Since 2002, Israel has been working to protect its critical information systems from cyberthreats. Key among the initiatives was the creation of the National Information Security Authority under the national secret service.
“Ten years after, we could be satisfied that at the national, military and critical infrastructure level, we were protected,” Rami Efrati, former head of the civilian division of the Israel National Cyber Bureau, tells Aviation Week.
But that was an illusion. With organizations becoming interconnected with less-secure entities, the former become larger targets that are more vulnerable to attack. “We can effectively protect a military network or a central database at police headquarters,” Efrati says. “But who will protect the computerized production line of a pharmaceutical industry, or water desalination plant?”
According to Efrati, even with the best security systems, modern advanced persistent threats—in which embedded computer systems have been infiltrated by attacks that can remain dormant for years, quietly collecting information and funneling it back to the originator—are compromising almost every network.
The more developed and connected societies are, the more vulnerable they become, and this is not limited to compromising privacy or information security. As the “Internet of things” becomes a way of life in the very near future, many systems that our lives are dependent on could be compromised. This trend is particularly alarming for the defense, energy, transportation and finance sectors, where compromised security can be catastrophic.
“In the past, we considered our networks secure as long as they were not connected to the Internet. Today, we know that no network is protected and no electronic appliance is secure.”
In 2012, Prime Minister Benjamin Netanyahu announced the creation of the National Cyber Bureau as the authority within his office providing defensive capability for Israel. The initiative also encouraged investors and entrepreneurs to support cyber-startup companies. Netanyahu set a goal for the Israeli cybermarket to become one of the top five global leaders in cyberdefense.
The bureau supports high-tech companies in developing advanced solutions to address the challenge of cyberattacks. The organization backs human capital for cyberoperations, supporting research and development and establishing collaborative environments for information sharing, simulation and testing. All of these factors will help Israeli developers facilitate international information-sharing about evolving threats and cybersecurity.
“Such advanced threats require protection beyond the perimeter, by monitoring the activity inside your own network—based on intelligence, and analysis usage patterns—seeking to spot anomalies that could indicate such illusive threats,” Efrati says. Such skills are beyond the abilities of a commercial company or a small business, even if it is part of the supply chain serving a defense company or government agency.
The cyberbureau also encourages academic research, by funding institutions that offer computer science, math and engineering. It also seeds venture capital funds for companies and collaborats with the Defense Research & Development Directorate to find commercial technologies with a “dual-use” application.
Efrati led the establishment of Cyber Innovation and Research Centers in Israel by well-known world technology companies. The efforts yielded rapid results. “In less than two years, the number of Israeli companies associated with cybersecurity increased from 50 to 220, raising more than $400 million in 78 funding cycles,” he says.
The new trend also has attracted international corporations seeking to develop their own capabilities in the area. Cisco already has said it is committed to establishing its “Cyber Innovation” center at Beer Sheba, which is known as the “Cyber Capital” of Israel. It is home to the National Cyber Campus—CyberSpark, a cyber industry zone to be located adjacent to Ben-Gurion University, where Israel's national Computer Emergency Response Team (CERT) is established.
Other companies including Cisco, IBM,, , Intel, EMC Corp. and RSA, the security division of EMC, are already familiar with Israel's advances in this area. Enhancing these capabilities with cybersecurity would be an obvious evolution from the electronic design, software development and networking they have already developed.
Because the threat of cyberattacks is international, the solutions will need to be global as well, Efrati explains. “Getting there is not simple, it takes time, confidence-building and considerable investment, but together we can get there. We expect our new CERT to be connected to other CERTs in other countries, sharing information about threats, attacks, vulnerabilities and methods,” he says. “We also plan to establish sectorial CERTs, addressing specific industry sectors such as aviation, transportation, health care, finance or energy. By focusing on specific sectors the dialogue between cybersecurity experts and information-systems personnel would be improved, enabling more efficient cooperation and better response in time of emergency.”
In addition to emergency response teams, Israel's cyberbureau has also established a “national test range”—a testbed for developers. The facility collects data sets of representative systems and threats, emulating large-scale systems and real threats in a safe, yet responsive and realistic environment. Israel plans to open the testbed to its international partners.
The threat remains real and changing. Cyberattacks are already targeting some of the most sensitive assets that nations have safeguarded for years—assets that are now more vulnerable to attack than ever before.
“When a rocket is fired at you across the border or a missile is launched from a distant nation, you know exactly where it came from. Attribution is clear, and in such cases, even if the specific attacker is hidden, there are 'fingerprints' that can identify the perpetrators and the origins of weapons,” Efrati says.
Cyberattack is a type of asymmetric warfare. It is much easier to attack, but far more difficult to defend against. Attackers are launching their activity shaded by the anonymity of the web, assisted by hired hackers and crowds of “bots”—millions of users unaware that their personal computers and smartphones are being hijacked to carry out unlawful espionage, criminal acts or to deliver attacks.
“Cyberattacks are hidden and illusive, and as such, bear no attribution. Yet they have the potential to cause even greater damage than missiles and bombs,” Efrati says. “Such attacks are cheaper to launch [and] operations do not require significant infrastructure or national support. In fact, attacks are often launched using proxies, hiding their true origin, thus avoiding retaliation by the victim.”
The asymmetric nature of the threat is that even small but determined militant groups now have access to potent weapons, without needing to maintain a powerful arsenal.
Still, despite the secrecy, the knowledge required to launch cyberattacks is far from universal. “An attack against a critical infrastructure is a military operation, based on intelligence, planning and execution that requires financial [outsourcing] or operational means far beyond those available to ordinary hackers,” Efrati says.
“High-risk cyberattacks are likely dependent on support from national levels and this support is most likely covert, unless it is compromised. These capabilities already exist in cyberspace, primarily in the anonymous, lawless 'darknet,' where cyberterror and cybercrime flourish,” he notes.