“Israel is blessed with many opponents, and as such, it developed core competencies mostly in the defense sector in order to be able to protect itself ” – Dudu Mimran, CTO of the Cyber Security Research Center at Ben-Gurion University.
After months of burrowing through various channels, the computer worm, codename “Olympic Games,” finally began to fulfill its goal: disrupt Iran’s nuclear development by shutting down uranium centrifuges. In July 2009, a computer engineer from Neda, which designed and installed control systems for the energy industries of Iran, complained on a Siemens online forum that his workers were having trouble with their machines. When they would attempt to run the Windows-based Siemens program that controlled their centrifuges, the computers would produce an error message. The engineer suspected a virus spread via USB but was unable to find any malware in their system. His suspicions, however, were spot on. He had just discovered the initial evidence of the world’s first cyber weapon.
In the month that followed, 328 centrifuges went offline in Iran, rising to 984 by November. By the beginning of 2010, centrifuges were failing at an unprecedented rate, resulting in a 30 percent loss. The cause was a complete mystery until June 2010, when the cybersecurity firm Belarus was recruited to investigate a seemingly unrelated incident: computer crashes at a variety of Iranian industrial companies. After some investigation, researchers found a handful of malicious files that were interfering with the Siemens program. Stuxnet, as the 500-kilobyte worm was eventually named, has been shrouded in mystery as its sophistication points to high-level organization and funding. But no nation-state has taken credit for the attack. One of the primary suspects, however, is Israel.
While Israel has long been ahead of the curve when it comes to cybersecurity, the Stuxnet attack brought cyber weapons to the forefront of international concern. Other nations began to update their defenses for the cyber age, while Israel simply continued maintaining and improving upon their already sturdy cyber defense sector. Since the 1990s, Israel has been building their powerhouse, one that has changed the way the world views warfare.
Dmitry Adamsky, in his 2017 report “The Israeli Odyssey toward its National Cyber Security Strategy,” cites two major events that brought cybersecurity into the spotlight: the assassination of Prime Minister Yitzhak Rabin (1995) and the terror attacks on 9/11 (2001). Although neither event was related to IT specifically, both events were colossal intelligence blunders, forcing Israeli intelligence to begin expecting the unexpected. These efforts motivated the government to take seriously potential cyber risks and accelerate the tempo of their cyber defense industry.
In 2002, the first landmark in Israel’s cyber odyssey came in the form of the Critical Infrastructure Protection (CIP) arrangement. According to Adamsky, the government tasked the National Security Council to outline strategies for emerging risks, resulting in Special Resolution B/84 focused on the protection of computerized systems. This became one of the first national cybersecurity policies in the world.
While the state was bolstering its cyber defense for the new millennium, entrepreneurs saw an emerging market. Dudu Mimran, CTO of the Cyber Security Research Center at Ben-Gurion University, describes the 1990s and 2000s entrepreneurial engagement into cybersecurity. “Back then, companies like Check Point were the pioneers of the field and in a way presented a dream to entrepreneurs in Israel,” Mimran explains. “Once taking into account the entrepreneurial gene that most Israelis share, the emergence of Israel as a cyber powerhouse was inevitable.” This new national interest in cybersecurity not only led to an increased governmental focus on national defense, but it also acted as an incubator for startups.
Eventually, in an effort to expand cybersecurity policy into the realms of education, R&D, security, and economic development, the state created the Israel National Cyber Bureau (INCB) in 2011. The goal of the INCB was to maintain Israel as a global cyber-power, while also achieving economic, technological, and diplomatic benefits. In 2015, the newly created National Cyber Security Authority was charged with publishing a National Cyber Security Strategy.
Israel’s Current Cybersecurity Strategy
One of the easiest ways to understand the three layers of Israel’s strategy is by imagining its cyber organizations as parts of a human body defending against disease and injury and the state as healthcare providers. The first layer of the strategy is “robustness,” referring to the defense sector’s capacity to perform efficiently and contain national cyber threats. This layer is highly preventative, acting as the state’s immune system. In order to ensure that the immune system is running at peak performance, vaccinations and a healthy lifestyle are necessary, meaning that organizations must maintain cyber immunity by constantly updating their technologies and bureaucratic procedures.
The second layer is “resilience,” referring to the state’s capacity to both deal with attacks as they come and regain normal function after the fact. Per the analogy, this layer can be viewed as what happens when a person breaks a bone. Whether the injury was avoidable or not, the body must work to heal the bone, regain normal function, and put in preventative measures to avoid re-injury. The role of the state increases in this layer as a sort of healthcare system for cybersecurity. The state’s role is to assist in threat detection, mitigate the effects, and prevent recurrence. The final layer, “defense,” prepares the nation for high-end cyber threats. In an effort to manage a large-scale incident, countermeasures are tailored toward specific attacks. Although this layer is referred to as “defense,” it is highly proactive and offensive. This can be viewed as doctors administering strong medication in order to ward off aggressive diseases. In this layer, the state is in complete control in order to protect from potential cyber enemies.
Building Human Capital
In order to enact those three layers, Israel has worked diligently to build a strong base of human capital, which, as Mimran emphasized, “is the only thing that matters in cybersecurity.” The industry needs people to defend against attacks and develop preventative tools and systems. Although different in many ways from traditional warfare, the importance of human power is still prevalent. Mimran explained that “the field of cybersecurity has dynamics similar to other confrontational playgrounds, where basically people fight other people and in order to tackle the sophistication of attackers, sophistication on the defenders’ side is required.”
To build human capital, Israel has largely depended on education. According to an article published in Forbes, cybersecurity education in Israel can start as early as middle school and it is the only country in the world in which cybersecurity is offered as an elective in high school. Additionally, Israel was the first country in which one could receive a Ph.D. in cybersecurity. Per the article, there are a total of six university research centers dedicated to cybersecurity. For comparison, only one of the top 36 U.S. computer science programs requires a security course for graduation, according to U.S. cloud security firm CloudPassage.
The Role of the State
The government of Israel has been the main catalyst in developing their cybersecurity industry. According to a press release from the Prime Minister’s office, the 2011 National Cyber Bureau’s goal was to establish Israel in the top five countries leading the cybersecurity field. What began to happen, as Mimran explains, was “a serious talent flow from the state into the private sector.” Entrepreneurs who gained knowledge and skills in the defense sector saw an opportunity to create cybersecurity-focused startups.
Due to Israel’s mandatory service policy, as well as their focus on cybersecurity, the Israeli military became a startup incubator and accelerator. Those who worked in cyber defense units were able to take the tools they gained and apply them to the private sector. Young entrepreneurs serving in these defense units face real-life cybersecurity challenges and solutions. They experience teamwork, leadership, significant decision-making, and failure. All act as inadvertent preparation for the entrepreneurial life. So, many people leaving their cybersecurity units immediately enter the private sector by founding their own startups. Two such examples are Aorato and Adallom, both of which were acquired by Microsoft in 2014 and 2015. As a serendipitous byproduct, Israel’s increased focus on cybersecurity to bolster their defense also resulted in a large economic boost.
In December 1953, President Eisenhower, in the face of the nuclear age, presented his “Atoms for Peace” speech to the U.N. Now, over 50 years later, Israel is beginning to promote and emphasize cyber cooperation in the face of the new dangers presented by the age of cyber warfare.
Because of this, Israel has been able to leverage its expertise to create new relationships and advance the state of worldwide cybersecurity. In mid-2017, Narendra Modi visited Israel (the first Indian Prime Minister to do so) and established a cybersecurity partnership. In a joint statement following the visit, both Prime Ministers emphasized the importance of increased dialogue between their national cyber authorities and expressed their commitment to accelerating their cooperation in this sphere. In a similar vein, in 2016 the U.S. signed the Israel Cybersecurity Cooperation Act, establishing a joint United States-Israel Cybersecurity Center of Excellence with bases in both the U.S. and Israel. The Center promotes joint research and development and shares best practices in the cybersecurity realm. According to Prime Minister Netanyahu, Israel is committed to cooperation. At Israel’s 2016 CyberTech Summit, the Prime Minister said, “I recognize that in this field, unless we cooperate, there cannot be growth… and I believe in this growth.” Given international incidents like WannaCry and Petya, and the numerous leaks of consumer information that have become commonplace in 2017, this cooperation is more vital than ever.