Lessons need to be learned from the NSO affair – analysis | #government | #hacking | #cyberattack

Ever since US President Joe Biden took office in January, various pundits and politicians predicted it would be just a matter of time before discordant chords would be struck in the US-Israel relationship.

Some bet it would come over the settlement issue; others were sure that the Iranian nuclear deal would be the catalyst; still, others were convinced that Biden’s campaign pledge to reopen a consulate in Jerusalem would be the first source of significant tension.

Yet, they were all wrong.

Sure, the settlement issue has created tension, but the trigger to the first full-blown mini-crisis between Jerusalem and Washington was none of the above. Rather, it was the Herzliya-based hi-tech firm NSO Group that specializes in a surveillance system called Pegasus, which it says is designed to track terrorists and criminals.

On November 3, the US Department of Commerce blacklisted NSO, charging that Pegasus was used by foreign governments to “maliciously target  government officials, journalists, business people, activists, academics and embassy workers.” A statement put out by the department said that NSO and a spin-off called Candiru, acted “contrary to the national security or foreign policy interests of the United States.”

  A man walks past the logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert, southern Israel July 22, 2021 (credit: REUTERS/AMIR COHEN)

NSO is granted an export license by the Defense Ministry unit that monitors the sale of defense technology abroad. The US move, according to a New York Times story on Monday, was therefore viewed in Jerusalem as not only directed at the company but at the Israeli government. A mini-crisis in the Biden-Bennett age was finally born.

The move, which will spook investors in NSO and prohibit US firms from selling the company technology, came just two days after NSO was reportedly the subject of a conversation in talks Prime Minister Naftali Bennett held with French President Emmanuel Macron on the sidelines of the Glasgow climate conference.

NSO and its Pegasus system have been a thorn in the side of Israeli-French relations since July when an investigation claimed that Morocco used the software to hack into Macron’s phone. The investigation, which made major headlines around the world, found that various governments with bad human rights records – including Morocco, Saudi Arabia and the UAE – used the software to hack into the phones of journalists, dissidents and human rights activists.

The blacklisting of NSO also came two weeks after Israel announced that it designated six Palestinian NGOs as terrorist organizations because of connections to the Popular Front for the Liberation of Palestine (PFLP).

Additionally, on Monday Amnesty International and two other human rights groups charged that Pegasus was used to hack the phones of six employees of those Palestinian NGOs. The US blasted Israel’s decision to designate the NGOs as terrorist organizations at the time, and many are now connecting the dots between US displeasure at the NGO designation, and the blacklisting of NSO.

Interestingly enough, Bennett and other senior government officials have been largely quiet about the recent NSO developments, conveniently hiding behind the fact that it is a private company.

As Foreign Minister Yair Lapid said at a press conference Saturday night, “NSO is a private company, it is not a governmental project, and therefore even if it is designated [blacklisted], it has nothing to do with the policies of the Israeli government.”

Lapid went on to say that he does not think there is another country in the world that “has such strict rules regarding cyber warfare and is imposing those rules, more than Israel.”

While that may all be true, Bennett and Lapid are burying their heads in the sand if they believe that this line will be enough to put the issue to rest.

If Israel’s rules regarding cyber warfare were so strict, as Lapid says, then Jerusalem would not be in the uncomfortable position of now having to field difficult questions from Paris, Washington and elsewhere about the activities of the company.

The issue echoes one that clouded US-Israel ties in the early 2000s: the sale of the Phalcon airborne radar system to China. Israel was forced by American pressure to cancel the lucrative $2 billion deal, something that – in addition to causing enormous tension with Washington – also significantly set back Israel-China ties.

As a result of the lessons learned from that incident, the Defense Ministry established a unit in 2006 – the Defense Export Controls Agency – to monitor sales of technology to ensure that the sale of weapons and defense technology does not fall into unsavory hands or damage Israel’s foreign relations and national interests.

The unit, however, apparently misread Pegasus or the world’s reaction to the use of the spyware by various governments. Part of the problem is that cyberwarfare is so new, that there are no international regulations and conventions governing its use to the degree that exists with regards to conventional warfare. The area is murky.

In September, Lapid told foreign journalists that there was only so much control Israel could exert over its defense exports.

“Once you have sold the jet, the cannon, the gun or the missile, or Pegasus, it is in the hands of the government who bought it,” Lapid said. “So we’re trying our best to make sure it doesn’t fall into the wrong hands. But no one has the ability to fully protect the other side after it was sold.”

In the NSO case, however, “trying our best” fell far short of the mark, and as a result, Israel is now reaping some rotten diplomatic fruits.

As was the case after the Phalcon debacle, the country needs to learn the lessons from this incident and institute safeguards so that relations with key governments around the world are not jeopardized – and Israel’s foreign relations and national interests are not damaged – by the actions of private Israeli cyber firms.

Original Source link

Posted in Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

23 + = thirty two