- 01 May 2021
- 3 Minutes to read
- DarkLight
When Military Cybertech Goes Mainstream
- Updated on 01 May 2021
- 3 Minutes to read
- DarkLight
For decades, cyberwarfare has threatened governments, enterprises and individuals with reckless disregard for the assets or lives they have impacted. Traditionally, cyberattacks were the domain of state actors, multinational hacker groups and a broad range of ad hoc players aiming to compromise personal privacy and data security for financial gain.
In recent years, malware as a service has become widely available on the darknet for a reasonable price, making sophisticated hacking tools a common resource for anyone interested in initiate a cyberattack.
As these once-inaccessible cyberweapons become the domain of private enterprises, the tools of military cyber programs and international hacker networks have been transformed into standardized software services with malicious intent, broad reach and accessible price points for those interested in outsourcing the strategic offensive cyber capabilities.
From the Milan-based Hacking Team’s Remote Control System and the U.K.-based Gamma Group’s FinFisher spyware to the range of products offered by NSO and others, the ecosystem for potentially questionable cyber solutions is vast and growing by the day.
So where are the private offensive cybersecurity centers, and how have they managed to change the face and public perceptions of cybersecurity for individuals and nations alike?
Israel And The Cyber Ecosystem
Israel is world-renowned for its advanced military technology and its ability to scale these innovations into profitable products on the open market. In the case of cybersecurity or defensive cyber operations, “Silicon Wadi” has nurtured an entire ecosystem of cyber solutions to meet the needs of governments and enterprise customers.
From government-sponsored R&D and the creation of incubators to public-private partnerships and state-sponsored subsidies for technological advancement, Israel is leading the way in translating military innovation into viable products on the open market.
Support for Israel’s cybersecurity community and business sector are based on a range of sources, and “The Office of the Chief Scientist in the Ministry of the Economy (now the National Authority for Technological Innovation), the main governmental support arm for industrial R&D in Israel, provides a broad spectrum of programs for the encouragement of technological entrepreneurship and innovation.”
According to Nadav Zafrir, a retired brigadier general and former commander of Unit 8200, and currently the founder of Team8, Israel “produces a steady supply of highly skilled cyberoperators who learn the craft during their military service in one of the country’s elite signals intelligence units — Unit 8200 is the best known among them — and then go on to work in the private sector.”
While Israel’s defense establishment may not hold the same history or budget as many of its international counterparts, it more than makes up for it in practical experience and the depth of its cyber operations ecosystem.
Israel is a world leader in private cybertechnology, with an estimate of at least 300 startups focusing on all aspects of cyber, from banking security to critical infrastructure protection. While the majority of these firms aim to protect companies and private citizens from cyberattacks, a few of them are walking the proverbial tightrope between defensive and offensive cyber capabilities to provide their customers with more questionable and specialized services.
Ethics Of Privatized Cybersecurity
One company that often leads the public debate of privatized cyber is the NSO Group, based in Israel and now involved in a broad range of U.S.-based litigation. NSO has a vocal choir of retractors and customers and a range of products that were previously only accessible to military cyber units and high-paying multinational organizations.
“NSO created and sold to governments an app called Pegasus, which could be installed on a device simply by calling the device via WhatsApp; the device’s owner did not even have to answer. According to WhatsApp, NSO used Pegasus to access more than 1,400 mobile devices, including those belonging to journalists and human rights activists.”
NSO represents the increasing confluence between sophisticated private-sector technology and nation-state attackers. This is just one player in the highly diversified global private offensive cybersecurity market, calling into question private security ethics.
What Does The Future Hold?
While Israeli cybersecurity vendors are making headlines, the marketplace is expanding, and there is no doubt that there will be international competitors.
From purely defensive operations to more complex issues, such as active-cyber defense (ACD) and “hacking back,” the private cyber marketplace is evolving the meet the (potentially) questionable needs of its consumers.
Where will the next private ACD or military-grade offensive cyber startups gain traction? If current trends continue, just look for the nexus of military cyber programs, motivated and young cyber experts, and private VC, and you’ll find it.
Originally publish on Feb 4 in Forbes