Cybersecurity has become a critical component of national security. There has even been growing concern about cyber threats emanating from Morocco.
Sergio Delgado Martorell
Journalist specialised in technology, cybersecurity and innovation
To better understand whether Morocco poses a real threat to Spain’s cybersecurity, it is necessary to analyse several key factors, including historical incidents, Morocco’s cyber capabilities have historically been complex, characterised by periods of cooperation and tension. In the cyber realm, there have been accusations and suspicions of espionage and cyberattacks between the two countries.
One of the most notable incidents was the alleged use of Pegasus spyware, developed by the Israeli company NSO Group. In 2021, it was revealed that Pegasus had been used to spy on politicians, journalists and activists in several countries, including Spain.
There were suspicions that Morocco may have used this software to spy on prominent figures in Spain, including Prime Minister Pedro Sánchez. Although Morocco denied any involvement, the incident increased mistrust and concerns about Moroccan cyber activities.
Also in 2019, several Spanish government institutions and companies reported cyberattacks that appeared to be coordinated and well-executed. Although it could not be directly attributed to Morocco, the characteristics of the attacks and the political context at the time, related to disputes over Western Sahara and tensions in Ceuta and Melilla, suggested the possibility of a Moroccan origin.
In 2014, Spain suffered several leaks of sensitive information related to its migration and security policies in North Africa. Subsequent investigations suggested that hackers with possible links to Morocco may have been behind these leaks. The nature of the compromised information pointed to an interest in Spanish movements and strategies in the region.
In 2011, attempts to infiltrate the social networks and emails of Spanish activists and journalists covering sensitive issues in Morocco, such as the Western Sahara conflict, were discovered. These cyber espionage attempts were attributed to actors believed to be operating from Morocco, seeking to obtain information and possibly intimidate those reporting on these issues.
While between 2007 and 2010, Spain experienced several incidents of phishing and malware distribution that appeared to target government and corporate entities.
Although these incidents were not directly attributed to Morocco, the nature of the targets and attack patterns indicated the possibility of a campaign organised by actors with interests aligned with those of the Moroccan government.
Morocco’s cyber capabilities
Assessing Morocco’s cyber capabilities is key to determining whether it represents a significant threat to Spain. Morocco has shown increasing interest in developing its cyber capabilities in both the civilian and military sectors. The country has invested in technological infrastructure and promoted cybersecurity education.
The establishment of the Directorate General of Information Systems Security (DGSSI) and the creation of cyber incident response teams (CERTs) indicate a serious focus on cyber security.
However, the scale and sophistication of Morocco’s offensive cyber capabilities are not as well documented as those of other countries with known cyber espionage programmes.
Motivations and geopolitical context to consider
The motivations behind any potential Moroccan cyber threat to Spain can be diverse and complex. Political and territorial tensions, such as the conflict over Western Sahara and disputes over the autonomous cities of Ceuta and Melilla, can influence cyber actions.
Morocco may have an interest in obtaining sensitive information on Spain’s policies and strategies regarding Western Sahara, a disputed region that Morocco claims as part of its territory. Moreover, recurrent tensions over Ceuta and Melilla, Spanish enclaves in North Africa, may generate an environment conducive to cyber espionage.
However, Spain, as a larger power than Morocco and a member of the EU and NATO, is not a passive bystander in the cybersecurity arena. The country has developed a robust infrastructure to protect against cyber threats, including the creation of the National Institute for Cybersecurity (INCIBE) and the Cybersecurity Coordination Office (OCC).
In addition, Spain works closely with European and international partners to share information and best practices in cybersecurity.
Spanish companies, especially in critical sectors such as energy, telecommunications and banking, have also implemented advanced cybersecurity measures to protect their infrastructures. Awareness and preparedness for cyber threats have increased considerably in recent years, improving the country’s ability to detect and respond to potential attacks.
But what is the real risk?
Assessing whether Morocco is a real threat to Spain’s cyber security involves considering both capability and intent. While Morocco has developed certain cyber capabilities, there is no conclusive evidence that it possesses the sophistication to carry out large-scale cyber attacks against Spain. Suspicions of espionage, while worrying, do not amount to an imminent and direct threat to Spain’s critical infrastructure.
Intent is also a crucial factor. Although political and territorial tensions exist, Morocco and Spain also have a cooperative relationship in areas such as trade, counter-terrorism and migration management. These ties could act as a deterrent against Morocco engaging in cyber-attacks that could seriously damage the bilateral relationship.
While there are reasons to be vigilant, there is insufficient evidence to conclude that Morocco poses a real and significant threat to Spain’s cybersecurity at present.
Morocco’s cyber capabilities are developing, but are not considered top-tier compared to other state actors with advanced cyber programmes. The motivations behind possible cyberattacks could exist due to political tensions, but there are also strong incentives to maintain a stable and cooperative relationship.
Spain must continue to strengthen its cybersecurity infrastructure and remain vigilant against suspicious activity. International cooperation and information sharing will remain essential components to protect against all forms of cyber threats, including those that could emanate from Morocco.
