Legislation proposed this week in the US aims to set up a joint cybersecurity apparatus between the US and Israel. The announcement comes in the context of increased tensions in the middle east, and in the wake of a number of high-profile cyberattacks.
It promises to increase collaboration between the two countries when it comes to protecting both citizens and infrastructure against cyberattack, leveraging the expertise and resources of both countries to provide extra capability for each.
The Joint Initiative
The legislation has been proposed by a pair of US senators. Sens. Jacky Rosen of Nevada and Mike Rounds of South Dakota introduced the US-Israel Cybersecurity Center of Excellence Act on Tuesday.
The aim of the act is to join multiple information sectors so that they can share information – and potentially systems – between the two countries. The program would be driven by experts in academia, government, and from the corporate sector. By bringing together experts in this way, it is hoped that the experience gained in each country can inform cybersecurity in the other.
For Rosen, one of the senators involved, working with US allies on cybersecurity is just as important as working with them in other areas of defense. “By collaborating with our allies, we can better strengthen our cybersecurity defenses,” he said.
He went on to praise the efforts and expertise that already exist in Israel, which has become a center of excellence when it comes to cyberdefense. “This bipartisan legislation would help us take much-needed steps towards establishing a joint cybersecurity research center with Israel, our closest tally in the Middle-East and a major hub for new and emerging cybersecurity technologies,” said Rosen.
Others have noted that the two countries already work together across a range of different sectors. There is much cooperation between the Us and Israel in the energy and water sectors, for instance. These sectors are also – potentially – high-value targets when it comes to cyberattacks, and so it makes sense, according to the Senators, to unify the approach to defending them.
The Strategic Picture
This announcement comes at a critical time for both relations in the middle east, and for the state of cybersecurity more generally. Both the US and Israel have significantly developed their cybersecurity apparatus over the past decade, largely in response to attacks on their infrastructure from Iran and Russia.
These defenses have extended – sometimes controversially – to the surveillance of citizens in both countries, and the sharing of “SigInt” (Signals Intelligence) between them. Both countries claim that this surveillance, and the sharing of information, is helping to reduce two types of threats: both that of domestic terrorism, and the growing threat of cyberwarfare. In Israel, many people feel that surveillance is helping to reduce terrorism, but attitudes in the US are more divided.
Concerns about the US role in strategic cyberwarfare have increased even over the past few weeks. The US launched a cyberattack on Iran in the last few days, and some analysts have argued that this represents a dangerous escalation. Cyberwarfare is still not legislated for at an international level, and there are few safeguards in place to identify and sanction the perpetrators of this kind of attack.
The recent joint initiative also comes at a time when citizens, in both the US and Israel but also around the world, are increasingly concerned about the amount and type of data that their governments are collecting in the service of cybersecurity.
Putting numbers on the level of concern over data privacy is difficult, but recent large-scale research conducted by Big Brother Watch, shows that over 80% of the respondents across Australia, India, Japan and the Republic of Korea are concerned about online privacy. In another survey supported by the World Economic Forum, between 40% and 70% of the respondents from several countries (with an average of 58%), value online privacy irrespective of the level of Internet diffusion. The same survey also reveals that 59% of the respondents believe that their privacy is not sufficiently protected when they use the Internet.
These surveys indicate that there is a worldwide concern that the privacy of citizens is not being respected, and that cybersecurity programs like the one recently proposed can undermine the rights of citizens. In this regard, it is not surprising that the usage rates of VPNs, secure browsers, and other privacy tools are rapidly increasing around the world.
Addressing these concerns, whilst still maintaining effective cyber defenses, will be difficult. The European Union has arguably gone furthest in this regard, having introduced legislation in all member states (the GDPR) that aims to protect the way that companies and governments can use citizens’ data.
The US might not be far behind, however. A recent wave of attacks on businesses in the country has put a renewed emphasis on cybersecurity for SMEs, and some have suggested that the country should introduce a department of cybersecurity at a federal level. Whether this will address citizens’ concerns remains to be seen.
The New World
At the broadest level, however, the proposed joint initiative is welcome. Collaborative programs like this acknowledge that many of the challenges that countries face today – whether in the realm of cybersecurity or other sectors – can only be addressed internationally.
The initiative also implicitly acknowledges that a new battleground is opening up – that of cyberspace – and that this is likely to become as important as more ‘traditional’ forms of defense over the next few years. We are likely to see an increased level of attacks against both countries, whether from Iran, Russia, or any number of other states and actors, and these can only be dealt with through co-operation.