A man holds a laptop computer as cyber code is projected on him.
(photo credit: KACPER PEMPEL/REUTERS)
‘Once it was a disadvantage to say you are from Israel,” boasted Prime Minister Benjamin Netanyahu last year at an international cybersecurity conference. “Today when you talk about cyber or advanced technologies, it is an advantage!”
Indeed, few can deny Israel’s technical talent, and many Israeli companies have used that reputation to attract investment and customers. But Israel needs to plan for a future where cybersecurity requires political trust as much as quality technology.
The importance of political trust was demonstrated by the recent veto of a large commercial transaction by United States regulators. Moneygram is an American company that provides ordinary money transfer services around the world – not a company typically seen as holding a trove of national security information. When an affiliate of the Chinese Internet giant Alibaba made an offer to acquire Moneygram, US regulators began to scrutinize the personal information held by the money transfer company. Some worried that financial data held by Moneygram could be used for identity theft or extortion.
Two members of Congress pointed out that the deal could allow “malicious actors” to collect data on US military personnel. US regulators eventually refused to allow the deal to go forward on grounds of national security.
The publicized abandonment of Kaspersky Lab in 2017 provides another example of how international intrigue impacts the business of cybersecurity. Kasperky was a respected vendor of anti-malware software, until the US began to suspect that the company was actually searching its customers’ devices for classified information on behalf of Russian interests. The US government stopped using Kaspersky software, and retail outlets pulled Kaspersky products from their shelves. Kaspersky provided quality anti-malware products but, in the field of cybersecurity, quality has begun to matter less than political allegiance.
The cases of Moneygram and Kaspersky show how countries can hesitate to entrust their data and security to other states. Every country – certainly Israel! – has its own geopolitical concerns, and nations will not tolerate their data being used to advance foreign security interests.
Israel, of course, is closely allied with the US, and Israeli cybersecurity technology does not ring the same American alarms as Chinese Alibaba or Russian Kaspersky. But the US is not the only country with cybersecurity concerns. The European Union demands that the personal data of its citizens remain in Europe, and limits how foreign security organizations can access that data. Other countries, such as China, have also imposed “data localization” requirements. Will these countries trust Israeli cybersecurity products? Will they see Israel as representing competing interests? Will Israeli companies be able to provide assurances that their own government will not seek to use commercial cybersecurity products to advance Israel’s own intelligence and national security interests?
In this wary and suspicious environment, Israel must take a number of domestic and international steps to build trust and ensure the future of its cybersecurity industry. First, Israel must ensure that domestic security concerns are not used to subvert the integrity of commercial vendors. If Israeli security agencies have easy access to sensitive customer data, then sensitive customers will move to other products. Second, Israel must legislate and enforce meaningful privacy and security regulations. Israeli privacy regulations are woefully out-of-date, and existing regulations are often under-enforced. To compete in the world market, Israeli companies need to cultivate a meticulous reputation for smart and sophisticated data privacy and data security. Third, Israel needs to update its international trade agreements to allow for cross-border data transfers. Other countries have begun to consider incorporating such provisions in their own trade agreements, and Israel needs to ensure that its interests are not left behind.
Israel has a formidable reputation for technological excellence. But that reputation will not itself support commercial success. Our talent must be complemented by a reputation for neutrality, privacy and security.The author is a partner at Yigal Arnon & Co., specializing in intellectual property and cybersecurity.