basic components that make any nation's information systems stable and secure. Yemen needs a national cybersecurity center, a Yemen CERT.

In 2011, the students of Sana'a University in Yemen's capital city rose up along with Arab Spring movements across the Middle East and ousted their dictator, Ali Abdullah Saleh. Prior to that date, Internet penetration in the country stood at less than 1.8%, and what infrastructure existed was unreliable and insecure. Today, the use of smartphones to access the Internet, particularly among the young, is skyrocketing, while the nascent private sector strains to keep up with demand.

Beyond a deep and resonant history, Yemeni's youthful population seeks a future that a secure Internet could provide.

But when I initially looked at the Yemeni cyberinfrastructure in the summer of 2012, the first thing I saw was a Zeus Trojan virus embedded on the Yemen Central Bank website, siphoning off scarce resources. This was only one of several easily found validations that the Yemeni cyberlandscape was not to be trusted. An almost complete lack of security capabilities in the nation has this emergent Yemeni Millennial population living in an Internet backwater rightly seen by others as a cyber-pariah.

With no national control of basic security for its Internet infrastructure, the nation is ripe for exploitation by cyberterrorists and organized crime. There can be no opportunity to create virtual businesses or export the legitimate skills of a cyberworkforce when any diligent Western IT manager correctly views a Yemeni IP address as a virtual Typhoid Mary. Where there is not sufficient trust to perform even the simplest Internet business activity, there can be no opportunity for Yemen's Millennials.

In November of 2012, I talked with several hundred Yemeni students at Sana'a University about this choice of two worlds. In the lecture hall with them were the deans and politicians who will need to take responsibility for providing them the opportunity they seek. After my talk, dozens of these students crowded the stage looking for guidance and reassurance. I cannot do justice relating in text to the intensity, sincerity and desperation of these young people for someone to show them an alternative to the reality that has been around them all of their lives.

With the support from regional allies such as Qatar, Saudi Arabia and the United Arab Emirates, Yemen can build the basic cybersecurity infrastructure necessary to make the Yemeni cyberlandscape safe for international engagement. These nations are willing to provide that assistance and in turn deserve the support of Western nations, and the United States in particular.

Those of us in America who have an interest in encouraging the next working-aged generation of Yemen to follow a path other than crime and international terrorism have every reason to support the development of a stable cyberculture there. With a tiny splinter of the cost and effort we spend hunting down and killing a handful of Al Qaeda in Yemen, we can provide the expertise and guidance to keep millions of Yemeni children from following malignant examples. The cost of not providing an alternative to the poverty-driven desperation that supports these terrorist groups will be exponentially higher in human and economic terms.

Supporting the establishment of a Yemen CERT aligns with all of America's foreign policy goals in the region. It denies a cyber safe harbor to our declared enemies. It denies these same enemies the legions of impoverished and enraged foot soldiers they need to carry their evil legacy forward. It demonstrates the goodwill of our nation in the only way that matters: giving the parents and children of Yemen a reason to hope for a better future. It strengthens the budding public sector in Yemen, allowing the people a chance to build an economic future of their own, free from the cloying darkness of poverty and the shame of surviving on donations.

A Yemen CERT strengthens the position of the entire region in resisting the advances of the enemies of peace. As the Assad regime crumbles in Syria the terrorist sponsors in Iran seek other footholds on the Arabian Peninsula. An economically sound Yemen populated by an educated and connected Millennial generation is the last thing Iran wants to see; a well-founded Yemen CERT is the first solid step on the road to denying Iran influence. The bulwark of nations across the Persian Gulf from Iran are further strengthened with a reliable ally to their south in Yemen; a Yemen CERT is a key to providing them that support.

The current political leadership in Yemen is aware of the demands of their youth population. I met with senior federal political leaders during my visit and they expressed strong support for the creation of a national cybersecurity center. Some basic physical and organizational structure exists in the Ministry of Telecommunications and could be used as a foundation for early Y-CERT development. The political motivations of Yemeni leaders to be seen by their powerful youth population as advancing their best interests is evident throughout the public sector.

Today, the only conversation in America regarding Yemen is on the ethics and efficacy of drone strikes. It is time for America and other nations to start helping the youth of Yemen find a positive direction for their passions and energy, to provide a demonstration of the tools we use at home to keep our own nation strong.

Chris Blask serves as chair of the Industrial Control System Information Sharing and Analysis Center (ICS-ISAC).

This was last published in March 2013

Dig Deeper on Information security incident response

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.