Export controls strangling Israel's cyberattack industry

• Published date: 25 April 2022
• Author: Assaf Gilead
• Publication title: Globes (Rishon LeZion, Israel)

Several senior figures in the sector told "Globes" that Nemesis shut down after the Israel Defense Exports Control Agency (DECA) refused to grant a license to export its intelligence software to countries in South America and Africa. In several other instances, the approval process was continually extended with no final response forthcoming. Eventually the company collapsed under the weight of its employees' salaries, most of them highly sought after cyber coders, who expect the highest of salaries

US pressure

Many senior executives in Israel's cyberattack industry have complained in recent weeks of an abrupt change in policy by the Ministry of Defense towards Israeli companies exporting spyware for intelligence use. Since January, Israel's Ministry of Defense has significantly restricted the number of countries with an exemption for marketing licenses for spyware, to just 38 democratic countries in Western Europe and North America as well as Asia-Oceania countries such as Australia and New Zealand, South Korea and Japan. Israeli defense exports totaled $11.3 billion in 2021, of which about 4% was in intelligence and cyber systems, worth about $450 million.

When new measures were announced last November, the widespread assumption in the industry was that cyberattack exports would not be banned to countries that were not blacklisted like India, Poland, Chile, Mexico and the UAE, but individual export permits would be needed from the Ministry of Defense, at the start of the sales process for each individual deal. However, in the past few months, it has become clear that the Ministry of Defense is virtually not issuing any marketing or export permits, except for the limited list of democratic countries, probably following US pressure exerted on Israel.

Last November, the Biden administration declared that a serious war on harmful spyware was part of US foreign policy, among other things, for tracking opposition figures or human rights activists around the world. The US struggle on the matter focused on Israeli companies NSO and Candiru, which were put on the Department of Commerce's blacklist, while a range of Greek, French, German and Chinese companies, engaged in the field, were left off the list.

"An entire industry is being starved"

The closure of Nemesis, senior sources in the sector told "Globes," is a harbinger of future difficulties for other companies in Israel's cyberattack industry. Companies such as NSO itself as well as Cognyte, Quadream...