The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

The Abraham Accords expand with cybersecurity collaboration

Analysis by
and 

with research by Vanessa Montalbano

January 31, 2023 at 6:54 a.m. EST
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! I did trivia night last night with some former colleagues. We did all right. I did screw up our card once on a round called “cult or indie rock band.” Sorry, my fellow members of “The Charming Kittens” trivia team. 

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.

Below: An exclusive on Customs and Border Protection making a new commitment to update phone search procedures at the border, and the health-care sector faces another surge of cyberattacks. First: 

U.S., allies in Middle East and North Africa broaden collaboration on cyberdefense

The United States and four allies in the Middle East and North Africa are announcing today that they’re formally expanding a 2020 deal normalizing relations between Israel and a handful of other nations in the region to include cybersecurity.

The arrangement, which is still developing, will involve increased sharing of information on cybersecurity threats, as well as the potential for tabletop exercises and more, among some signatories of the Abraham Accords. Department of Homeland Security Undersecretary for Strategy, Policy and Plans Rob Silvers, who traveled to Israel for the announcement and further talks, said the expansion builds on existing cyber collaboration between Israel, the United Arab Emirates and the United States to include Bahrain and Morocco.

“We’ll be meeting as a group to chart out how we can deepen our work on cyberdefense,” Silvers told The Cybersecurity 202 in an exclusive interview. “Our countries face common cyber challenges — obviously, we all face cybercrime, ransomware and so forth. 

“Iran is a dangerous, destabilizing actor across the region,” Silvers said. “We have seen their attacks on U.S. targets as well as targets across the Middle East.”

One potential policy concern arising from the agreement: Bahrain, Morocco and the UAE have all been accused of abusing spyware, and the UAE in particular has a history of using cyber for malign purposes. Critics say it’s concerning that the U.S. government, which has sanctioned spyware firms like NSO Group, would support those countries’ cyber activities given their histories of allegedly using hacking tools maliciously.

“I would definitely be concerned, given the history of extensive abuses around cyber operations in all of the countries mentioned,” Ronald Deibert, director of the Citizen Lab at the University of Toronto's Munk School, told me. “All of them have a track record of using mercenary spyware to target human rights defenders and political opposition, and the UAE has a long and very disturbing history of employing defense and intelligence contractors for information operations.”

The nature of the deal

Silvers is touting the deal as a history-making achievement. “This is a piece of diplomatic history, a piece of cybersecurity history and a wonderful opportunity to deepen security partnerships,” Silvers said in prepared remarks for a speech this morning at the Cybertech conference in Tel Aviv. Cyber leaders from the Abraham Accord nations will appear onstage at the conference later today.

The Israel-UAE-U.S. cyber collaboration has already borne fruit, Silvers told us.

  • “We have received actionable and relevant threat intelligence through those channels,” he said in the interview.
  • He later explained a bit more in emailed remarks: “We have received actionable technical information from our partners regarding shared cyberthreats and vulnerabilities, including information about specific cyber activity that targets critical infrastructure.” 
  • He would not say if that information was about Iran. But he told us Iran “looms large over the region,” and in his speech, he criticizes Iranian cyberattacks on Israeli water utilities and on the U.S. transportation and health sectors

Asked about UAE’s history of cyber surveillance, Silvers told us, “When we have concerns, we have frank conversations.”

Silvers also defended the Biden administration’s record on spyware:

  • “This administration has consistently condemned the use of spyware and sanctioned spyware developers for infringing on human rights and free expression, and we are candid with our partners when we have concerns,” he wrote. “That said, there is a long history of defense and security cooperation between the U.S. and partners in the region, and it is important that we work together against shared cyberthreats on critical infrastructure.”
  • “We collaborate on cyberdefense with partners around the world consistent with our values,” he continued. “Our work to expand the Abraham Accords is focused on network defense and cybersecurity collaboration to address shared threats, including nation state targeting of critical infrastructure and widespread ransomware attacks. We will share information about cyberthreats, incidents and approaches to these challenges to increase our collective cybersecurity and resilience.”

But there’s still cause for worry, Deibert said. 

“It is common to publicly describe cyber activities as ‘defensive’ in nature or focused narrowly on ‘critical infrastructure,’” he said. “But we know from history that these activities blur into more offensive actions, as was the case in the UAE. Also, all of the countries in question define ‘national security threats,’ ‘crime’ and ‘terrorism’ so broadly as to include civil society in their remit.”

What others are saying

Still, two other experts hailed the cyber expansion of the Abraham Accords as a welcome development.

“I think it’s a great idea,” Christopher Painter, a top State Department cyber official in the Obama administration, told me. Given the connections between Israel, the UAE and the United States, it’s a “natural progression” to expand. 

How effective it will be depends on the specifics, he said. “What is this actually going to entail?” said Painter, now president of the Global Forum on Cyber Expertise Foundation. “It’s going to be more important than just announcing it, but it does have symbolic importance.”

Painter is not worried, however, about the hacking records of some of the nations involved and whether the United States will be able to navigate them. “I think they’ll be okay,” he said. Both DHS and the U.S. government overall aren’t blind to spyware and human rights concerns, he said. “I strongly suspect the U.S. government’s not just aware of this but is going in with its eyes wide open and will be careful in the way this is carried out not to go into those areas.”

Merissa Khurma, program director of the Middle East program at the Wilson Center think tank, told me the concerns about the cyber track record of some of the nations involved are “all very valid concerns.”

But if it’s focused on defense, that makes it a more positive development. “Any steps toward closer collaboration — in this case, cyber, to strengthen security — is a step in the right direction,” she said. “That’s very good news.”

The keys

Exclusive: Customs agency says it will update phone search procedures at border

Customs and Border Protection on Monday said it will update its practices related to searches of phones and other electronic devices at the border, including by publishing more thorough information about the searches and providing more information to people about the long-term retention of their data, according to details shared exclusively with The Cyber 202. 

The decision comes after Sen. Ron Wyden (D-Ore.) in September sent a letter to the agency urging it to modernize its search guidelines to “better protect national security and respect the rights of Americans who travel overseas for business and leisure.” 

At the time, Wyden said the agency not only has “pressured” travelers into unlocking their devices but also maintains a central database from thousands of searches that can be found on all Department of Homeland Security employee accounts. 

In a letter sent to Wyden on Monday, CBP said it would consider shrinking the 15-year maximum time that the search data can exist on DHS systems and limit the number of people with access to it. 

  • “CBP works diligently to protect the rights of individuals against unreasonable search and seizure — and to ensure privacy protections — while also accomplishing its national security and border enforcement missions,” CBP acting commissioner Troy Miller wrote in the letter. “CBP remains committed to providing as much notice and transparency regarding its border searches of electronic devices as possible.” 
  • The agency also said it would develop a plan to produce more detailed reports on why the searches have been conducted and better explain the implications of the procedure to travelers. 

“I am pleased that the administration is adopting some of the reforms I called for last year,” Wyden said in a statement. “I plan to watchdog CBP’s pledge to consider further protections for Americans at the border.” Wyden added that CBP’s practice of searching devices without a warrant is still a “major threat to Americans’ privacy and liberty.”

Biden administration moves to ban U.S. companies from exporting to Huawei

The Commerce Department has started to notify tech companies that it will no longer provide licenses to trade with Huawei, a Chinese telecommunications giant, according to several people familiar with the matter who spoke on the condition of anonymity to discuss the private conversations, the Financial Times’s Demetri Sevastopulo reports. 

“The move comes as Washington steps up efforts to work with allies to slow China’s push to develop cutting-edge technology such as semiconductors that are used in artificial intelligence and hypersonic weapons,” Sevastopulo writes. U.S. and other nation’s national security officials have long argued that Huawei can help Chinese government spying; the company has denied the allegations. 

The Trump administration imposed limits on exports to Huawei, but products related to high-speed 5G telecom networks were not included in that ban. In October, the Biden administration restricted American companies from selling semiconductor manufacturing tools abroad. And last week, the U.S., Japan and the Netherlands reportedly agreed to block companies from exporting certain chip-making hardware to China. 

HHS warns of surge in Russian DDoS attacks on hospitals

The Department of Health and Human Services and the American Hospital Association on Monday warned that the health-care sector has been hit by a surge in distributed-denial-of-service (DDoS) attacks in recent days by the Russian hacking group KillNet, Information Security Media Group’s Marianne Kolbasuk McGee reports. 

“A pro-Russian activist group has specifically targeted U.S. hospitals and health systems for these denial-of-service attacks, which basically means they’re overloading hospital and health systems, public websites causing them to crash, making them unavailable and potentially, in some instances, might even impact the patient portal,” John Riggi, national adviser for cybersecurity and risk at the AHA, told the outlet. 

The cyberattacks are the latest to target organizations in countries allied with Ukraine since Russia invaded the country. Killnet has previously threatened to target organizations in the health industry. 

“The attacks have mostly proved more irritating than dangerous,” McGee writes, but hospitals should still pay attention to them because they can be impactful if important sites are inaccessible. 

Global cyberspace

Russian foreign ministry claims to be the target of ‘coordinated' cyber aggression (The Record)

TSA issues security directive to airports, carriers after 'no-fly' list leak (The Record)

Tribunal finds ‘serious failings’ by UK security agency over privacy safeguards (Financial Times)

Industry report

Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web (CyberScoop)

Hacker finds bug that allowed anyone to bypass Facebook 2FA (TechCrunch)

Daybook

  • U.S. cyber ambassador Nathaniel Fick speaks at an event hosted by the German Marshall Fund on Thursday at 10:30 a.m.

Secure log off

Thanks for reading. See you tomorrow.