Normalizing Arab-Israeli Relations Through Cybersecurity Cooperation

In a historic breakthrough yesterday, Israel announced the normalization of relations with the United Arab Emirates (UAE). The announcement marked the first such relationship between Israel and a Gulf state and the third with an Arab state, after Egypt and Jordan.

There are a lot of reasons for the uptick in relations between Israel and other countries in the region, but cybersecurity cooperation has had a significant role to play.

In recent years, strategic military and cyber collaboration between Israel and its Arab neighbors has improved relations between longtime adversaries to a remarkable degree. Yesterday’s development deepens Israeli-Emirati relations beyond government-to-government cooperation, opening the door for more people-to-people exchange—a feature of stability that Israel and Arab states must pursue in order to maintain the momentum of the day and continue normalization across the region.

The rapprochement between Israel and several Gulf Cooperation Council (GCC) states stems largely from mutual disdain for Iranian aggression and regional influence. In 2018, Bahrain’s Foreign Minister at the time, Shaikh Khalid Al-Khalifa, went so far as to express his support for Israeli airstrikes on Iranian targets in Syria, stating, “it is the right of… Israel to defend itself by destroying sources of danger,”—a groundbreaking affirmation by an Arab official of Israel’s existence and right to self-defense. While there are promising signs of cooperation in the medical and technology sectors, the most significant, albeit shadowy, area of cooperation has been over arms—primarily between GCC governments and Israeli defense contractors. Digital tools such as malware and spyware have also been exchanged as means of bolstering both regional security and cyber diplomacy.

This diplomatic rekindling between Israel and the Arab world offers an opportunity for the United States. Given its strategic interest in the region, as well as a history of promoting Arab-Israeli cooperation, the United States should establish a regional cybersecurity cooperation center dedicated to the protection of critical infrastructure. The aim of the center should be to convene Israeli and GCC states and partners from the private sector. This center would immediately bolster cybersecurity efforts as well as encourage deeper connectivity between the security communities and private sectors of these countries. Israel in particular is a demonstrated cyber powerhouse that has harnessed its innovative hotbed for economic growth and strategic maneuver, often popping up in major international cybersecurity issues.

There remain plenty of obstacles to normalization between Israel and Arab states. Since Israel’s establishment in 1948, the Arab League has officially maintained a boycott of Israeli businesses and products. The official boycott is vague and enforced only sporadically, and some member states such as Egypt and Jordan have long since normalized relations with Israel and all but ignore the rule. Even several league members without diplomatic relations with Israel have quietly skirted the boycott, especially in recent years. However, anti-normalization laws are common among Arab countries, as even those that collaborate on a government-to-government level with Israel often maintain restrictions that limit person-to-person ties—for instance, the government of the United Arab Emirates has continued to warm to the Israeli government and yet, presumably until yesterday, refused entry to Israeli citizens.

But some U.S. lawmakers have recently made legislative moves to push-back on anti-normalization rules. On August 6, for example, Senators Cory Booker (D-NJ) and Rob Portman (R-OH) introduced a bill, which would require the Secretary of State to report to Congress instances of Arab governments punishing their citizens who engage in people-to-people relations—such as trade, travel and cultural exchange—with Israelis. The bill, referred to the Senate Foreign Relations Committee upon introduction, seeks to dissuade anti-normalization behavior and implies that although relations have thawed of late, full normalization will require non-state engagement between Arab and Israeli industry and citizenry.

While not limited to GCC states, the Booker-Porter legislation signals that it is time for warming relations between Israel and its neighbors to take the next step. While it’s highly unlikely the streets of Riyadh will bear witness to a “Celebrate Israel Parade” anytime soon, private sector cooperation in strategic sectors of mutual interest will help embed political and diplomatic progress in each state’s economy.

Cybersecurity is one area in which GCC governments already quietly engage Israeli companies. The United States should encourage this cooperation and extend it to involve more non-state, industry-level partners. A cooperative center along the lines of the Multi-State Information Sharing & Analysis Center, built around private membership, and dedicated to sharing timely and actionable intelligence such as threat advisories would demonstrate the value of collaboration and relationship building between Israeli and GCC industries. Regular interaction on operational security issues would promote trust and shared perception of a common cyber threat from Iranian activity. This level of collaboration would provide a framework for future industry-to-industry collaboration on common interests beyond cybersecurity, such as energy and technology cooperation.

By facilitating an official Israel-GCC cybersecurity cooperation center, the United States could drive regional cooperation in defense against common threats to critical infrastructure posed by Iran. All signs point to Iranian state-linked hacking teams’ increased focus on targeting industrial control systems and a variety of critical infrastructure. Earlier this year, Israeli officials announced that they had thwarted a sophisticated Iranian cyberattack against the industrial control systems behind Israel’s water system. And researchers attributed to Iranian hacking group APT33 a wave of cyberattacks that utilized a family of wiper malware known as Shamoon against Saudi Arabian targets. Attacks leveraging Shamoon have targeted a range of critical infrastructure, including telecommunications and, most famously, Saudi Aramco, wiping 30,000 workstations.

Israel and GCC states would benefit from a forum for sharing cyber threat intelligence and collaborating on incident response relating to critical infrastructure. Members of a cyber cooperation center could include Israeli and GCC cybersecurity companies, critical infrastructure operators and relevant state agencies. Incentives for nation-states and private firms to join such a center are clear, as Iran continues to step up its attacks throughout the region and Israeli and GCC entities would mutually benefit from sharing information and lessons learned.

It may sound like a lofty proposal, but bringing together Israeli and Arab States is not without precedent. The United States has courted joint participation through programs such as the Middle East Regional Cooperation program, dedicated to cooperation between Arab and Israeli scientists. Success stories demonstrate how that program has yielded mutually beneficial advancements to address shared challenges in areas like water scarcity and irrigation.

Similarly, groups such as the Cyber Threat Alliance and Global Cyber Alliance have laid out models for effective private sector coordination and exchange in cybersecurity. By serving as a forum through which organizations that share similar interests and experience common threats can come together and collaborate, these groups lift up security for all participants.

The establishment of an Israeli-GCC cybersecurity cooperation center would be a bold but achievable step toward deepening Arab-Israeli relations while providing for more collective defense against a regional threat. By focusing on shared interests and a common threat, the United States can advance a vision of normalized relations between former adversaries, while benefiting regional security interests. The center would take recent progress in government-to-government relations and spark more person-to-person interaction, amplifying trust among companies and individuals and building a more cooperative and collaborative future for Arabs and Israelis.