Last month, the UK and Israel signed an agreement to deepen ties on trade, defence and technology. The pact includes a commitment to extend “bilateral cooperation on cyber to increase resilience and shared prosperity”, and will see Israel become a ‘tier-one cyber partner’ to the UK, the countries’ foreign ministers have said.
Israel is a powerhouse of cybersecurity innovation – its start-ups attracted 41% of all cybersecurity venture capital investment in the first half of 2021 – and an inspiration for many of the UK’s own cybersecurity institutions. But it has also spawned spyware companies, including NSO Group and Candiru, which many argue undermine both human rights and the fundamental security of digital systems.
What might closer ties with Israel mean for cybersecurity in the UK? Experts told Tech Monitor that while the pact does not mark a significant change in strategy, closer collaboration will boost innovation, and that controlling the trade in spyware will require global solutions.
UK and Israel’s cybersecurity pact
In a joint article for The Telegraph, the UK and Israel’s foreign ministers wrote that the new Memorandum of Understanding will “spur technological breakthroughs, which have the potential to change the world, create high-quality jobs in both our countries and provide tools to our security forces.” Israel will “officially become a tier-one cyber partner” for the UK, they wrote, while high-growth Israeli tech firms will have greater access to British markets following the deal.
This will deepen an already close relationship on cybersecurity between the UK and Israel. Matthew Gould, the UK ambassador to Israel between 2010 and 2015, went on to become director of cybersecurity at the Cabinet Office (he is now chief executive of NHSX). The UK’s National Cyber Security Centre has cited Israel’s Cyber Innovation Arena in Be’er Sheva, a campus that hosts government, academia and industry, as inspiration for its forthcoming Cyber Central facility in Cheltenham.
In a speech in Tel Aviv, NCSC chief Lindy Cameron described Israel as “a long-standing, like-minded and highly capable partner”. “Israel is a cyber nation,” she said. “You don’t have to dive too deep into the Israeli cyber eco-system to find inspiration.”
Close ties between Israel’s military, academia and private sector have made it a powerhouse in cybersecurity innovation. According to Israel’s cybersecurity directorate, cybersecurity start-ups from the country raised a record $3.4bn in the first half of 2021, a staggering 41% of all global investment in the sector.
The new pact will grant the UK greater access to this innovation, says Derek Middlemiss, head of security solutions engineering at Israeli software vendor Check Point, while offering Israeli firms a route to global markets. Both are vital in the fight against cybercrime, he says. “Innovation is really what cybersecurity needs because we have to be able to respond and take the lead against threat actors that are out there. They’re very innovative so we need to be innovative as well.”
Deeper ties between nations, with the active participation of the private sector, will also be “incredibly important” in fighting the ongoing ransomware spree, Middlemiss says, of which Israel and the UK are among the most frequently targeted countries. “A few years ago, there was hardly any collaboration at all, it was all very high level. If we don’t collaborate, we’re dead in the water.”
The agreement does not mark a significant departure in the UK’s cybersecurity posture, however, says Dr Joseph Devanny, deputy director of the Centre for Defence Studies at King’s College London. “Certainly, Israel has long been viewed as a very capable cyber power, with particular success in innovation and in its military cyber programme,” he says. “But the private sector is already very much involved in UK cybersecurity, so I don’t think this particular announcement signifies anything fundamentally different in kind.”
The UK’s cybersecurity posture has already evolved to become more aggressive, Devanny adds, with government making more frequent mentions of offensive cyber capabilities, such as the forthcoming National Cyber Force, and referring to ‘cyber power’, not just cybersecurity.
Does Israel pact increase the spyware risk in the UK?
In addition to copious investment, Israel’s cybersecurity sector has attracted plenty of negative attention this year. Last month, the US government blacklisted Israeli ‘spyware’ companies NSO Group and Candiru after they were accused of selling their software, which allows users to intercept smartphone communications, to authoritarian regimes.
Shortly after, the Israeli government imposed export limits on its cybersecurity companies, slashing the list of eligible export destinations from 102 countries to 37, mostly US allies in the West.
Nevertheless, UK-based critics of Israel denounced the new partnership. “How can the Israeli authorities be trusted when it permitted one of its leading companies, NSO, to sell its Pegasus surveillance software to brutal regimes?,” said Chris Doyle, director of the Council for Arab-British Understanding, in an interview with Middle East Eye.
Do closer ties with Israel increase the risk of spyware entering the UK? Regulating the trade in such tools is difficult, says, Emily Taylor, CEO of cybersecurity researchers Oxford Information Labs, just as it is for arms. “The state can play a role in granting or refusing export licences for such software, but the reports during the summer of 2021 highlight that whatever controls may be in place, they have failed to prevent abuses.”
Devanny adds that controlling spyware exports must be a global effort, and will be improved by greater international collaboration. Furthermore, he says, “there’s a need to think carefully about the ethical dimensions of the UK’s own cyber export agenda, as well as a strategy for the UK to contribute towards wider global efforts to establish more effective controls over the global market.”