Cyberspace is a constantly changing landscape – and Israel’s approach to cybersecurity is a lesson in adaptation, Isaac Kfir writes.
Known as a start-up nation, Israel has invested heavily in its cyber capabilities, particularly cybersecurity, out of the early recognition that cyberspace will be an important battleground of the future.
Israel faces hundreds of daily cyber-attacks ‘from all over the world.’ Many of these attacks are focused on Israel’s computer networks. Its enemies recognise that by undermining the ‘network’, they can impact the whole system, including weakening Israel’s reputation for cybersecurity. In other words, the downside of being the start-up nation is that one is especially vulnerable to cyber-attacks and breaches.
Because of the evolving threat environment, Israel’s approach to cybersecurity is holistic and flexible.
The country has fundamentally rejected a binary division between offence and defence, seeing the two as part of a continuum. This is not unusual for Israel, as when it comes to security it has also refused to demarcate what is civilian and what is military. Instead, the country sees the two spheres as linked and fosters wide cooperation between the civilian and military agencies.
Israel’s approach to cybersecurity was shaped by Professor Isaac Ben-Israel. As early as 2010, when he was the head of research and development for the Israel Defense Forces (IDF), Ben-Israel told Prime Minister Netanyahu that to develop a cybersecurity system for the future was a mistake.
Instead, he advocated for a cyber ecosystem that will know what to do when unpredicted threats come, as opposed to locking the Israeli state into a doctrinal, siloed approach. His reason was that technology was constantly evolving, and that because the rate of technological evolution is so fast, government policy can’t adapt fast enough. This is an important lesson to anyone thinking about cybersecurity.
Israel has therefore designed a cybersecurity framework rather than a system, which the government coordinates as opposed to directs. Consequently, not only is the framework able to change direction, but it also factors in that mistakes are key to the learning process.
A good example of the willingness to change direction is by looking at the National Cyber Security Authority (NCSA) which was established in 2015. The NCSA was responsible for protecting the Israeli civilian cyberspace, and was located within the prime minister’s office.
However, two years later, when it was recognised that the framework was not responding to Israel’s security needs, Prime Minister Benjamin Netanyahu established the National Cyber Directorate. The new entity unified the NCSA with the National Cyber Bureau, which had been formed in 2012 (the Bureau was responsible for leading the strategy, national policy, and the technological build-up of Israeli cyberspace).
The Directorate is now led by Yigal Unna, the previous head of the Signal Intelligence (Signit) Cyber Division in the Shin Bet domestic security agency. Unna is entrusted with all aspects of Israel’s cyber defence, from formulating policy to building technological power.
In other words, Israel created a continuum between defence and offence while also linking strategic planning with execution. Unna has emphasised the importance of cooperation between the public and the private sectors, which includes, beyond more investment in human capital and academic research, the establishment of a three-layer framework to secure Israel’s cyberspace. As Unna puts it, “Winter is still coming”.
The three layers of this framework are robustness, resilience, and defence.
To attain robustness, the Israeli government expects Israeli organisations to be cyber-secure, with the onus placed on the individual and not the government.
The resilience component requires the government to provide information as to potential threats and to offer advice on how to mitigate cyber-attacks.
The defence component calls on a whole-of-government approach to secure the Israeli cyber ecosystem, both targeting potential threats and engaging in proactive operations to weaken adversaries. This is where the military and the security services work together to ensure that Israel can protect its people and industry from attacks.
To that end, Israel’s approach to cybersecurity is driven by the idea that the country should be concerned with threats rather than attacks. Brigadier General Eyal Zelinger, commander of the IDF’s Teleprocessing Corps, noted that he treats “a threat like a threat and it matters little to me whether it’s thought up by a Chinese mind or an Iranian one … My basic worst-case assumption is that whatever I am capable of doing, they are capable of doing to me.”
One of the more interesting components in Israel’s cybersecurity framework comes from the fact that its immediate enemies (Iran, Hamas and Hezbollah) have, at least at this stage, limited technological capabilities. Therefore, the framework involves teams on the ground within the territorial space of Israel’s adversaries, who are called upon to undermine adversary servers and operators.
A second interesting component in how Israel’s approaches cybersecurity is that policymakers are willing to bring in outside experts to assess its cybersecurity capabilities – indeed, this is factored within the framework. For instance, in early 2018, the Shin Bet’s counter-espionage division brought a former senior official to assess the country’s secondary system (computer systems that are not deemed as strategic, but are important to the overall system) because they come in with ‘fresh eyes’.
The investigation revealed, “Many computers are infected, including computers in schools, hospitals, the Ministry of Interior, national infrastructures, and more – all infected with malwares (malicious software), including sub-families of malwares – which are the most sophisticated in their operation and form of infection.”
A third component in Israel’s approach to cybersecurity is the fact that it has a revolving door between the public and private sectors. Many of Israel’s leaders in the field of cybersecurity come from elite military units such as Unit 8200. Yigal Unna summed it up by stating, “When young people finish military service they look to see how they can harness the innovative ideas they were part of developing in commercial applications.” This revolving door helps to keep the public service in tuned with the latest innovation and aware of what the private sector is doing.
Israel’s approach to cybersecurity assumes that the world is a dangerous place where there are no rules. Technology is constantly evolving, which means that you must be forever vigilant to a changing balance of power. This is why a framework approach to secure cyberspace is key, as rigid doctrines and siloes may undermine security.