Authors: Dr. Kristian Alexander and Justine Mazonier*
The Gulf region is increasingly digitalized. Futuristic projects are implemented in the Peninsula and have transformed its security architecture. GCC states are increasingly using these new technologies to ushered in a new era for their economies with the building of modern cities (such as the Saudi NEOM project or the Emirati and Bahraini smart cities).
However, the emergence of cyber and digital capabilities has opened up new vulnerabilities. The Gulf States have not yet been able to develop a comprehensive cybersecurity system to protect their governmental structures, critical facilities, companies and individuals from such threats. For example, according to the Potomac Institute, Saudi Arabia was ‘still insufficiently prepared in all essential elements of cyber readiness.’ The Cyber Readiness Assessment 2.0 provides some insights to understanding the gaps in Saudi cybersecurity. The Saudi National Information Security Strategy fails to provide specific guidelines and a consistent cybersecurity architecture. Very often, various ministries, companies and other entities develop their own cyber strategies independently, thereby creatingimportant gaps in the national cybersecurity. Moreover, with the coronavirus crisis, these threats have increased with the multiplication of phishing and malware attacks. In such an environment, the Gulf States need experienced partners to enhance their cybersecurity systems.
Israel is the most advanced country in the Middle East in terms of cybersecurity. The CEO of the Emirati cybersecurity company DarkMatter stated that the “only country in the region that’s strong in cybersecurity is Israel. Since 2010, the Israeli government particularly encourages the development of an integrated cyber ecosystem to counter external threats. The Israeli government has massively invested in venture capital for/of ‘high risk’ Research & Development programs. It has developed its national cyber capabilities among its institutions and in the civilian field that form an integrated cyber ecosystem. For example, The Advanced Technologies Park in Israel’s city of Beer-Sheva gathers the most dynamic cybersecurity companies with public cyber structures. Since 2015, several multinationals can be found there, such as Oracle, Dell EMC, IBM, and Deutsche Telekom, with their research and development centres alongside the National Cyber Research Institute, the national emergency response, the National Cyber Security Authority, Ben Gurion University and the cybersecurity centre from Tsahal. Israel is also a unique case regarding the teaching of cybersecurity in Middle School, encouraging the continuous emergence of experts in the cybersecurity field. Most of the Israeli universities offer degrees related to this field.
According to Dr Lior Tabansky, co-author of ‘Cybersecurity in Israel’ and Head of research development at The Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University, Israel is a cyberpower mainly due to many of its tech firms being staffed by ex-military personnel. The Israeli Defense Forces have served as a kind of incubator for cyber talent and there are close ties between the cyber security sector and the IDF. Young Israeli’s serving their mandatory military service in tech units are often exposed to real world cyber threats and have frequently developed solutions that have then translated into the private sector jobs.
In theory, this Israeli expertise in intelligence and cyber warfare could mitigate the vulnerabilities of the Gulf countries that are eager to cooperate. With the reconnaissance agreement ratified with the UAE and Bahrain, Israeli commitment to the development of economic and diplomatic ties with the Gulf became visible. However, the cooperation with the Gulf States in cybersecurity opens new windows of vulnerability for the concerned states.
Why are the Gulf countries ready to cooperate with Israel on cyberspace?
Officially, Israel and the Gulf countries claim that their cooperation aims at repelling the Iranian threats in cyberspace. The GCC states would learn from the Israeli expertise to enhance their own technical capabilities of cybersecurity.
The biggest state-sponsored threat comes from Iran. The number of Iranian cyber-attacks may increase due to the current geopolitical context and its financial difficulties in supporting its proxy network. Iran developed its respective cyber capabilities since the Stuxnet attack in 2011. During the following decade, it retaliated against the USA and Israel. However, with the improvement of their cybersecurity systems, Iranian hackers have increasingly targeted Gulf countries that are less protected. Iranian cyber experts have trained hackers located among their proxies and encouraged them to launch attacks against their enemies. In 2015, the Yemen Cyber Army targeted the Saudi Minister of Foreign Affairs and leaked confidential documents on the Iranian media. An Iranian official claimed that the group was able to obtain the addresses, phone numbers and emails of top Saudi diplomats, Foreign Ministry staff, secret agents and army personnel, as well as classified files and correspondence of senior Riyadh officials with other countries and governments dating back to the early 1980s.
Saudi Arabia has tacitly cooperated with Israel since 2012, in the wake of the cyber-attacks against the Aramco and RasGas facilities. Erel Margalit, an Israeli entrepreneur, reported that Israeli cybersecurity firms arrived in Saudi Arabia to repair the damages. Bahrain has also cooperated with Israel following the Iranian attacks against its National security agency, Interior Ministry and electricity and water authorities. In April 2020 Iran targeted Israel’s water utility network. According to IBM’s “2019 Cost of Data Breach Report”, data breaches in Saudi Arabia have amounted to $6m in that year alone. According to Kaspersky Lab, Saudi Arabia ranked at the 20th spot of the most attacked countries in cyberspace in November 2020. These attacks have increased the links and cooperation between these states against a common enemy.
Israeli cyber companies collaborate with Gulf countries for more dubious reasons. Cyber capabilities are often employed to prop up the image of the regimes, censor the population or discredit competing states.
Technological means rendered available by Israeli companies such as the Pegasus spyware are used against regional competitors. The New York Times reported in August 2018 of a potential link between the use of the Pegasus Israeli spyware and the UAE against various representatives in the Gulf region. According to documents collected from a lawsuit gathered by the New York Times, in June 2017, 159 members of the Qatari royal family and representatives would have been targeted by the NSO spyware. The UAE is alleged to have used the spyware to monitor phone calls of a Saudi prince, Mutaib bin Abdullah, who was considered at the time to be a potential candidate for the Saudi throne.
GCC states used these tools to keep track of and implement surveillance against political dissidents as well as engage in censorship. GCC states started to develop their cyber capabilities following the popular demonstrations during the Arab Spring. The Gulf Countries endeavoured to enhance their intelligence capabilities to avoid a similar situation on their territory. GCC states centralized their cyber tools to increase their control over the population. Similar to China, and Russia, they implemented specific legislation on cyber-crime that can be construed in a very obscure way and allows authorities to prosecute political dissidents. For example, in 2007, the Anti-Cyber Crime Law was adopted in Saudi Arabia. This law is theoretically protects users from cybercrimes. However, it has provisions that curb freedom of expression. For example, the ACCL may prosecute any individual “producing something that harms public order, religious values, public morals, the sanctity of private life, or authoring, sending, or storing it via an information network.”
The cybersphere is a field through which Israel can improve its diplomatic ties with the Gulf countries. This cyber cooperation is first encouraged in the private sector through Israeli and Gulf companies and joint ventures. However, these companies can be linked to the interests of the Gulf States and encourage them to maintain their relations with Israel in a more integrated ecosystem.
The normalization agreements between the UAE and Bahrain with Israel are but two examples of the concretization of the economic and private cooperation between these states that will very likely spill over into stronger diplomatic ties. Moreover, “the UAE-Israeli normalization lends itself to expanding the realm of indirect Saudi-Israeli relations,” said Aziz Alghashian. Saudi Arabia uses Israeli expertise in the framework of its NEOM project. The Israeli company Checkpoint collaborates with Saudi Arabia in the building of this futuristic city. This project fosters the creation of a new ecosystem whereby Israel provides the technical skills needed and the Gulf States their economic resources, ultimately shaping into a Middle Eastern style Silicon Valley. The NEOM project would indirectly encompass the Egyptian Sinai province and link the Israeli Negev region. The creation of NEOM “requires peace and coordination with Israel, especially if the city is to have a chance of becoming a tourist attraction,” said Mohammad Yaghi. However, the Gulf States seemingly face more difficulties to cooperate in the cyber field and have a harder time proposing an overarching integrated cyber strategy. Gulf countries often collaborate individually with the USAoncybersphere issues. For example, the USA and Saudi Arabia integrated cyber collaboration within their security cooperation aiming at stabilizing the region.
How can Israel bring its expertise to the Gulf countries?
Gulf cybersecurity companies managed to attract Israeli employees from the 8200 Unit, an Israeli intelligence branch specialized in SIGINT and code decryption. According to Haaretz, DarkMatter, a private cybersecurity firm based in Abu Dhabi, enticed several Israeli employees to develop this company. According to Reuters, DarkMatter was originally an intelligence project run by former CIA and NSA agents in the UAE until 2016. DarkMatter currently includes around 650 employees stationed in the UAE, Singapore, China, Finland and Canada. Israeli operatives filled the gap left by the departure of CIA and NSA experts that were part of the project. According to Yedioth Ahronoth, DarkMatter has offered large financial packages (salaries of 100,000 dollars per month, in addition to bonuses and luxurious homes in Cyprus) for Israeli experts from the 8200 Unit. Amnesty International accused DarkMatter of having led intelligence and surveillance against journalists, reporters, activists inside and outside of the UAE. In 2019, Mozilla and Firefox withdrew certification user for the company. In 2017, the New York Times reported that the NSO group (an Israeli cybersecurity company) lost 8200 graduate employees who moved to Cyprus in order to work for the research and development offices of DarkMatter. According to the Times of Israel, several Israeli programmers were working for DarkMatter in Singapore and Thailand. This information could, however, not be confirmed by other sources. The same source suspects a collaboration between DarkMatter and the UAE Signals Intelligence Agency (an organization linked to the UAE intelligence services). This potential collaboration could trigger the disclosure of sensitive information on the digital security infrastructure of Israel among Gulf countries.
Israeli companies bring technical expertise to Gulf companies. The Israeli NSO company sold its Pegasus spyware to Gulf countries. This spyware can be downloaded on smartphones of the targeted individuals and collects their personal information, conversations and movements. Citizen Lab reported in 2016 that Ahmed Mansoor, an Emirati political dissident and Omar Abdulaziz, a Saudi critic were spied on with this tool. The discussions between Omar Abdulaziz and Jamal Khashoggi were also collected via this tool and assisted in the operation that killed the Saudi journalist in October 2018. Al Jazeera reported that Saudi intelligence officers met with NSO representatives in 2017 for the acquisition of Pegasus 3. The latest version does not require any actions from the unassuming user to activate the spyware on his/her phone.
However, according to Haaretz, there is a risk of transfer of Israeli intelligence properties to the Gulf countries through these 8200 veterans. Former operatives, stemming from this unit working for the Emirati cyber companies, can divulge sensitive information and techniques about Israel to the UAE. The CIA and NSA agents working on the Dread project in the UAE experienced this security gap firsthand when Emirati and American operatives launched cyber-attacks against American targets.
Another risk emanates from the absence of export control for cyber weapons from Israel. Since April 2019, the Israeli Minister of Defense granted the withdrawal of licenses for some cyber products like spyware. The international market for such devices is growing. The Israeli Minister of Defense expressed its willingness to increase its potential through the easing of regulations. For Israel, cybersecurity represents a 4 billion dollars per year business. The Gulf countries are increasingly becoming privileged customers. However, the Israeli government has deemed its commercial interests to be more important to the country and is willing to prioritize economic gains at the expense of the preservation of its privileged cybersecurity technology. “But I think we have to take the risk, and it’s a considerable risk, of regulating less in order to grow more,” Prime Minister Benjamin Netanyahu stated during a conference in June 2019. Reuters reported that the export of cyber technologies with offensive and defensive capabilities would fall under the responsibility of the Ministry of Economy (Ministry of Industry & Trade).
*Justine Mazonier is an intern at Gulf State Analytics, a Washington, DC-based geopolitical risk consultancy.
