NCSC head champions UK-Israeli cyber relationship amid spyware accusations

The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has championed the UK’s cyber partnership with Israel as key to addressing the global cyberthreats the two nations face. Her comments come in the same week as accusations of  spyware campaigns targeting prominent individuals globally and linked to technology produced by private Israeli surveillance firm NSO Group– something the company has fervently denied any wrongdoing in relation to. Both raise important matters surrounding international cyber collaboration and the implications of cybersecurity and data privacy issues associated with native private companies.

UK’s cyber partnership with Israel

Speaking at Cyber Week hosted by Tel Aviv University (July 20), Cameron described Israel as a “central part of the global cyber eco-system – and we are absolutely committed to working together to protect our citizens and build confidence in a digital future.” She also stated the nation is a “longstanding, like-minded and highly capable partner,” focusing on the strength of relationship in tackling shared threats from cybercriminals and state actors that work to harm both nations.

“Israel is a cyber nation. You don’t have to dive too deep into the Israeli cyber eco-system to find inspiration,” Cameron added. “So much of what any country achieves in cybersecurity depends on its work with international allies, and this is certainly true of both the UK and Israel. The stronger any one of us is, the stronger we all will become. Everybody has their part to play – public sector, private sector and citizens. The NCSC and INCD here in Israel both see partnering with the private sector as an explicit priority and have pioneered taking this to a different level.”

Addressing shared cyberthreats through international collaboration

The UK and Israel have opportunities to address shared, global cyberthreats such as ransomware through transnational cyber collaboration, Cameron said. “Ransomware continues to represent the most likely disruptive threat in cybersecurity – and the growth in incidents has brought an increase in public awareness to the risk it poses.” The volume and complexity of attacks have reached a new level of international concern, such as the one affecting American-based IT company Kaseya, she added. “The groups behind such criminal behaviour operate beyond our borders, and collectively there is both a challenge and an opportunity for us to work together to make sure there are no safe havens.”

In terms of international collaboration, there is a need for close sharing on operational information, threat intelligence, best practices and protective measures. “Over the next few years, the challenge will be to work collectively to establish good practice in this sector and efficient export controls in our respective countries. We will continue to collaborate against shared threats and conduct technical exchanges across a broad spectrum of work,” said Cameron.

It is not only ransomware threats that require a collaborative effort to combat, Cameron pointed out. “Focusing on the current threat of ransomware is not to underestimate the cybersecurity threat from state actors.” State actions are a reality in cyberspace, she added, with four nation states – China, Russia, North Korea and Iran – a constant presence in recent years.

Private sector security and privacy issues and international cyber partnerships

Cameron’s words come just days after widespread allegations of mass spyware surveillance of prominent individuals across the globe linked to private Israeli company NSO Group. According to an investigation by 17 media organisations led by the Paris-based non-profit journalism group Forbidden Stories, surveillance software dubbed Pegasus, made and licensed by NSO Group, has been used by various governments in attempted and successful hacks of smartphones belonging to journalists, government officials and human rights activists.

NSO Group has strongly denied any wrongdoing on its part, stating that its software is solely intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records. An Israeli damage control team has been put together with officials set to start a discussion with NSO Group about the reports, while also performing damage control over the diplomatic, security and legal ramifications.

Although the accuracy of the accusations remains undetermined, they shine a light on a wider matter of significance with regards to transnational cyber collaboration. That is the extent to which the operations of private companies should factor into relationships with their native countries if they are questioned under cybersecurity or data privacy grounds, and whether they have the potential to cause diplomatic fallout. This is something Cameron alluded to in her speech: “We now see states that cannot build high end capability being able to buy it. It is vital that all cyber actors use capabilities in a way that is legal, responsible and proportionate to ensure cyberspace remains a safe and prosperous place for everyone.”

Paul Holland, principal research analyst at the Information Security Forum (ISF), echoes similar sentiments. “Organisations often have the best of intentions when creating some of these types of software, but they can often be on the edge of what is right and acceptable for many, treading that thin line into the ‘black hat’ world. These tools need to be kept as safe and as far away from general use as possible,” he tells CSO. The pertinent factor in the Pegasus scenario is how the software may have been used. “It appears to have been misappropriated (as with much multi-use software) and used to target some people who may be of national level interest for reasons other than fighting criminals and terrorists.”

Nonetheless, cyber knows no bounds, and pinning down relevant law enforcement authority is often tricky for any single nation, he adds. “We have to work together to create cross-border opportunities so that government cyber organisations like the NCSC can help, support and leverage knowledge from other countries, thereby enabling us all to be more effective at stopping cybercriminals. If nations work in isolation from each other, then lessons will not be learnt. Cybercrime is global, so the ability to combat it also needs to be global. Addressing cyberthreats and issues that are outside of the normal jurisdiction of a nation’s defences is a very narrow-minded approach. Only by a combined effort can we truly combat these global cybercriminals, who do not care where their target resides.”