The Middle East Policy Council held its 106th Capitol Hill Conference virtually on Friday, October 22nd: "Middle East Cybersecurity: Threats and Opportunities." The panelists defined what we mean by cybersecurity in the Middle East, how this relates to the conduct of U.S. foreign policy in the region, and what the implications are for critical issues like economic diversification, the security of U.S. allies, and protecting U.S. values linked to freedom of speech and the press.

Richard J. Schmierer (former U.S. Ambassador to Oman; President and Chairman of the Board of Directors, Middle East Policy Council) introduced the event and Bassima Alghussein (Executive Director, Middle East Policy Council) was the moderator. The panelists were James Shires (Assistant Professor, University of Leiden's Institute of Security and Global Affairs); Simon Handler (Fellow, Atlantic Council's Cyber Statecraft Initiative); Jim Moran (Senior Policy Advisor, Nelson Mullins); and Gawdat Bahgat (Professor, National Defense University's Near East South Asia Center for Strategic Studies).

Dr. Shires began the discussion by setting the scene on cybersecurity issues in the Middle East, the types of risks they bring, and how they can be countered. He divided cybersecurity into two distinct categories: security of information (e.g. social media) and the security of networks (e.g. preventing hacking into interconnected networks). Security of these networks matters for economic development which is increasingly tied to digitization; for critical infrastructure linked to energy, health and the provision of basic services; for reasons linked to individual privacy and rights and the way individual citizens can negotiate these rights; and for interstate relations where some states use cyber capabilities to target networks and organizations in other states in the region. Jump to Dr. Shires' remarks (approximately 10 mins) here.

Mr. Handler suggested that the threats linked to cybersecurity will only escalate as Middle East economies grow and become more digitized. He noted how it is important for the U.S. and its allies to evolve their approach to cyber issues: by rejecting an "all or nothing" approach; reframing what success looks like; competing better with a focus on incremental improvement; and being more nimble with the understanding that cyber "events" are no longer big, infrequent attacks but rather a low-grade, consistent threat. To guide this evolution, he referenced counterterrorism strategy given the similarities between the two realms (both characterized by non-aligned actors, shadow networks, and a continual competition for information). Cooperation between governments is critical to success, he argued, and recent cybersecurity agreements between allies are one indication coordination is increasing. Jump to Mr. Handler's remarks (approximately 10 mins) here.

Mr. Moran outlined three main areas of the cybersecurity debate that he believes are most salient: Iran, the U.S. relationship with its allies, and the cyber hacking that has infected the U.S. political system over the past several years. His concern across these three areas is that the ongoing cyber war between the U.S., Iran, Saudi Arabia and Israel could escalate to a broader international confrontation. Furthermore, he suggested that the current flow of new digital technologies between private companies, particularly in the U.S. and Israel, and other governments or non-state actors is problematic. This is because cutting-edge cyber technology is being used to target journalists, human rights activists and protesters expressing opposition to their governments. Jump to Mr. Moran's remarks (approximately 15 mins) here.

Dr. Bahgat focused his remarks on Israel and Iran, the two most powerful cyber actors in the Middle East, in his view. He explained how Israel and Iran don't want war in the traditional sense. Yet this conflict is the most important one in the region, Dr. Bahgat believes, and takes place in Syria and Iraq, as well as through cyber warfare. Cyberwar is cheaper than traditional warfare and attribution is a challenge, making it easier to launch attacks on critical or military infrastructure with plausible deniability. Also, there are no international regulations that structure the conduct of cyber warfare, another reason why these two countries prefer to compete in a cyber "grey zone." Jump to Dr. Bahgat's remarks (approximately 10 mins) here.