Under mounting pressure to define and execute its foreign policy to “restore U.S credibility,” the Biden administration needs to carefully consider its focal points in the Middle East, especially in light of the region’s recent realignment following the signing of the Abraham Accords. Luckily, through cyber diplomacy and norm setting, the administration can restore its credibility without abandoning its core ideals, while also nurturing relationships in the Middle East and beyond. Such cyber diplomacy could involve both engaging with partners to strengthen rules-based frameworks around acceptable state behavior in cyberspace and using cyber to leverage wider diplomatic aims.
President Joe Biden inherits a decidedly mixed legacy from his predecessor, Donald Trump, when it comes to the Middle East. On the one hand, the Abraham Accords, shepherded by President Trump, created new opportunities for trade and collaboration between Israel and regional states. On the other hand, as a result of the Trump administration’s “twin policy legacies” (simultaneously employing “maximum pressure” against Iran and allowing regional American partners to indiscriminately pursue power) and his administration’s seeming failure to prioritize cybersecurity, along with the COVID-19 pandemic’s economic impact, the Biden administration now faces new challenges in a changing regional landscape. Tamara Cofman Wittes, a senior fellow at the Brookings Institution Center for Middle East Policy, argues that a significant restructuring of U.S. Middle East policy is “overdue” and that Biden now has the opportunity to focus on de-escalating tension with Iran, balancing relationships, and engaging in new avenues of effective diplomacy. As the Gulf states are economically weakened by the decline in oil prices and the pandemic, their influence on regional powers like Egypt and Jordan is simultaneously waning, according to Wittes.
Cyber and other digital investments could stimulate international funding and collaboration, create new jobs, and provide an avenue for strengthening (and controlling) infrastructure abroad. It also enhances the capability for calculated actions against Iran and Iran-aligned actors, within the retaliatory yet non-escalatory boundaries in which Iran itself operates. Thus, with the possibility of cyber becoming key to the Gulf countries’ national, regional, and international strategies, the Biden administration should quickly engage diplomatically to both support allies and find leverage against concerning behavior. The door is open and the opportunities bountiful.
In March 2020, the Cyberspace Solarium Commission Report (the CSC Report) was published, outlining an American national cyber strategy through 80 recommendations and 54 legislative proposals. Although most of those recommendations focus on military action and national resilience, the purpose is to deter prospective attacks by imposing high costs and limiting rewards. Pillar 2 of the report describes international non-military tools and norms that will be significant to the Biden administration in the Middle East and beyond, giving high hopes for engagement with its proposals. Those hopes also stem from statements and actions by Biden to reassert cyber as a priority and establish a leadership role to coordinate federal cyber capabilities. The report recommends strategic steps that the U.S. government should take in the interest of cybersecurity and that will in turn likely prove fruitful for its relationships in the Middle East.
Recommendation 2.1 of the report proposes creating a new cyber coordinator role. Key considerations for the success of the individual selected for the role include a private- and public-sector understanding of cyber issues, a willingness to promote norms and responsible behavior in cyberspace, and a thorough respect for the utility and danger of these technologies. These are also crucial variables for expanding and utilizing U.S influence in the Middle East. This is because, firstly, part of the coordinator’s role is to promote human rights, democracy, and respect for the rule of law through diplomacy (see Proposal 2.1 on page 49). The unjust arrest of critics of the Abraham Accords in the UAE was one example of a range of human rights concerns raised in the region, many of which involve the use of Israeli spyware and often take the shape of online censorship. Israeli spyware also appears to have played a role in Saudi Arabia’s killing of Saudi journalist Jamal Khashoggi in 2018.
Secondly, private-sector expertise will be necessary for the coordinator to bridge gaps with players like Israel, which mainly focus on concerns related to the private cybersecurity market. As the Gulf states and other regional countries invest in technology to diversify their oil-based economies, this will also be crucial for regional players beyond Israel. Although the COVID-19 pandemic and the resulting fall in global oil prices contributed to a “grim” outlook for Gulf economies in 2020, it also underscored the need for states like Saudi Arabia and the UAE to push digital innovation and increased the relevance of privacy and security concerns in return. Arguably, the Abraham Accords also illustrate the increased focus on the distribution of cyber tools. Israel’s National Cyber Directorate head Yigal Unna underlined this in discussions about the Accords’ implications, stating that “[t]here are many overtures by Israeli and Gulf companies that want to get started. The cybersphere connects people and Israel is a powerhouse in this arena — one considerably larger than its physical size or the size of its economy. We have something for every actor in the region, and they all face similar threats as Israel.” Having championed the Accords, the U.S will need to support norm setting and limiting regulations that ensure this trade does not cause further critical damage.
Encouraging and facilitating regional improvements to rights and freedoms is also relevant to the U.S’s aims, which include an open and secure internet, protection of individual privacy, and strengthened diplomatic ties. Appointing a person to engage with debates to assert rights regionally will be crucial to Biden’s larger foreign policy agenda and cybersecurity strategy. This is because such engagement will be key to rebuild trust and respect with European allies. In bridging human rights work between Europe and the Middle East with the relationships built through the Abraham Accords, the administration will also be able to facilitate the “broad like-minded” community the CSC Report promotes. The Biden administration took an important first step in the process with its recent nomination of former National Security Agency Director Chris Inglis to head up the newly created White House Office of the National Cyber Director.
All the recommendations under Pillar 2 of the report focus on the issue of influence and the aim of an open, secure, and free digital environment. The report recommends that the U.S. take an inclusive, rather than strictly human rights-focused, approach to involve and negotiate with those states that do not currently support its global vision of an open and secure internet: “Such an inclusive approach is especially important currently because U.S adversaries are engaging diplomatically with non-aligned states to erode this common vision for the internet.”
As Wittes notes, the Middle East is increasingly divided into three blocs, led by Turkey, Saudi Arabia, and Iran, all of which are experiencing pressure and influence from China, Russia, and the U.S. But as American interests in the region begin to diminish, and some regional governments are trying to reassert their relevance and economic power, cyber becomes a natural meeting point for the U.S. to maintain some long-term influence. By investing in cyber diplomacy to encourage norm development and adherence, the U.S. might be able to encourage and engage in regional trade of innovative technologies, support the economic and military growth of regional leaders to take over some of the efforts against Iran, and nurture a mutual, long-term relationship. Without sophisticated diplomatic engagement, however, opportunities to protect its wider interests would diminish. Wittes points to the risks related to digital authoritarianism: “As the United States builds on this foundation, it must also take care that its regional friends aren’t working together in ways that violate American interests or values, like enhancing the capabilities of autocratic governments to surveil citizens or repress dissent.”
It is particularly important that Biden get involved in this early on in his presidency as this will allow the administration to quickly shape its international relationships and rebuild trust. Further, the time is now as the OEWG has released its final report in March 2021, illustrating a wide international agreement on a number of norms and principles in cyberspace, and regional players are making large and significant strides, such as the UAE leading the way in agile technology regulation and establishing “go-to regional hubs for international technology companies.”
By focusing on facilitating trade and diplomacy of cyber tools, innovation, and talent in the region, the Biden administration could also disincentivize Chinese and Russian influence and promote alignment with EU allies and U.N. norms. It is critical to note, however, that the Trump administration left a challenging diplomatic legacy that the Biden administration must quickly address through clear and decisive action; time is of the essence. Diplomatic efforts around cyber action and policy will be both crucial and useful for rebuilding trust with the U.S.’s European allies and finding common ground in the Middle East.
Sarah Johansson is a Graduate Scholar with the Cyber Program at MEI. Her previous work has considered the international legal remits of state perpetrated and sponsored cyberattacks. She received her LL.B. in Law with a Public International Law focus from Queen Mary, University of London. The opinions expressed in this piece are her own.
Photo by Chip Somodevilla/Getty Images