Organisations often have the best of intentions when creating some of these types of software, but they can often be on the edge of what is right and acceptable for many, treading that thin line into the ‘black hat’ world
UK’s cyber partnership with Israel
Speaking at Cyber Week hosted by Tel Aviv University (July 20), Cameron described Israel as a “central part of the global cyber eco-system – and we are absolutely committed to working together to protect our citizens and build confidence in a digital future.” She also stated the nation is a “longstanding, like-minded and highly capable partner,” focusing on the strength of relationship in tackling shared threats from cybercriminals and state actors that work to harm both nations.
“Israel is a cyber nation. You don’t have to dive too deep into the Israeli cyber eco-system to find inspiration,” Cameron added. “So much of what any country achieves in cybersecurity depends on its work with international allies, and this is certainly true of both the UK and Israel. The stronger any one of us is, the stronger we all will become. Everybody has their part to play – public sector, private sector and citizens. The NCSC and INCD here in Israel both see partnering with the private sector as an explicit priority and have pioneered taking this to a different level.”
Paul Holland, principal research analyst at the Information Security Forum (ISF), echoes similar sentiments. “Organisations often have the best of intentions when creating some of these types of software, but they can often be on the edge of what is right and acceptable for many, treading that thin line into the ‘black hat’ world. These tools need to be kept as safe and as far away from general use as possible,” he tells CSO. The pertinent factor in the Pegasus scenario is how the software may have been used. “It appears to have been misappropriated (as with much multi-use software) and used to target some people who may be of national level interest for reasons other than fighting criminals and terrorists.”
Nonetheless, cyber knows no bounds, and pinning down relevant law enforcement authority is often tricky for any single nation, he adds. “We have to work together to create cross-border opportunities so that government cyber organisations like the NCSC can help, support and leverage knowledge from other countries, thereby enabling us all to be more effective at stopping cybercriminals. If nations work in isolation from each other, then lessons will not be learnt. Cybercrime is global, so the ability to combat it also needs to be global. Addressing cyberthreats and issues that are outside of the normal jurisdiction of a nation’s defences is a very narrow-minded approach. Only by a combined effort can we truly combat these global cybercriminals, who do not care where their target resides.”