Security Experts:

Connect with us

Hi, what are you looking for?



Does the Free World Need a Global Cyber Alliance?

The increasing incidence of aggressive cyber activity from Russia, China, Iran and North Korea, together with heightened concerns over the war in Ukraine, raises an important question: should the free world unite with a global cyber alliance in response?

The increasing incidence of aggressive cyber activity from Russia, China, Iran and North Korea, together with heightened concerns over the war in Ukraine, raises an important question: should the free world unite with a global cyber alliance in response?

At Cybertech Tel Aviv 2022 (March 1-3, 2022), founder of VC firm JVP, Erel Margalit, called for a global cyber alliance in response to the Russian invasion of Ukraine. “Leadership is required to establish a democratic cyber alliance, including NATO and other free countries, in order to lead values-based cyber that will support democracies and people, and will say ‘enough!’ to dictators and to those who support them,” he said.

At the same time, on March 2, 2022, Robert Silvers of the U.S. DHS and Israel’s National Cyber Directorate director-general Gaby Portnoy signed a cyber collaboration deal between the two countries. This followed a new agreement between the UK and Israel announced in November 2021 – which was described by the UK government as something that “will enable closer working in diplomacy, defense and security, cyber, science, technology, and many other areas.”

Such agreements never publicly disclose the extent to which the intelligence agencies of the different countries will work together, but we can assume that it is part of the arrangement. A third new alliance, known as AUKUS, was more upfront about its design and ability to deliver offensive cyber operations, clearly focused on the Indo-Pacific region and China’s activities.

It is important to understand what we have before asking what we need.

Israel’s emergence as a cyber ally

Cyber AllianceIsrael is not known for its cyber relationships, but is well known for its cyber capabilities. It is generally thought that Israel worked with the NSA on the delivery of Stuxnet against the Iranian nuclear facility at Natanz in the early 2010s – but it must be noted that the U.S. has never declared or admitted any involvement.

The continuous conveyor belt of new and innovative cybersecurity companies being formed by Israeli Defense Force (IDF) alumni also attests to the depth of cyber knowledge and training within the country.

The Belfer Center at the Harvard Kennedy School published a ranking of national cyber power in September 2020. It produced a list of “the most comprehensive countries with the highest level of intent and capabilities” comprising, in this order, the U.S., China, the UK, and Russia as the top four.

Belfer placed Israel at number 11 in the world. Its methodology was to add data to a mathematical model. The International Institute for Strategic Studies (IISS) takes a different approach, and adds qualitative assessments to Belfer’s quantitative approach. IISS separates cyber power into three tiers. Tier #1 has the U.S. on its own as the sole world cyber superpower. Tier #2 includes China, the UK, Russia, Canada, Australia, France – and Israel.

Clearly, the addition of Israel to the free world’s cyber alliances is a good thing.

AUKUS and the Five Eyes

AUKUS was announced on September 15, 2021. There are two parts to AUKUS – a vehicle to provide nuclear submarines to Australia, and the formation of defensive and offensive cyber capabilities to counter Chinese activities in the Indo-Pacific region. There was some surprise at this new alliance since the three countries are three of the five countries comprising the existing Five Eyes alliance. However, the Five Eyes is primarily signals intelligence while AUKUS is likely to deliver offensive cyber operations where necessary. It was the U.S., UK and Australia that together performed cyber operations against the Islamic State.

The Five Eyes (U.S., UK, Canada, Australia and New Zealand) evolved as an extension of the UKUSA treaty that itself grew out of the informal agreement between the U.S. and UK during World War II. The agreement was formalized in March 1946, and expanded in subsequent years to include Canada, Australia and New Zealand. Other countries, such as Germany, the Philippines and some Nordic countries, have joined as third parties – but the core remains the original Five Eyes.

The Five Eyes intelligence relationship is probably the closest and most powerful intelligence relationship in history.

At first, the existence of the Five Eyes remained secret (just, in fact, as the very existence of the NSA and GCHQ remained secret for many years). The Prime Minister of Australia didn’t learn about Five Eyes until 1973; it was not disclosed to the public until 2005; and it was only in June 2010 that the full text of the UKUSA agreement was made public.

This treaty is often considered to be the basis of the so-called ‘special relationship’ between the U.S. and the UK.


The core of the Five Eyes remains the NSA and GCHQ. This is a complex relationship that is so close that the two organizations are sometimes described as twins. This is wrong. The two organizations have very different structures and primary purposes.

The NSA is run by a military officer – currently General Paul Nakasone. Nakasone is a four-star general who also heads U.S. Cyber Command. For the first he reports to the undersecretary of defense for intelligence, and for the latter he reports directly to the secretary of defense. There is a strong military theme that runs through the NSA. Officially, its purpose is to secure DOD and U.S. military networks. More directly offensive operations are conducted by U.S. Cyber Command and the CIA.

GCHQ, on the other hand, is run by a civilian reporting to the Foreign Secretary. Its responsibilities support the military but go beyond this, working closely with law enforcement to go after serious organized crime within the UK – such as pedophile networks.

The two agencies are different. The relationship is complex and close, and it is difficult to think of any closer intelligence alliance. But they do not automatically share all information between themselves nor the other Five Eyes partners. There are things the NSA will want to do without sharing it with other agencies, and GCHQ is the same. 

Neither the NSA nor GCHQ are officially charged with offensive cyber operations – but both have done so in the past. A more recent development in the UK has been the formation of a National Cyber Force (NCF), which brings UK cyber operations more in line with the U.S. model – and for the first time acknowledges that GCHQ may have some offensive responsibilities. Plans were announced in 2018, but it wasn’t effectively established until 2020. 

NCF is part of the MoD, the Defense Science and Technology Laboratory, the Secret Intelligence Service, and GCHQ. The government describes it as “a partnership between defense and intelligence, it is responsible for operating in and through cyberspace to disrupt, deny, degrade and contest those who would do harm to the UK and its allies, to keep the country safe and to protect and promote the UK’s interests at home and abroad.” It clearly has the remit to direct offensive cyber operations against ‘the enemy’ in justified cases.

NCF is the equivalent of the U.S. combining the cyber operations of Cyber Command, CIA, FBI, and the cyber operations of the military forces into a single organization. But there is also an element of necessity – the UK simply doesn’t have the budget to maintain the separate number of ‘3-letter’ agencies that exist in the U.S.

Long-term relationships and short-term politics

There is one surprising element of the major international intelligence treaties – their longevity and persistence. They survive political change with a broader collective interest that transcends the coming and going of individual politicians. 

In recent years there was concern that the U.S./UK special relationship (the one based on the NSA and GCHQ relationship) might fail with the U.S. change from Trump to Biden. It was generally acknowledged that President Biden had scant regard for Prime Minister Johnson because of the mutual admiration between Trump and Johnson. And Biden even issued warnings to Johnson over the ‘sanctity’ of the Good Friday Agreement in Ireland following Brexit.

The Good Friday political agreement was signed in April 1998. It brought an end to the so-called ‘Troubles’ in Northern Ireland between ‘loyalists’ wanting to stay within the UK, and the Irish Republic-favoring republicans. Now Northern Ireland is part of the UK while Southern Ireland is part of the EU – and the potential for new tensions has returned. But despite Biden’s less-favorable view of the UK, UKUSA just continues.

A similar concern now occurs for GCHQ – the fear that Brexit would break the ties with EU national intelligence agencies. The European Commission has had concerns over GCHQ and personal privacy ever since Snowden’s leaks about GCHQ and the NSA; and has even threatened legal action. But the individual relations between GCHQ and the individual EU member state intelligence agencies seems to be persisting – aided, perhaps, by the absence of national security from the EU’s political remit.

Where are we now?

Out of necessity, we have concentrated on the major international free world cyber and intelligence relationships. In reality, there is a global patchwork of individual agreements between different nations throughout the free world; many of them ultimately coalescing around the Five Eyes hub. For the most part, these are security information sharing arrangements – relatively few nations have the ability or confidence or political will to engage in offensive cyber operations. In this sense, there are two separate networks: gathering intelligence (for example, Five Eyes), and responding offensively to that intelligence (for example, AUKUS).

Does the free world need a single global cyber intelligence organization? The answer is almost certainly ‘No’. Firstly, such a move would likely drive Russia and China closer together – perhaps including Iran and North Korea and Russian and Chinese satellite nations – into their own special relationship.

Secondly, it would be unworkable. Friends keep secrets from friends when the economic or political necessity demands. Just consider the French reaction to the AUKUS announcement. France described it as a ‘stab in the back’, and within a couple of days recalled its ambassadors to both the U.S. and Australia. France lost a multi-billion euros submarine deal over AUKUS.

Related: Russia, Ukraine and the Danger of a Global Cyberwar

Related: Russia-Ukraine: Threat of Local Cyber Ops Escalating Into Global Cyberwar

Related: Talking Global Cyberwar With Kaspersky Lab’s Anton Shingarev

Related: The United States and China – A Different Kind of Cyberwar

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.