Modern field guide to security and privacy

Israel establishes cyberdefense authority to fight rise in digital attacks

Israel’s security cabinet this week approved a sweeping new cyberdefense authority, aimed at curbing attacks that cost the country an estimated $2 billion per year.

Abir Sultan/AP
Israel's Prime Minister Benjamin Netanyahu arrived on Sunday for the weekly cabinet meeting in Jerusalem. At the meeting, the cabinet approved plans for a new cyberdefense authority.

This week Israel took a groundbreaking step to protect its public and economy against computer attacks by approving plans for a sweeping new cybersecurity authority.

On Sunday, Israel’s security cabinet gave the green light for a cyberdefense authority, which will be rolled out gradually over the next three years and eventually have a annual budget of $38 to $50 million. The authority will require the government to set higher standards of cyberdefense for its own ministries, encourage private companies to do the same, and establish a national Cyber Event Readiness Team (CERT), a sort of 911 center for responding to cyberattacks on the civilian sector.

Many countries such as the US already have national centers or programs designed to bridge the gap between the government and privacy sector to help improve cybersecurity. But Israeli cybersecurity experts says because of the broad powers of the new authority, Israel is taking a pioneering step and in effect leap-frogging other top cyber powers in the world. 

Indeed, Washington is just now debating how to implement President Obama's push for institutionalizing cyberthreat information sharing between the government and business, as well as establishing the president's newly proposed national Cyber Threat Intelligence Integration Center.

The Israeli decision comes as the country is facing a growing number of politically motivated cyberattacks that the government is attributing to both Iran as well as Palestinian militant groups. Defending against all cyberattacks costs the country roughly $2 billion per year, according to the Israel National Cyber Bureau (INCB).

“This new Israeli authority goes far beyond anything contemplated in the US,” says Lior Tabansky of Tel Aviv University’s Interdisciplinary Cyber Research Center, who is coauthoring a book on cyberpolicy with INCB founder Isaac Ben-Israel. “The idea is to have a national-level organization that is not military, not law enforcement, and not intelligence but … leverages some of their capabilities for the civilian sector, the common citizens.”

Israel is widely assumed to have helped develop Stuxnet, which severely damaged Iran’s uranium enrichment capabilities. And when it comes to cybersecurity readiness, Israel outranked all the major cyber powers, including the US, Russia, and China on cyberdefense, according to a 2012 McAfee study.

It also boasts one of the most vibrant technical communities in the world focused on cybersecurity. Graduates of the Israeli military’s top cyberunits have helped start some of today's leading security software providers including Check Point Software Technologies. Last year alone, eight Israeli cyber companies sold for a total of about $700 million, while funding for Israeli cyber firms grew by about 40 percent.

But until now that hasn’t translated into an overarching policy that protects everyday citizens and the economy.

“There is a certain level of maturity and sophistication and … big-picture thinking that I think is now coming into play,” says Keren Elazari, a research fellow with the Yuval Ne’eman Workshop for Science, Technology, and Security at Tel Aviv University. “This new authority … [is] going to have to create this protective umbrella, like Iron Dome, but in cyberspace.”

During last summer’s Gaza war, very few of Hamas’s rockets inflicted damage or death in Israel, thanks to the Iron Dome antimissile system and ubiquitous government-mandated bomb shelters. But Israel experienced 900,000 cyberattacks over the 51-day campaign – nearly double the normal rate, according to Dark Reading.

While none of those attacks is known to have caused damage on the scale of the Target or Sony hacks in the US, these politically motivated cyberattacks – including many suspected to be coming from Iran – are what's spurring Israel to strengthen its cyberdefenses.

Israel’s weak link

Avi Weissman saw a need for cyberdefense before anyone even called it that. Since he founded See Security Technologies Ltd. in 2002, it has become Israel’s premier college for information security and cyberwarfare, certifying more than 4,000 students in various aspects of the field.

He says that despite Israel’s reputation today as a cutting-edge cyberpower, it has lagged behind US and European progress in the more mundane area of management.

“If we’re talking about attack and intelligence, Israel is still one of the best countries in the world. If we're talking about start-ups and new ideas and visions, Israel is the visionaries’ country,” says Mr. Weissman. “If we talk about the second issue of cyber – which is not technical, it’s procedure, it’s discipline, it’s management – this is the weak point of Israel.”

This week, the college opened its 32nd course for computer information security officers, or CISOs. Nadav Nachmias, an information security consultant involved with the college, says that for security to work right it should come from the top down. But in Israel, when it comes to decisions about investing in cybersecurity, “It’s [the CISO] against the top management and the entire organization.”

‘It’ll be OK’

The Hebrew expression “it’ll be OK” is practically a national motto in Israel, a country that has faced – and continues to endure – waves of attacks throughout its relatively short history as a country. 

That “it’ll be OK” attitude may contribute to some apathy from top management, say experts, but it also reflects a certain national confidence. Just as Israel has often turned the tables on its enemies in traditional warfare, so many are sure that it will be able to do the same in this more ethereal battlefield.

“By definition, it’s a cat and mouse game,” Gadi Tirosh, managing partner at the Jerusalem venture capital firm JVP, said in a September interview after Israeli Prime Minister Benjamin Netanyahu proposed the cyberdefense authority. “There isn’t a single silver bullet that would shut down cyber forever. I think Israel over the years has showed that we’re very good at this cat and mouse game, to outsmart our enemies.”

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.