The Quiet Operational Architecture Behind U.S.-Israel Integration

Freddie Ponton
21st Century Wire

GenXGirl’s recent article, “Backdoor Alliance With Israel,” does a good job of tracing the policy architecture behind the deepening U.S.-Israel security relationship. She correctly identifies how NSPM-12, several legislative vehicles, and Pax Silica are being used together to create pathways for greater integration. Her framing is useful and timely.

What GenXGirl’s piece does not fully develop is the operational layer already in motion beneath those policy instruments. The reporting maps the intent. This article today is the part that moves the story from mapping the policy architecture to showing the operational layer already in motion. It shows how access is already moving through procurement channels, certifications, and existing legal authorities, and how new legislation is being used to make that access harder to reverse.

The evidence does not point to a future architecture waiting to be assembled, but to systems already operating within U.S. federal networks that are now being legally fortified. We can demonstrate that the implementation proof exists and can be mapped.

The legal root was already there

The current debate often begins at the wrong point. It treats the new bills and memoranda as the starting gun, even though the legal foundation predates them by decades. The 1982 General Security of Information Agreement (GSOIA) — effected by exchange of notes in Tel Aviv on July 30 and Jerusalem on December 10, 1982, with an Industrial Security Annex dated March 3, 1983 — already created the bilateral framework for classified exchange between the United States and Israel, including controlled information sharing involving cleared contractors and project agreements. That is not a theory. The old legal spine of the relationship needs to be described in detail if one is to understand what is being implemented today. 

Under the GSOIA framework, Project Agreements can be concluded by designated Executive Agents on each side. On the U.S. side, through the relevant Military Department or Defense Agency, and on the Israeli side, through the Director of International Programs and Cooperation at the Directorate of Defense Research and Development (DDR&D / MAFAT). This means Israeli entities do not require new legislation to receive classified material under a co-production arrangement. They need only a valid Project Agreement under the existing GSOIA. The five bills and NSPM-12 do not create this pathway. They supercharge it.

Our analysis shows that the new legislation is not inventing access from scratch. Instead, it is widening, modernizing, and hardening a channel that already exists. Therefore, the practical question is not whether the United States and Israel can share classified material. They already can. The question is how much further that exchange is being normalized, how many systems are already inside the orbit, and how much discretion is being removed from future reversals.

The operational layer is already inside the machine

The clearest example is Axonius. Founded by three Unit 8200 veterans — Dean Sysman, Ofri Shur, and Avidor Bartov — who met while serving on the same team, the company is already running inside more than 70 federal agencies, including DoD, DHS, Energy, Treasury, Transportation, Agriculture, and Health and Human Services. It passed a Defense Innovation Unit prototype and a Defense Information Systems Agency production pilot for Cyber Asset Inventory Management. The solution met the criteria for success and was approved for DoD-wide use. It is now available under DoD Enterprise Software Initiative Blanket Purchase Agreement N66001-23-A-0050 through DLT Solutions GSA Schedule GS-35F-267DA. Any DoD component can procure it without a separate acquisition action. The platform gives operators unified visibility and control over devices, monitors privileged accounts, detects unsanctioned applications, and supports Zero Trust enforcement across DoD networks.

This is not a minor administrative detail. Asset-management software defines what the network looks like, who is connected, and what can be isolated. Whoever controls that layer controls the map of the machine. Once a vendor is embedded there, the relationship becomes harder to challenge because it is no longer a political abstraction, and it becomes an operational dependency.

CyberArk, founded by Unit 8200 alumnus Udi Mokady, manages privileged credentials on National Security Systems, the highest-value access layer in any classified environment. Privileged access is not a side function. It is the key to the vault. A company that handles it helps determine who gets inside the network, when, and under what authority. CyberArk achieved NIAP Common Criteria certification, explicitly validating its Privileged Access Security Solution meets strict security requirements for U.S. National Security System procurement. Its products are available through multiple federal procurement vehicles.

Check Point completes the perimeter. Also tied to Unit 8200 founders, it holds DoD certifications for enterprise software and has achieved NSA certification under the Commercial Solutions for Classified (CSfC) Program. The program explicitly enables the use of commercial products to protect classified National Security Systems data. Check Point’s firewall and security products are embedded across DoD and allied networks. In January 2026, China’s government banned cybersecurity products from Check Point, CyberArk, Palo Alto Networks, and Fortinet, specifically citing concerns that “data are being sent out” and that these firms have “deep ties to intelligence agencies.”

Taken together, Axonius, CyberArk, and Check Point show a pattern that is not incidental. Israeli-intelligence-linked firms are already embedded in the U.S. security stack across monitoring, privilege, and transport. The scale of this presence is documented. As of August 2025, more than 1,400 veterans of Israeli intelligence were working in U.S. tech, with more than 900 from Unit 8200 alone. Microsoft alone employs approximately 250 Unit 8200 alumni. Unit 8200 was also documented to have stored 8,000 terabytes of surveillance data in Microsoft Azure before Microsoft partially severed the relationship in September 2025.

GRAPHICS: The Access Map – From Policy to System
Description: This graphic summarizes the layered access already achieved through validated U.S. procurement and certification channels. It shows how policy instruments connect to deployed companies and federal systems.(Source: Created by Author)

The procurement route is the real story

This is where the story stops being abstract. The Defense Innovation Unit (DIU) and the Defense Information Systems Agency (DISA) are not ceremonial bodies. In fact, they are the practical gates through which technologies move from pilot to production and then into wider federal use. It was through those channels that Axonius was approved and pulled into the federal environment as a trusted capability.

Once a system passes through DIU or DISA and becomes available through procurement vehicles, it ceases to be a speculative vendor relationship, and the same logic applies to the NSS certification path used by CyberArk and the classified-data certifications associated with Check Point. Look at it as admissions tickets into the most sensitive rooms in the building.

The new laws are reinforcement, not origin

The legislation now moving through Congress does not create the relationship. It formalizes it. Section 224 of the FY2027 NDAA points toward an executive-agent model for synchronizing U.S.-Israel defense technology cooperation. The language that requires people’s attention is not the boilerplate, but the reference to “network integration” and “data fusion.” That is not ordinary diplomacy. We are looking at an architecture of technical merging.

Quincy Institute analyst Ben Freeman understood the implication immediately. The provision creates a path where U.S. military data could become Israeli military data. That does not mean the transfer is automatically total tomorrow morning. It means the statute builds the administrative skeleton to make such a transfer appear increasingly normal, increasingly defended, and increasingly difficult to reverse once the structure is in place.

Section 622 of the FY2027 Intelligence Authorization Act is the same kind of move in a different domain. It is designed to make intelligence sharing with Israel a default condition, while limiting the president’s ability to suspend it without specific findings and notice to Congress. Suspension would require a positive presidential finding of a specific, identifiable national security concern, followed by a 15-day advance congressional notification covering the categories withheld and an anticipated regional security impact assessment. As analyzed by ICBRIEF, this “renders the presidential carve-out functionally inert” because organized opposition to any suspension is built into the procedural requirement. In my book, this is not a trivial procedural tweak, but a lock. It takes a policy that could be managed discretionarily and pushes it toward a statutory default that is much harder to unwind.

And the timing holds importance too. The DIA reportedly raised Israel’s counterintelligence threat level to “critical” at the same moment this legislative lock was being discussed. That is the contradiction at the center of the story. The U.S. intelligence apparatus is reportedly warning about the threat while Congress is moving to harden the channels anyway. Go figure!

Fort Foundry One and the dual-use problem

The personnel map and bilateral agreements add another layer. On January 16, 2026, the U.S. and Israel signed a Memorandum of Understanding for “Fort Foundry One”, a 16,000-dunam technology park in the Negev or Gaza border area. Signed by Brig.-Gen. (Res.) Erez Eskel, head of Israel’s National AI Directorate, and U.S. Under Secretary of State for Economic Affairs Jacob Helberg, the MOU grants the U.S. a 99-year lease while day-to-day management and primary investment remain American, with U.S. and Israeli technology companies operating side by side on chip production, advanced computing, and AI development. The MOU provides for “expedited regulation” with licensing and permits capped at 120 days. It also raises the possibility of a U.S.-regulated nuclear power plant to supply the energy demands of AI data centers.

Israel was the first country to sign a bilateral agreement under the Pax Silica framework. The Fort Foundry One MOU itself states it “creates no legal rights or obligations”, standard MOU language, but it establishes the political commitment and operational framework, with implementing legislation and project agreements to follow. Given that the semiconductor and AI technologies being developed there feed directly into NSPM-12-governed NSS domains, and that NSPM-12 explicitly enables NSA agreements with foreign governments for security material, the park creates an environment where the line between civilian AI R&D and classified technology transfer is structurally blurred.

The personnel map tells the same story

David Friedman at NSO Group adds a separate but relevant layer. In November 2025, NSO Group, maker of the Pegasus spyware, appointed David Friedman, Trump’s former Ambassador to Israel (2017–2021), as Executive Chairman, simultaneously announcing that a group of American investors had taken controlling ownership. NSO retained the Vogel Group, a lobbying firm with close ties to the Trump administration. In December 2025, the Trump administration separately lifted sanctions against three executives tied to the Intellexa spyware consortium. The Commerce Department Entity List blacklisting of NSO remains nominally in place as of mid-2026. However, NSO executives have themselves downplayed its practical significance. Under NSPM-12, the NSA Director’s authority to certify tools for NSS use, combined with the bills’ push to integrate Israeli-origin cybersecurity technology, creates the procedural pathway for Pegasus-class tools to receive NSS accreditation, the Entity List notwithstanding, if the NSA Director makes a national security determination and the NSC concurs.

GRAPHIC: The Personnel Map – Who Enables the System
Description: This graphic shows the individuals, institutions, and companies driving the integration. It maps how key officials connect to agencies and companies, and how those connections feed into operational functions. (Source: Created by Author)

Section 622 is where the floor drops. On paper, it’s another intelligence‑sharing clause. In practice, it plants the flag on one simple idea, in which information moves to Israel as a matter of course. Interrupting that flow becomes the abnormal act, the thing that needs explanations and paperwork and a president willing to spend political capital.

The delicate part of any intelligence partnership isn’t what leaders say into microphones. It’s whatever moves on autopilot, the cables and feeds that no longer trigger a debate before they go out. Section 622 pushes this relationship into that zone.

Once it’s written that way, the burden flips onto whoever wants to close the valve. You are no longer continuing a cautious norm. You are “disrupting” a statutory default. You have to sign your name to that and walk into a fight.

All of this is happening while the Defence Intelligence Agency is reportedly flagging Israel as a “critical” counterintelligence threat. So the machinery is being told, in effect, to keep the pipe open at the same moment the warning lights are flashing red.

The data-fusion clause is the deep cut. Section 224 is where the article’s missing depth becomes most visible. The words “network integration” and “data fusion” are not decorative. They are the textual hinge on which deeper interoperability can be built. That is why the Quincy Institute warning matters. If military systems are integrated at the network and data layers, the boundary between allied cooperation and foreign visibility starts to erode.

This is the point readers need to understand. The statute does not have to explicitly say “give Israel your data” for the result to move in that direction. It only needs to build the legal and administrative conditions in which such access becomes routine, defensible, and normalized. That is what real operational capture looks like. Not a dramatic seizure, but a controlled, lawful, and increasingly permanent embedding.

The authorization test

The crucial test is whether any of these instruments actually authorize the access being implied. The answer is yes, but only partially and in layers. The 1982 GSOIA authorizes bilateral classified exchange under controlled procedures. NSPM-12 authorizes foreign-government technical-security agreements within the National Security System framework, though it does not grant a free pass. Section 224 and Section 622 do not prove that all implied access is already fully open, but they do create a stronger legal basis for broadening it and making it stick.

At this stage, it would be wrong to claim that every implied channel is already wide open in its maximum form. It would be equally wrong to pretend this is merely a future risk. The better reading is sharper. The access already exists in operational form, and the new law is being used to widen, normalise, and legally fortify it.

Why the original article needed this layer

GenXGirl’s reporting identifies in great detail the political convergence. This article is not meant to be better. Its aim is to add the missing implementation proof that is so much needed. It shows where the access already lives, how it entered through procurement and certification, which laws already authorize parts of the exchange, and which new clauses are now being used to lock the structure in place.

As I understand it, and what the evidence shows, is that the story is not only about a future architecture being assembled in Congress, but about a current architecture already embedded in U.S. systems, now being hardened through law.

The operational capture is not complete. NTIB inclusion is under review, Section 622 and Section 224 are pending final passage, and NSO remains on the Entity List. But the monitoring and privileged access layers are already deployed. The intelligence statutory lock is moving through Congress on a bipartisan basis. The legal and procurement infrastructure to expand it is being constructed in parallel. The story here isn’t just a future architecture under construction. We are witnessing a live deployment, and Congress is busy bolting the doors around it.

READ MORE US NEWS AT: 21st Century Wire US News Files

SUPPORT OUR INDEPENDENT MEDIA PLATFORM – BECOME A MEMBER @21WIRE.TV

VISIT OUR TELEGRAM CHANNEL

21st Century Wire is an alternative news agency designed to enlighten, inform and educate readers about world events which are not always covered in the mainstream media.

Source: https://21stcenturywire.com/2026/06/17/the-quiet-operational-architecture-behind-u-s-israel-integration/