Cybersecurity Iran Israel Middle East North Africa Politics & Diplomacy Technology & Innovation The Gulf
MENASource May 19, 2023

Regional cyber powers are banking on a wired future. Expanding the Abraham Accords to cybersecurity will help.

By Thomas S. Warrick

The Abraham Accords is one of the major diplomatic achievements of the last five years. This historic agreement normalized relations between Israel and the Arab countries of Bahrain, Morocco, Sudan, and the United Arab Emirates (UAE), in partnership with the United States. Following the initial burst of activity late in the Donald Trump administration, the accords’ first expansion under the Joe Biden administration was announced in Tel Aviv on January 31, when Bahrain, Israel, the UAE, and the United States said they would widen the scope of the accords to include cybersecurity.

The January announcement by US Department of Homeland Security Under Secretary for Strategy, Policy, and Plans Robert Silvers was, like the accords themselves, a surprise that seems perfectly logical in hindsight. Israel and the Arab countries who participated in the announcement are among the Middle East and North Africa (MENA) region’s most dynamic economies, with substantial public and private investments in high tech being an important factor in each country. These countries face threats from hostile actors, and defending their technology and their peoples is a challenge. A challenge shared can lead to a challenge overcome.

Cyberattacks from nation-states and cybercriminals affect everyone

Each of the countries involved, with the possible exception of Morocco, has recent historical reason to be concerned about protecting its people and its industrial base—cyber and non-cyber—against cyberattacks. The greatest threats come from the Islamic Republic of Iran and cybercriminals—and the two overlap like Venn diagram circles.

Iran uses a well-documented peculiar sense of symmetry in how it conducts cyberattacks. Iran has an especially aggressive cyber offensive state capability for a country its size. Most of Iran’s nearby peers in population (ex: Turkey, Congo, Thailand, and Tanzania) or GDP per capita (ex: Bosnia, Namibia, Paraguay, and Ecuador) do not mount offensive cyberattacks or information operations against other countries on the scale that Tehran does. Iran and Israel have been engaged in “gray zone” cyberattacks against each other for more than a decade, and Iran has carried out various kinds of cyber operations against Israel, Saudi Arabia, Bahrain, most of the Arab countries of the Gulf, and the United States.

Cybercrime is another threat that has increased in recent years. The United States has convened two international conferences on ransomware, with the most recent being held in October-November 2022. The UAE and Saudi Arabia were reportedly the main targets in the Gulf for ransomware attacks, according to media reports, but other Gulf Arab countries are also at risk.

Complicating the picture is the fact that Iran often uses private contractors to carry out cyber operations—sometimes those entities carry out cyberattacks for profit as well. This complicates attribution and gives Tehran a patina of plausible deniability.

These factors make deterring cyberattacks especially difficult in the Middle East. The United States has sometimes retaliated against Iranian cyberattacks by carrying out operations against the perpetrators. However, the logic of deterrence requires an ability to impose costs that surpass the adversary’s perceived gains from the conduct in question. Iran has shown limited susceptibility thus far to being deterred by the US or others’ cyber operations. This makes cyber defense even more important.

Setting aside old rivalries to work together on cybersecurity is now in everyone’s interest

Iranian cyber behavior, the rising threat of cybercrime, and the inability so far to deter these behaviors have made it imperative that Israel, the Gulf countries, and the United States work more closely on civilian cyber defense.

Network imperatives make it important that this collaboration be both at network speeds and peer-to-peer. Cybersecurity needs to move quickly to be effective at addressing threats, which means that governments facing common threats should work together. The architecture of pre-Internet times allowed for hub-and-spoke information sharing in a situation where several governments were regional rivals but all had a common ally they could trust (usually, an ally that was considerably far away).

As a result, the United States could simultaneously be an ally of Israel and most Arab countries in the Middle East, and each of the countries would be willing to share information with the United States, even if they wouldn’t do so with each other (France and the United Kingdom have played similar roles with different sets of countries). Each country could trust the United States to protect its sources and methods while working for the common good, which, in earlier days, was focused on keeping the Soviet Union at bay.

For a time, this approach worked in cybersecurity. But this is no longer the case. Al-Qaeda and the Islamic State of Iraq and al-Sham (ISIS) were social-media savvy but lacked the resources and deep bench of a nation-state, allowing the United States and MENA to limit terrorists’ efforts to raise funds and recruit new fighters.

Today, Iran, even under sanctions, has far more resources than al-Qaeda ever did to use cyber tools to target Israel and the Gulf Arab states. While there are signs that a lack of funds holds back some of Iran’s cyber operations, cyberattacks are still remarkably cost-effective. Cybercrime raises enough funds to enrich organized gangs to run their own 24/7 ransomware help desks. “Ransomware-as-a-service” is now an actual thing.

The countries in the MENA region still face a number of challenges in the cyber domain. The use of Chinese technology by some countries raises fears of possible network penetration. Each country needs to work out how privacy norms and expectations should govern electronic surveillance tools, because the abuse of those tools has become an international concern. US concerns over “spyware” has already led to an executive order against the use of commercial tools that pose a risk to national security or have been misused to enable human rights abuses around the world.

A number of countries in MENA—Israel, Bahrain, and the UAE included—are increasingly becoming regional cyber powers and are banking on a wired future. Many governments in the region are trying to stimulate local investment in the digital sector, and protecting small but growing companies from cyber threats is becoming a significant business, with market research experts estimating a doubling of dollar volume in five years. The UAE’s new National Security Strategy aims to train more than forty thousand cybersecurity professionals and encourages Emirati students to pursue a career in this field.

To the private sector, an agreement among Abraham Accords members is more than just a sign of possible government-to-government cooperation. The agreement gives a valuable green light for direct business-to-business exchanges that could benefit the economy of the region. It may also heighten the value of joining the accords for other nations facing cyber threats, such as Saudi Arabia.

Given the importance of a closer cybersecurity partnership among Israel, key Gulf Arab states, and the United States, broadening the Abraham Accords to include cybersecurity is an eminently sensible approach. Like other parts of the accords, expanding them to include cybersecurity will have a lasting impact if cooperation leads to real benefits in security and commerce, making the Middle East more secure and prosperous than ever before.

Thomas S. Warrick is the director of the Future of DHS project at the Scowcroft Center for Strategy and Security’s Forward Defense practice, and a senior fellow and the Scowcroft Middle East Security Initiative at the Atlantic Council. 

Further reading

Image: Eugene Kaspersky, Chairman and CEO of Kaspersky Labs, speaks at a Tel Aviv University cyber security conference June 6, 2012. Kaspersky, whose lab discovered the Flame virus that has attacked computers in Iran and elsewhere in the Middle East, said on Wednesday only a global effort could stop a new era of "cyber terrorism". REUTERS/Baz Ratner