On Sept. 15, 2020, the world witnessed a new era of Israeli-Arab relations as the UAE and Bahrain opened diplomatic relations with Israel, in what is known as the Abraham Accords. Unlike the Israeli-Egyptian or the Israeli-Jordanian peace deals, which aimed to end direct military confrontations, the Abraham Accords seek to maximize common interests and address security issues to form a new front against Iranian threats. As the Biden administration shows a willingness to return to some form of the 2015 Iran nuclear deal, the joint cooperation between Israel and the Gulf states is becoming more visible than ever, particularly in cyberspace, where they share a common enemy. The new partnership should be beneficial to all parties involved as the Gulf states would benefit from Israeli advanced cyber capabilities and technology in securing their critical infrastructure against Iranian threats while Israel would open new lucrative markets for its cybersecurity firms and investors. Joint technical cooperation and information sharing would thereby enable both sides to better address hostile Iranian cyber activities.
Over the last decade, the Gulf states have quietly cooperated with Israel in the cybersecurity field. For example, according to the venture capitalist and former Israeli Knesset member Erel Margalit, Israeli cybersecurity firms assisted Saudi Arabia in fixing the damage caused by the cyberattack against Saudi Aramco that destroyed around 30,000 workstations and constituted the biggest commercial cyberattack at the time. In 2018, The New York Times stated that the UAE had been relying on spyware developed by the Israeli-based NSO Group for surveillance purposes. In 2019, Bahrain invited a senior Israeli official to attend a security conference to discuss possible ways to form an alliance against Tehran’s interventions in the region. Prior to this, Bahraini Foreign Minister Khalid bin Ahmed al-Khalifa supported Israel’s strikes against Iranian targets in Syria, stating that Israel has the right to defend itself against Iranian threats by destroying the sources of danger. This shows part of the early cooperation between the Gulf states and Israel was built on common security interests and challenges. However, the pressing question remains: How will the normalization of relations impact the future of cyber cooperation on both the state and private sector levels?
Gulf cyber vulnerability and Israel’s cyber capabilities
In recent years, the GCC states have embarked on implementing unprecedented digital transformation initiatives as part of their economic diversification and sustainable development plans. In Saudi Arabia, the International Data Corporation (IDC) predicts that spending on IT will exceed $11.1 billion in 2021 with an annual growth rate of 4.2%. Meanwhile, the Saudi government has pledged $500 billion to build the smart city NEOM, which plans to generate zero carbon emissions by relying on the latest technology. The UAE, for its part, has presented itself as one of the most appealing information and communication technologies (ICT) markets in the MENA region, driven by public initiatives that aim to enhance digital transformation and innovation such as the UAEPass app, which helps users receive public services provided by 114 government entities, as well as the e-learning Madrasa platform, which provides 5,000 free educational videos that benefit 50 million students. Overall, ICT spending is expected to increase in the UAE at a compound annual growth rate (CAGR) of 8% during the period 2019-24 to reach $23 billion in 2024. Meanwhile, in Bahrain, as part of its efforts to overcome the decline in oil prices and oil reserves, the government has announced ambitious plans to transform the island country into a regional hub for technology and innovation through liberalizing its ICT sector and introducing pioneering digital legislation and regulations. However, all of these digital development efforts have also exposed the region to significant cyber threats and challenges posed by both state and non-state actors.
A recent survey conducted by Tenable stated that 95% of Saudi businesses experienced operation-impacting cyber threats last year. The survey also revealed that 85% of Saudi participants indicated a significant rise in cyber threats in the past two years that led to loss of data, ransomware payments, or financial losses. Furthermore, the Israeli Institute for National Security Studies’ report concluded that Saudi Arabia is among the most cyber-targeted countries in the world and it is believed that Iran is the main source of these attacks. For example, 42% of the cyberattacks conducted by the Iranian-identified APT33 group were directed against the kingdom. The report also highlighted that Saudi Arabia remains highly vulnerable to cyber attacks as a recent study illustrated that only four out of 10 Saudi business leaders stated that their entities were ready to cope with cyber threats. Additionally, the UAE’s head of cybersecurity, Mohamed al-Kuwaiti, announced that his country has witnessed a 250% rise in cyberattacks amid the Gulf-Israeli rapprochement. In 2016 around 5.1 billion dirhams ($1.3 billion) were lost in the Emirates due to cybercrime, while the Dubai Police reported that one in five residents in the UAE was exposed to cybercrime in 2015. Kuwait, too, is one of the most targeted countries in the region. A recent Bitdefender report revealed that the Iranian APT group has targeted air transportation and public entities there and in Saudi Arabia. These cyber vulnerabilities are making the GCC a robust market for the cybersecurity industry, one that is expected to achieve a CAGR of 5.9% during 2017-2030.
Meanwhile, Israel is at the forefront of global cyber technology. Its cybersecurity industry represents around 31% of the total investments in the global market while its cybersecurity exports reached $6.85 billion in 2020. Over the years, Israel has established an integrated cybersecurity framework that concentrates on developing cyber robustness, resilience, and capacity. The Israeli government has also mobilized significant funding for cybersecurity R&D programs, which have enabled the country to develop into a global hub for leading cybersecurity companies and research centers at the Advanced Technologies Park in Beer-Sheva. Furthermore, the availability of qualified human capacity has played a key role in the rise of Israel’s cyber industry as the country offers unique cybersecurity courses for middle school students along with advanced cyber courses taught in Israeli universities. Generally, the Israel Defense Forces (IDF) strategy is guided by the four principles of David Ben-Gurion’s defense doctrine: deterrence, decisive victory, early warning, and alliances. Thus, creating partnerships and enhancing strategic collaboration are at the core of the Israeli vision, which encouraged it to engage and cooperate with Western and Asian countries to maximize its cyber capabilities. However, this opens the door for speculation about the nature and mechanisms of cooperation between Israel and the GCC states when it comes to tackling the joint cyber threats posed by Iran.
Glimpses of joint cyber cooperation
Following the normalization of relations between Israel and the UAE, the cybersecurity chiefs of both countries had an unprecedented public meeting to discuss how to address common cyber threats through extending cooperation and channels of communication. Certainly, private sector engagement represents the most agile approach to building an integrated ecosystem that boosts Israeli-Gulf cyber cooperation on the state and non-state levels. Even in the case of Saudi Arabia, which has not yet normalized its political relations with Israel, potential collaboration on the private sector level is looming. According to The Jerusalem Post, Israeli companies are covertly negotiating with Saudi Arabia’s Public Investment Fund on possible ways to exchange the expertise and technical skills needed to complete the Saudi smart city NEOM. Many media reports have indicated that various GCC firms have been recruiting Israeli cybersecurity experts and former intelligence officials. Haaretz reported, for example, that an Abu Dhabi-based cybersecurity firm persuaded several graduates of the IDF to work with the company. Meanwhile, reports also suggest that the UAE-based firm DarkMatter is actively headhunting Israeli experts working at Unit 8200, Israel’s elite cyber force. In fact, the rise in cyber incidents against the GCC and Israeli targets could accelerate the process of establishing a cooperative business-oriented framework that enhances alignment and coordination to tackle potential cyber threats through the exchange of insights and analytics on common security issues.
Indeed, the beginning of state-level cooperation between the GCC and Israel is becoming more evident. According to Haaretz, the UAE and Israel are currently sharing intelligence and information on Hezbollah’s recent cyber activities. Moreover, during the Cybertech Global Conference held in Dubai, the UAE’s head of cybersecurity called for joint cybersecurity exercises with Israel to exchange expertise and to prepare to deter potential attacks. He also announced that the Israeli and the Emirati emergency response teams will be sharing information during the upcoming period to help both countries handle cyber incidents and encouraging businesses to widely collaborate. To create a more cooperative ecosystem, some analysts have called for establishing a Multi-State Information Sharing & Analysis Center that aims to enhance the capabilities of involved partners in preventing, responding, and recovering from cyber threats. This center can build on the recent rapprochement between the GCC and Israel to build integrated inter-state cybersecurity strategies that could help competent authorities collegially and collaboratively respond to common challenges as well as share best practices and real-time intel.
Iranian-Russian cyber counter-rapprochement
At the same time, another cyber alliance in the region is currently being formed between Iran and Russia. On Jan. 26, 2021, Iran and Russia signed a joint cybersecurity cooperation agreement that includes technology transfer, training, information sharing, and bilateral collaboration during international events. Although it is believed that this cooperation will focus on improving Iranian cyber defenses rather than supplying Iran with offensive capabilities due to the two countries’ ideological differences and conflicting objectives, this cooperation still poses a challenge to Iran’s rivals in the region. According to the Council on Foreign Relations, Russia could provide Iran with cyber defense systems and training to address its defensive deficiencies, which will make potential cyber attacks against Iranian targets more costly and challenging in the future. Moreover, Iran could in turn provide Russian technologies and techniques to its proxies in the region, such as Hezbollah and the Houthi militia, which could be used against Gulf or Israeli targets. Finally, Russian cyber teams could be sent to Iran to observe Iranian networks and examine the U.S. or the Israeli malware used against Iran, helping both countries to enhance their defensive capabilities against future attacks.
Ahmed El-Masry is a Graduate Research Fellow with the MEI Cyber Program and a public policy graduate student at the American University in Cairo (AUC). His research focuses on digital policies, cybersecurity, and cyber-politics in the MENA region. The views expressed in this article are his own.
Photo by KARIM SAHIB/AFP via Getty Images