Israel’s Defense Ministry is easing its rules on the marketing and export of both offensive and defensive cyber weapons, and that is causing consternation amongst global cyber security experts and human rights groups. In the past, Israel has been much more deliberate about whom it sells cyber weapons, but that policy is now changing as Israel looks to become a much bigger player in the global market for cyber weapons exports.
The significance of the new rules on cyber weapons
In a worst-case scenario, the easing of restrictions on the sale of cyber weapons could completely change the paradigm of modern cyber warfare. Currently, the United States, Israel, China and Russia are the acknowledged leaders in the sale and export of cyber weapons, but Israel’s much looser rules pertaining to the sale and export of cyber weapons could upset this precarious balance of power. Some global cyber security experts predict that Israel could widen its sale of cyber weapons to non-state actors in foreign countries, including both private companies and unofficial hacker groups. That could significantly raise the stakes in modern cyber warfare. At a time when nations such as the U.S. are already boosting their offensive cyber capabilities, the real risk here is that offensive cyber weapons could fall into the wrong hands and set off a global cyber conflict.
At the same time, human rights groups such as Citizen Lab and Amnesty International are claiming that these cyber weapons could be used by authoritarian states or government agencies to monitor political opponents, spy on dissidents, and clamp down on free speech and freedom of expression. For example, Israeli company NSO Group has used sophisticated cellphone hacking software (known as Pegasus) in the past to snoop on mobile communications, and this same software and intellectual property has been linked to spying incidents all over the world, including Mexico, Saudi Arabia and the United Arab Emirates.
Most controversially, there is evidence to suggest that this Israeli spyware technology was used to track and monitor Saudi dissident Jamal Khashoggi, who disappeared from the Saudi consulate in Istanbul under highly suspicious circumstances. Other Israeli companies caught up in spyware and spying scandals in addition to NSO Group include Verint and Elbit Systems. For example, Elbit software has been linked to espionage campaigns conducted against Ethiopian dissidents.
Israel’s explanations for relaxed cyber weapons rules
As might be expected, Israel’s Defense Ministry strongly defends its move to change its approval process on weapons exports, saying that the easing of cyber weapons restrictions “was made to facilitate effective service to Israeli industries while maintaining and protecting international standards of export control and supervision.” Israel claims that any sale will only be allowed after a careful assessment of the country acquiring the new cyber weapons, and that any product will only be marketed to responsible buyers, not just anyone (such as terrorists) willing to pay a certain price.
Quite simply, Israeli spyware companies were losing market share to their international rivals, and steps needed to be taken to make them more competitive. Until recently, it could take 12 months or even longer to approve the sale of cyber weapons to a closely vetted group of allies, and even then, the company making the sale needed to have the right marketing and export licenses. Now, however, the approval process could take as little as four months, making Israeli companies significantly more competitive on the world stage.
Moreover, the Defense Ministry has suggested that export of cyber weapons could be expanded to a much larger group of potential buyers (including intelligence agencies, military intelligence groups or law enforcement authorities), and that the list of companies able to obtain the correct licenses for commercialization (such as an export license or a marketing license) would be expanded. To defend its move, the Defense Ministry says that Israel is still “more rigorous” about export control than other nations such as the United States or Britain, both of which have been much more open about peddling cyber weapons to buyers in the global marketplace.
At the same time, the Israeli government appears to be very much behind the move by the Israeli Defense Ministry. In Tel Aviv, Prime Minister Benjamin Netanyahu has publicly gone on record, saying that he favored the easing of regulations around cyber weapons in order to help the Israeli cyber weapons industry grow more quickly. At the same time, other influential voices within the Israeli government have suggested that the sale and export of cyber weapons could be “a legitimate tool in diplomacy,” especially when it comes to negotiating diplomatically with Middle East nations such as Saudi Arabia or the United Arab Emirates. Taking a big picture view of the situation, Israel needs as many allies as it can possibly get in the Middle East, and apparently is not concerned at all about doing business with authoritarian regimes or other distasteful world leaders if it means that it can bolster its military, national security, diplomatic or economic advantage in the region.
Making that point loud and clear is Israel’s Economy Ministry, which has also come out in support of the nation’s cyber weapons industry. From the perspective of the Economy Ministry, more needs to be done to help security companies like NSO Group and Verint remain competitive globally. To make that a reality, the Economy Ministry is currently in the process of creating a new division to handle the exports of cyber technology, both offensive and defensive.
New global norms around cyber weapons and cyber espionage
The big question, of course, is whether Israel easing its rules on the export of cyber weapons is compliant with international norms and rules. For example, in June 2019, the United Nations issued a report calling for a global moratorium on cyber weapons sales. That report is not binding in any way, but it certainly shows that Israel is in a very gray area when it comes to cyber weapons exports. Also, 42 nations have agreed to the so-called Wassenaar Agreement, which binds nations to stringent controls on the use and sale of intrusion software and Internet surveillance systems. But, again, Israel is not a signatory to this agreement, so it is not in violation of international rules.
This is where the criticism of human rights groups could be so pivotal. If they make enough noise about Israeli sale of cyber weapons to authoritarian regimes and despotic police states, it could force Israel to get in line with other nations, which clearly have no desire to see cyber weapons fall into the wrong hands.
In many ways, the situation surrounding cyber weapons is similar to the situation surrounding nuclear weapons. In the case of nukes, only the so-called “great powers” are allowed to have access to them, and can threaten each other with mutually assured destruction if one of them uses nukes. As such, the great powers have a vested interest in keeping nukes away from madmen, terrorists and despotic regimes. If, say, a terrorist group in Iran got its hands on nukes, it would change the strategic calculus for the United States and Israel considerably.
Going forward, the global security architecture is going to need to adapt to the arrival of offensive cyber weapons, including those used for cyber espionage and intelligence gathering. At one time, cyber weapons were primarily defensive in nature, and did not threaten critical national infrastructure. Now that cyber weapons are widely for sale globally, they are becoming potential weapons of mass destruction that can take down power grids, communications networks, and transportation systems. With that in mind, Israel’s easing of rules around cyber weapons needs to be watched carefully by global cyber security experts and human rights groups.