Start your day with intelligence. Get The OODA Daily Pulse.

Recently, a bipartisan group of Congressmen put forth a bill that would formally authorize cyber cooperation between the United States, and those governments committed to the Abraham Accords.  Dubbed the Abraham Accords Cybersecurity Cooperation Act of 2023, the parameters of the bill would facilitate information sharing, provide technical assistance to Abraham Accords stakeholders, and participate in the Department of Homeland Security’s (DHS) annual cyber exercise program.  If passed, the legislation would help strengthen the collective cybersecurity postures of Israel, Bahrain, Morocco, Sudan, the United Arab Emirates, and the United States, and foster the type of cooperation that would coordinate collective responses to evolving threats.  Additionally, the bill would mandate that the Department of State and DHS report to congress on progresses made in this endeavor and detail any future plans to expand cooperations among member states.  The bill builds on a February 2023 meeting between DHS and cybersecurity leaders from Abraham Accords countries where they discussed opportunities to widen the scope of the Accords to include cybersecurity priorities.

The Middle East region is no stranger to hostile cyber activity with Iran being one of the most prominent antagonists.  Iran and Israel have been engaged in a long term cyber conflict attacking and retaliating against each other’s critical infrastructure targets.  But Iran has been known to attack other countries as well to include Saudi ArabiaBahrain, and the UAE in the past, using a mix of disruptive attacks to those more surreptitious intelligence collection operations.  According to one cybersecurity company report, cyber actors tied to Iran’s Islamic Revolutionary Guard Corps engaged in phishing attacks against individuals and organizations with information on the Abraham Accords, among other sensitive intelligence issues of interest to Tehran.  It’s very clear that the region is rife with cyber spying as governments compete for geopolitical influence and standing.

What’s more, increasing evidence shows that Iran is solidifying its relationships with China and Russia to include cyber cooperation.  China’s telecommunications companies have allegedly supported Iran by providing technical equipment to assist in the spying of their citizens.  Iran officials have even cited China’s help as vital to gaining control over its part of the Internet.  Similarly, Russia has stepped up its engagement with Iran as well.  March 2023 reporting revealed that Russia was helping Iran obtain sophisticated surveillance capabilities as Tehran has tried to foster deeper collaboration on cyberwarfare, something that Moscow has been hesitant to do in the past.  Now, with the United States committing to deploying its hunt forward cyber teams to assist partner nations with cyber incidents, and neutralizing adversary infrastructure and operations, it seems that the United States main adversaries are strengthening their ties in an effort to counter U.S. efforts to constrain them.

In many ways, instituting formal cybersecurity cooperation into the Abraham Accords is a move that resembles what the United States is currently doing against both Russia and China with respect to trying to constrain their cyber activities.  In the former, Washington has used its Cyber National Mission Force teams to partner with Ukraine and other states to disrupt Russian state and proxy networks.  In the latter, Washington has escalated its engagement with the Quad – the four-member country assembly that includes Australia, India, Japan, and the United States – to potentially stem the volume of Chinese cyber activity impacting these countries.  The Abraham Accords can possibly achieve the same objectives by unifying regional Arab governments and Israel and harness their resources to moderate cyber attacks generated by Iranian state regionally and nonstate cyber actors against them.

Geopolitics and an interconnected cyber map have created an environment where it is necessary for states to form cooperative cyber arrangements to mitigate cyber attacks from common foes.  The ability to streamline defense activities and neutralize these networks will become increasingly important as states move away from executing attacks from within their own borders to further try to obfuscate attribution and make retaliatory strikes more difficult, especially if they originate from allied or friendly nation territory.  Operating under a formalized structure with set rules for engagement and an established plan if partners find hostile elements working within their boarders should deter hostile state and state-directed actors from trying to undermine state relationships by pursuing this tactic.

However, while these cyber cooperatives seem good on paper, there is evidence suggesting that the actual implementation of these threat and information sharing agreements may be falling short of the mark.  A recent article on international cyber agreements identifies impediments that have traditionally plagued such efforts in the past.  Failure to create a legal framework between nations, lack of political will to make cybersecurity a top priority, and unable to allocate the appropriate financial resources for investment in all aspects of cybersecurity (to include training) are common issues impacting these international cooperatives from achieving maximum effectiveness.

Additionally, having the right counterparts in partner countries leading such efforts has been another obstacle, unsurprising given the various number of organizations any country can have to include principal organizers, and more ground-level stakeholders who have a role to play.  When it comes to building cyber resiliency, international capacity building requires identifying and putting the right organizations in touch with one another, which can be its own challenge depending on if such organizations exist, and how many.  For example, the United States is a key example of having several cybersecurity stakeholders with overlapping missions (e.g., law enforcement, military, civilian) making it difficult for foreign counterparts that may have a much smaller cybersecurity apparatus.  The article correctly points out that even within the same country communication between organizational stakeholders can potentially muddle internal channels, which could certainly impact external engagement.  Such consistencies need to be ironed out well in advance of any formal agreement to maximize the effectiveness of real-time cooperation during periods of cyber crisis.  And this doesn’t even include controversial issues like data privacy, the brazen use of surveillance equipment to obtain information, and the reliance on suspect foreign technologies that could mar any meaningful dialogue.

Still, creating cyber cooperatives among likeminded nations is a necessary step toward making individual countries and regions more cyber resilient.  Trying to accomplish the same objective on a macro level via the United Nations will require substantial debate and investment of time with too many competing voices working at cross purposes.  Ultimately, any final product would be nothing more than a low-grade least common denominator solution.  Smaller partnerships like the Abraham Accords have the potential to provide real-time lessons on how cyber agreements can be successfully created and implemented as long as they manage to show real benefit.  Success could be evaluated by improved cyber response times to incidents because of robust cooperation; measurable statistics on reduced activity from common state and nonstate actors; improved confidence in Internet-driven economies; and increased investment in these technologies to support the public interest.  That’s if everything goes according to plan, something that history has proven can be elusive at best no matter how carefully constructed.

Like with other U.S.-led cyber partnerships, the extent with which Iran is constrained in cyberspace via the Abraham Accords largely rests on the robustness of this cyber partnership.  The proper willingness to share and collaborate as equal stakeholders could make the cyber component of the Abraham Accords a feasible counter to Iran cyber activities in the short term.  

But don’t expect Iran to be mired too long, as any successes will prompt Iran to further intensify its cyber relations with its allies in a mirrored display of its own cyber fraternity, albeit one wrought with similar pitfalls and challenges but with an equal potential upside if done correctly.  In this case, Iran doesn’t have to back down as much as bide time to see what really comes out of the Accords and if it is just a feint or a legitimate move for positional advantage.

Emilio Iasiello

About the Author

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.