'Israeli cybersecurity a cut above'

From hacked elections to hospitals threatened by ransomware to millions of exposed user accounts and cyberattacks on critical infrastructure, cybersecurity is an ever-present issue making headline news.

If Israel remains a step or two ahead of most other countries in its cybersecurity capabilities, perhaps the one man most responsible for this is Maj. Gen. (ret.) Professor Isaac Ben-Israel.

Ben-Israel's accomplishments in a storied career spanning nearly 50 years in the Israeli Air Force, Defense Ministry, academia, private industry and the Knesset are legendary. He currently serves as chairman of the Israel Space Agency; and he heads the security studies program, Yuval Ne'eman Workshop for Science, Technology and Security and Blavatnik Interdisciplinary Cyber Reseach Center, all at Tel Aviv University.

Last week, I sat down with Ben-Israel at Cyber Week, the annual conference he chairs as head of the ICRC, for a frank discussion about Israel's strengths and challenges in the crucial area of cybersecurity.

Q: How has Israel managed to stay ahead of the game in terms of defensive cyber capabilities, given the threats and increasing capabilities of enemy countries such as Iran, as well as terrorist groups?

"People speak today about the importance of protecting critical infrastructure -- power production, water supply, things like this. In Israel, this was my initiative starting in the year 2000. In 2002 -- so it's been 15 years now -- the government decided that critical infrastructure should be protected, and tasked the Shin Bet security agency with this mission. Today, people around the world are talking about it. We heard a discussion about it last week by President Trump, but in Israel it's been happening for 15 years."

Q: And in the U.S. it doesn't exist-

"Not yet. Of course it's much easier to do in Israel than in the U.S. because of the different scales. But it remains true that we've been doing it for the last 15 years. Over the past two years, we also moved the responsibility from the Shin Bet to the National Cyber Defense Authority."

Q: What is the relationship between the National Cyber Defense Authority and the National Cyber Directorate?

"The Directorate has two elements. One is the National Cyber Bureau, which was established in 2011. It is in charge of leading the cyber ecosystem. The other is the National Cyber Defense Authority, set up in 2014. It is in charge of day-to-day cyberwar protection. Together, they comprise the National Cyber Directorate at the Prime Minister's Office.

"In both cases, by the way, these are the result of a task force that Prime Minister Netanyahu appointed. And in both cases, I was the head of the task force.

"These two elements, by themselves, are a huge step ahead. The daily protection of critical infrastructure, as I said, has already been done for 15 years. But what we did a few years ago with the Cyber Defense Authority was first to extend it to the whole civil cyberspace and second, take it from the [responsibility of the] Shin Bet and give it to an entirely civilian authority because we wanted to lower the tension between security and privacy.

"People don't like the government monitoring their emails, etc., so there is this tension between security and privacy. You cannot fully give up one of them and sacrifice it for the other. So you need a balance."

Q: OK, so the Shin Bet doesn't have access to everyone's email. But the Cyber Defense Authority does-

"The Authority is not an intelligence service. The Authority isn't tasked with catching the bad guys. Therefore, they are not even tempted to go into the level of content. Their only goal in life is to clean the network from malware.

"It's like a medical doctor. Let's say I get some disease -- let's say a venereal disease. I'll be ashamed to tell anyone, because this is the nature of those diseases. But still, I'll go to my doctor and tell him because I know he will not start preaching to me about what I do and with whom I do it. His only job in life is to clean my body from the biological viruses.

"The same is true of the Authority regarding virtual viruses. It has no task at all of catching the bad guys. If they have enough evidence that the malware is coming from this address, still, they will not catch the originator of the malware. They will deliver it -- let's say if it's criminal malware, they will deliver it to the police or the Shin Bet. And they [the police or Shin Bet] will go with the evidence to a judge to get the right order, based on the evidence. And if he'll permit them, then they may monitor. This is not a blind monitoring of everyone, but only [of a suspect] after there is evidence that he is the one who is originating the malware. It's like we do in any other field in a democratic country."

Q. From what I understand, much of the critical infrastructure is managed by SCADA (supervisory control and data acquisition) controllers that are old and vulnerable to attack. Is that the case?

"When you say SCADA controller, it's a different name for a computer chip controlling production. Until 20 to 25 years ago, most of our critical infrastructure was controlled manually. For example, in power production, there were people watching various measuring instruments, and if the needle moved into the red, they opened something or closed something. Today everything is done by computer. And once a computer is controlling it, you can hack into the computer, and thereby cause huge, real physical damage.

"Because of this computerization, now almost every system in our lives, not only critical infrastructure, is controlled by computers. This is one of the reasons why we extended the mission from critical infrastructure to the whole civilian cyberspace."

Q: If an enemy country or terrorist organization launches a cyberattack against Israel, what should be our response-

"First of all, you have to know who did it. This is what is called the problem of attribution. The technical nature of the network is such that it is almost impossible to attribute the attack to some definite entity, unless you have other sources of information -- intelligence, etc.

"Let's assume you know who did it. Then you should treat it -- not necessarily in cyberspace. You should retaliate, and the type of retaliation depends on the context. You may retaliate by sending fighter aircraft to bomb someone. It depends very much on the context: Who did it? Do you know how sensitive the situation is? Sometimes people may choose to ignore or deny it, because they don't want to open a series of ... it depends very much on the context.

"It doesn't matter so much if your power production turbine was destroyed by a physical bomb dropped by an aircraft or coming aboard a missile or through hacking. If this was the result, we should retaliate, and how depends on the context."

Q: Yesh Atid party head Yair Lapid spoke at Cyber Week about the threat of attacking elections as happened in the U.S. Is the Israeli election system, based first on hand-counting of individual paper ballots, with the tallies then entered into computers, less vulnerable than the U.S. system?

"No, it's as vulnerable as the American system. The Russians didn't interfere in the voting machines."

Q: We don't think so.

"No, they didn't. What they did is they hacked into the computers of, for example, [Hillary] Clinton, [Colin] Powell, and the Democratic campaign headquarters. They took a lot of files from them, added fabricated files -- today we call it fake news -- and leaked it to the media.

"It was a huge number of files. It would take years to read all the files. But they pointed, in a covert way, to some "interesting" files there -- most of them fabricated. But this we know only today. During the heat of the election campaign, they connected Clinton to some undefined corruption and raised doubts about her health. There were hints -- not something concrete -- but during the election it was enough because people don't have time to check it. And everyone believes what they believe. And by this, they influenced [the outcome]," he said.

"It's very interesting to see what the French did. The Russians hacked into the computer of [Emmanuel] Macron's campaign a few hours before the election, and it didn't have any effect at all.

"The head of Macron's digital campaign [Mounir Mahjoubi] was afraid something like this might happen, so he planted fabricated files on his own computer. Some of them were written in Russian, in the Cyrillic alphabet. Once they saw these 9 gigabytes of files, and leaked it through WikiLeaks, the only thing he had to do was point to the files he himself put there, and the media said this is ridiculous, we don't believe it, and therefore it didn't affect voters' behavior.

"After Friday at midnight the media wasn't allowed to discuss the elections [French law imposes a 44-hour media blackout from the day before an election until the polls close, S.G.]. But until then, the media said we're sure it's fake. Because we see the files that Macron planted. You don't have time to check the 9 gigabytes -- it would take you years. So he [Mahjoubi] used deception as counterdeception. The lesson is that you can protect yourself. Perhaps you have to be sophisticated, like this guy. He did what he needed to do.

But this [Russian attempt to interfere in the French election] was not interference in the counting procedure. That would be much more difficult to do."

Q: Are we well-protected at least in the mechanics of our elections-

"In the mechanics, we are very well-protected. Of course, there are other weaknesses. There are many physical actions you can take, but this is a different domain, not the cyber domain. And this is not what we're afraid of. What we should be afraid of is timely leaks of fabricated information.

"You've heard about 'The Protocols of the Elders of Zion.' Who wrote it? It was the Russian Okhrana [secret police], which later on became the Cheka, then NKVD, then KGB, and now it's called the FSB. This was more than 100 years ago.

"Using the Russian secret service to influence people -- at that time, if you wanted to influence people, you wrote books, because that was the way to send a message. They already did it more than 100 years ago, and it still has an effect today. Not on everyone. But if people have a tendency to believe in [disinformation], their belief will be stronger after reading it. This is a very old Russian technique. What cyber gives you now is the ability to [distribute disinformation] fast and to much larger masses. But the principle is more or less the same."

Q: It's been reported that Israeli companies sometimes have difficulty working with American government agencies -- that the Americans only want to hire American companies and use American equipment. Given that cybersecurity is often done on a national level, like here in Israel, and governments don't want to provide access to their secure, confidential systems to just anyone, how can private industry -- particularly with companies based all over the world -- cooperate or collaborate with governments to help secure the network?

"This is what the National Cyber Defense Authority is about.

"Usually in the case of security -- and this is the same with bombs and aircraft and guns -- every state in the world, not only the U.S. but also Israel, Russia, everyone prefers its own companies and its own production for many reasons. One of them is that they trust it more. This is not the only reason -- there are many. This applies also to cybersecurity.

"Still, when we develop certain technologies -- and this is the case today -- better than [other countries] ... Any big company in the U.S. uses firewalls made by Check Point. It's a fact. One day, perhaps -- I hope not, but one day, perhaps there will be better firewall technology in the U.S. and then they will buy from their own because this is the natural tendency in security.

"You remember the case when the FBI wanted to unlock the iPhone of the terrorist in San Bernardino. In the end, they [hired] a company here in Petach Tikva [reportedly, Cellebrite, S.G.]. You should compete. Because cybersecurity doesn't need heavy infrastructure to produce, for us, it's a competition on a very comfortable playground."

טעינו? נתקן! אם מצאתם טעות בכתבה, נשמח שתשתפו אותנו