Story

Fighting the next cyber war

Operators of the police emergency hotline found themselves under a blitz of phone calls by nervous Israelis trapped inside elevators; emergency services received panicked distress calls reporting of a horrifying train accident; the transportation minister was told that Ben Gurion International Airport was all but paralyzed and the government was summoned for an emergency meeting: "Israel is under a massive cyber attack. Are we at war?"

This is only a scenario, but could it really happen?
"One of the characterizations of cyber-attacks is the difficulty in determining the aggressor's identity, as well as whether the attack is a minor breach or a full-scale onslaught," Prof. Major-General (Ret.) Yitzhak Ben Yisrael, one of the founders of the National Cyber

Directorate and a pioneer in cyber development in Israel, explained.
Ben Yisrael served as head of the Defense Ministry's Administration for the Development of Weapons and the Technological Industry, and is currently the director of the Yuval Ne'eman Science, Technology & Security Workshop at Tel Aviv University.

"You wake up one morning, turn on the radio, and hear of a railroad accident with 300 casualties – a cyber-attack isn't the first thing that comes to mind. If enemy warplanes unleash an attack any nation immediately mobilizes its armed forces, but the source of a cyber-attack is hard to pinpoint, unless you have first-rate intelligence," he said.
"Last year, the president of the United States announced that a major cyber-attack on his country would be considered a declaration of war. This is US policy and it makes sense, but you have to remember that in the midst of an attack, it's very hard to determine where it's coming from."

Ben Yisrael, along with former Air Force Commander Major General (Ret.) Eitan Ben Eliyahu and Colonel (Ret.) Rami Efrati, formally of the IDF Military Intelligence Directorate and today the assistant-director of the National Cyber Directorate, were invited to participate in a special war games exercise hosted by IsraelDefense.

"We have to differentiate between attacks on critical and non-critical systems. If a bank is breached, it doesn’t necessarily mean that the country will collapse. On the other hand, in case of a cyber-attack against critical infrastructure in wartime, such as command and control systems, the entire infrastructure is neutralized," Ben Yisrael added.

National Cyber Defense is Tricky

Colonel (Res.) Rami Efrati believes that while extreme, a scenario that sees an integrated, simultaneous cyber-attack against several critical systems is possible.

"Based on similar events that have taken place around the world in recent years, one can see that the field of cyber-offensives is escalating and it might reach extreme scenarios like the one described.

"On the other hand, the field of defensive measures requires significant improvements, since thwarting such attacks requires considerable operations and professional knowledge by various entities," Efrati said.
"

The attacker seeks the existing vulnerabilities in the system, whereas the defender must 'hold the line' and ensure that there are no vulnerabilities," he continued.

"When discussing national defense, the line is long and wide and professionals with considerable technological savvy and capabilities are required to handle these types of threats.

Furthermore, the field is characterized by several problems, including a difficulty in identifying the assailant; the ability to discern the attacks themselves from a clutter of information and even realizing whether the event in question is an attack or just preparations for one."

Major General (Ret.) Ben Eliyahu said that it is important to prepare for a cyber-attack by creating certain backup mechanisms that keep vital systems running in case of a malware strike against critical infrastructures.

"We're talking about a concept of safeguards and backup measures built into the system in the early stages of development. Why is this important? Because when a breakdown occurs, reaction-time is virtually nonexistent.

The victims need to employ technological defenses, but they must also remember that when a new fighting arena manifests there are checklists, training schedules and emergency procedures to follow – things outside the realm of software and well into the tactical arena.

"We have to understand that we must prepare for a different kind of mobilization until the IT guys deal with the problem from their end."
In the case of hundreds of fatalities in a runway train crash due to a cyber-attack, should Israel mount a physical retaliation, via an air strike for example, or should it limit is response to the cyber sphere?
"

If we're attacked, then it's legitimate to retaliate by any means," Ben Yisrael asserted, "especially when lives are lost. However, if there are no casualties and the damage extends only to computer systems, then a physical retaliation is unnecessary.

"Nevertheless, the challenge remains the discerning of whom to target and how. It's possible that the aggressor isn't cyber-vulnerable. Some of our enemies are Third World countries and if we were to hit their cyber infrastructure, the effect would be minimal.
"Another problem is the deterrence factor: even if we know who the aggressors are – say they were Syrian – they may not be operating from Syria. They can be based in Paris for all we know. What should we do then? This is definitely a challenge to our deterrence capability," he explained.

War of a Different Kind

Unlike conventional warfare, an all-out cyber-attack will not target just one field, but is likely to simultaneously target multiple fronts.
"There is no 'war' in cyberspace. We're talking about effects that compromise our physical life in the air, at sea, or on land. Battles that were once waged with bows and arrows – are now waged electronically and these electronic and technological measures can wreak havoc on modern society," Ben Yisrael stated.

Another issue raised during the exercise was the need for a cyber corps or cyber headquarters, to coordinate Israel's various activities and conduct training exercises for various cyber-attack scenarios.
"Cyber technology can be more devastating than explosives and missiles," Ben Eliyahu warned, "But to date, no cyber command has been established.

"No one denies that we're at the dawn of a new age," he continued. "Cyberspace is a major theater of operations. Despite the huge tactical and technological investment made in meeting this challenge, an unchecked cyber-attack could unleash untold damage.

"We have to figure out a way to create deterrence and design a recovery plan, even though this seems like a daunting task. We have to look for and implement tactical and intelligence solutions – not at the expense of development endeavors, but alongside them."
Ben Eliyahu further explained that, "We have learned which indicators will point us to a cyber-incident. If we know where such efforts are concentrated then we know which countries have these capabilities and what intelligence resources need to be utilized in order to stop them."

So what you are saying is that cyber warfare is similar, in a sense, to aerial warfare?

"Yes, only now we're talking about a new dimension."
How much would you invest in devising such offensives?
"The fact that a new age and new theater of operations has emerged on the national and military levels means that we have to make all the necessary preparations. Even the realization that resources have to be allocated is a step in the right direction. No one has any illusions – manpower will have to be increased in this sphere at the expense of others," he admitted.
Computer Wisdom First

In the summer of 2011, the government adopted the recommendations of Ben Yisrael's National Cyber Initiative and approved the formation of the National Cyber Directorate, tasked with coordinating cyber activities on both military and civilian levels.
How do you prepare for war from the cyber, educational andnational points of view?

"Mounting cyber defense on a national level is built on several layers," Efrati explained.

"The first is education and academia: developing human capital and technological infrastructure to position Israel as a leader in the cyber field. The second is the promotion of the Israeli industry so that it will be a leader in the field.

"The third is regulation, authorization and standardization, which will result in significant steps in defending all elements that may suffer as a result of a cyber-attack against Israel. The fourth measure is raising awareness to the risks and the tools needed to handle them, so that every Israeli citizen will be an active partner in protecting Israeli cyberspace.

The last is promoting global technological cooperation towards protecting our cyberspace."

Israel is a very technologically advanced country. Is this an advantage or disadvantage in the cyber sphere?
"The fact that Israel is very technologically advanced represents both an advantage and a disadvantage," Efrati hedged.

"The advantage is that it places Israel at one of the best starting points with regards to technological knowledge and control. The disadvantage is that it makes us more vulnerable to cyber-attacks. In my opinion, the advantage outweighs the disadvantage and we must leverage it in order to bolster Israel's cyber defense capabilities."

Prof. Ben Yisrael, the taskforce you led has contributed significantly to Israel's defense, but on the other hand, we have been caught unprepared by hackers. Which scenarios are we prepared for?

"The Tel Aviv Stock Exchange system was infected by malware. The market, as you know, runs on computers, but since it's a protected system, it was able to separate the attack from its ongoing operations. As proof, trade continued unhindered. However, during the attack, no one could access the TASE website. This is a protected system because Israel linked it to other protected systems.

"To say that the cyber-attacks caught us unprepared is incorrect, because critical infrastructure systems were protected, albeit not completely.

We were happy to learn that we are one of the world's five leading countries in the field of cyber protection, but there remains an Achilles heel.

"We found that as computerization is taking over every aspect of our lives, almost every vital life system is computerized nowadays, so we must continuously expand and upgrade our cyber-defense network. One system cannot guarantee protection for everything all the time. This is why we must establish and enforce regulations, laws, and standards."

Ben Yisrael stressed that Israel must pursue new legislation as well: "Take credit card companies, for example. They're not under the protection of the State's systems because they are privately held companies, so new laws have to be passed. (Shin Bet Chief)

Yoram Cohen is promoting this, but there are still loopholes.
"These issues are rather intimidating," Ben Eliyahu concluded, "But Israel is a very advanced nation. Be that as it may, we still don’t know how protected we really are."