President Biden vowed to expand cyber cooperation with Israel and Saudi Arabia on his trip to the Middle East last week, a move experts see as a direct response to the rising digital threat from Iran.
The U.S. and Saudi Arabia signed bilateral agreements to strengthen their cybersecurity partnership and share information related to cyber threats and malicious actors, while Israel and the U.S. pledged to ramp up collaboration to combat cybercrime.
“In both cases, we have to acknowledge that Iran is the primary driver of a lot of what happened during Biden’s trip, and this extends to cyber space as well,” said Jason Blessing, a research fellow at the American Enterprise Institute.
Blessing said the common enemy of Iran provides a window for the U.S. to forge stronger alliances between the two middle eastern countries, which have been in secretive talks to possibly establish official relations.
“I would say the number one geostrategic priority [for the U.S.] is getting both countries on the same page when it comes to Iran,” Blessing said.
And Iran is a formidable foe in cyberspace.
Though not yet at the level of Israel, Iran has proven capable of launching all types of cyberattacks, ranging from website defacement and distributed denial-of-service attacks to ransomware and cyber espionage.
In June, the FBI said it thwarted a cyberattack last summer that was intended to disrupt the network of the Boston Children’s Hospital. FBI Director Christopher Wray blamed Iranian-backed hackers for the attempted attack, calling it “one of the most despicable cyberattacks” he’s ever seen.
Iran has also been accused of carrying out cyber espionage operations against Western media. A report published last week by cybersecurity firm Proofpoint details how state-sponsored hackers from several countries, including Iran, have regularly spied on U.S.-based journalists to gain access to sensitive information.
In Iran specifically, researchers uncovered that hackers impersonated journalists to gain access to their networks and reach out to sources that have expertise in Middle Eastern foreign policy.
Last year, Proofpoint researchers discovered that an Iranian hacking group targeted two dozen senior medical professionals in the U.S. and Israel with phishing emails in an attempt to obtain personal account credentials.
Israel, in response to the rising Iran threat, announced in June that it plans to build a “cyber dome,” a national defense system intended to fight against digital attacks.
“Iran has become our dominant rival in cyber,” the head of Israel’s National Cyber Directorate, Gaby Portnoy, said during a conference in Tel Aviv. “We see them, we know how they work, and we are there.”
Portnoy added that Israel “cannot fight cyber aggression alone,” adding that his country needs to engage with various partners at home and abroad, including the private sector and academia.
James Lewis, a senior vice president and director with the strategic technologies program at the Center for Strategic and International Studies, said the Saudis’ cyber capabilities are not as sophisticated as Israel and Iran.
“The Saudis have been working on improving their [cyber] capabilities for a long time but the rate of progress has been slow,” Lewis said. “If you look at the Middle East, Israel and Iran are the leading cyber powers.”
Still, building up cyber cooperation in the region is part of a broader U.S. strategy to counter Iran.
“The U.S. is promoting alliances around the world and cyber is a crucial part of those alliances,” Lewis said. “Iran is one of the leading cyber threats…so coming up with ways to push back on Iran is in the interest of all three.”
However, both Israel or Saudi Arabia bring baggage into the cyber agreements.
Blessing of the American Enterprise Institute said the Saudis are likely to use cyber as a domestic surveillance tool to spy on dissidents, human rights activists, journalists and political opponents. And Israel’s NSO Group has been a leading provider of invasive surveillance tools used by government’s like Saudi Arabia to do just that.
Blessing said he was disappointed that Biden didn’t mention the use of spyware during his trip, particularly given Israel’s global role as main developers and distributor of the malicious software.
“The fact that spyware was not on the agenda shows that the administration doesn’t have a positive agenda for asserting U.S. interests and values into the digital space,” Blessing said.
U.S.-based defense contractor L3Harris reportedly ended its bid to buy hacking tools from NSO Group last week, following concerns raised by the Biden administration last month that the acquisition of the spyware would “pose a serious counterintelligence and security risk to U.S. personnel and systems.”
The concerns also prompted the Department of Commerce in November to add NSO Group to its entity list, blacklisting the Israeli company and limiting its ability to use U.S. technology.
Yet the issue was not publicly mentioned when Biden visited last week, despite the U.S. saying that human rights are central to its foreign policy.
“To the administration, spyware seems less of a priority than any initiatives to counter Iranian influence and political presence,” Blessing said.