This week Israel took a groundbreaking step to protect its public and economy against computer attacks by approving plans for a sweeping new cybersecurity authority.
On Sunday, Israel’s security cabinet gave the green light for a cyberdefense authority, which will be rolled out gradually over the next three years and eventually have a annual budget of $38 to $50 million. The authority will require the government to set higher standards of cyberdefense for its own ministries, encourage private companies to do the same, and establish a national Cyber Event Readiness Team (CERT), a sort of 911 center for responding to cyberattacks on the civilian sector.
Many countries such as the US already have national centers or programs designed to bridge the gap between the government and privacy sector to help improve cybersecurity. But Israeli cybersecurity experts says because of the broad powers of the new authority, Israel is taking a pioneering step and in effect leap-frogging other top cyber powers in the world.
Indeed, Washington is just now debating how to implement President Obama's push for institutionalizing cyberthreat information sharing between the government and business, as well as establishing the president's newly proposed national Cyber Threat Intelligence Integration Center.
The Israeli decision comes as the country is facing a growing number of politically motivated cyberattacks that the government is attributing to both Iran as well as Palestinian militant groups. Defending against all cyberattacks costs the country roughly $2 billion per year, according to the Israel National Cyber Bureau (INCB).
“This new Israeli authority goes far beyond anything contemplated in the US,” says Lior Tabansky of Tel Aviv University’s Interdisciplinary Cyber Research Center, who is coauthoring a book on cyberpolicy with INCB founder Isaac Ben-Israel. “The idea is to have a national-level organization that is not military, not law enforcement, and not intelligence but … leverages some of their capabilities for the civilian sector, the common citizens.”
Israel is widely assumed to have helped develop Stuxnet, which severely damaged Iran’s uranium enrichment capabilities. And when it comes to cybersecurity readiness, Israel outranked all the major cyber powers, including the US, Russia, and China on cyberdefense, according to a 2012 McAfee study.
It also boasts one of the most vibrant technical communities in the world focused on cybersecurity. Graduates of the Israeli military’s top cyberunits have helped start some of today's leading security software providers including Check Point Software Technologies. Last year alone, eight Israeli cyber companies sold for a total of about $700 million, while funding for Israeli cyber firms grew by about 40 percent.
But until now that hasn’t translated into an overarching policy that protects everyday citizens and the economy.
“There is a certain level of maturity and sophistication and … big-picture thinking that I think is now coming into play,” says Keren Elazari, a research fellow with the Yuval Ne’eman Workshop for Science, Technology, and Security at Tel Aviv University. “This new authority … [is] going to have to create this protective umbrella, like Iron Dome, but in cyberspace.”
During last summer’s Gaza war, very few of Hamas’s rockets inflicted damage or death in Israel, thanks to the Iron Dome antimissile system and ubiquitous government-mandated bomb shelters. But Israel experienced 900,000 cyberattacks over the 51-day campaign – nearly double the normal rate, according to Dark Reading.
While none of those attacks is known to have caused damage on the scale of the Target or Sony hacks in the US, these politically motivated cyberattacks – including many suspected to be coming from Iran – are what's spurring Israel to strengthen its cyberdefenses.
Israel’s weak link
Avi Weissman saw a need for cyberdefense before anyone even called it that. Since he founded See Security Technologies Ltd. in 2002, it has become Israel’s premier college for information security and cyberwarfare, certifying more than 4,000 students in various aspects of the field.
He says that despite Israel’s reputation today as a cutting-edge cyberpower, it has lagged behind US and European progress in the more mundane area of management.
“If we’re talking about attack and intelligence, Israel is still one of the best countries in the world. If we're talking about start-ups and new ideas and visions, Israel is the visionaries’ country,” says Mr. Weissman. “If we talk about the second issue of cyber – which is not technical, it’s procedure, it’s discipline, it’s management – this is the weak point of Israel.”
This week, the college opened its 32nd course for computer information security officers, or CISOs. Nadav Nachmias, an information security consultant involved with the college, says that for security to work right it should come from the top down. But in Israel, when it comes to decisions about investing in cybersecurity, “It’s [the CISO] against the top management and the entire organization.”
‘It’ll be OK’
The Hebrew expression “it’ll be OK” is practically a national motto in Israel, a country that has faced – and continues to endure – waves of attacks throughout its relatively short history as a country.
That “it’ll be OK” attitude may contribute to some apathy from top management, say experts, but it also reflects a certain national confidence. Just as Israel has often turned the tables on its enemies in traditional warfare, so many are sure that it will be able to do the same in this more ethereal battlefield.
“By definition, it’s a cat and mouse game,” Gadi Tirosh, managing partner at the Jerusalem venture capital firm JVP, said in a September interview after Israeli Prime Minister Benjamin Netanyahu proposed the cyberdefense authority. “There isn’t a single silver bullet that would shut down cyber forever. I think Israel over the years has showed that we’re very good at this cat and mouse game, to outsmart our enemies.”