The first computer viruses were developed when researchers at Bell Labs in the U.S. created programs designed to “kill” each other. Today, more than 50 years later, the worms have grown to become weapons of war. Cyber-attacks may lack the end-of-the-world imagery of nuclear weapons. But, in a digital age, they can bring a nation to its knees just as comprehensively.
Israel –- like other countries — has recently been a target of cyber attacks from various sources, which could seriously affect its infrastructure. As a result, the government established an umbrella organization, the National Cyber Bureau (NCB), to coordinate all efforts in defending against these and future attacks. “Cyber-attacks are potentially a serious problem for the Israeli economy,” says Yitzhak ben-Yisrael, who heads Tel Aviv University’s Yuval Ne’eman Workshop for Science, Technology and Security. He was instrumental in the establishment of the NCB.
Hackers are mainly targeting the country’s infrastructure — water, electricity, communications, and other vital services. While they have so far failed to mount a significant attack on major systems, such as the power grid, there is no guarantee it can’t happen, notes Israel Electric Company (IEC) director Yiftach Ron-Tal. “This is an era when entire societies can be paralyzed by cyber-attacks, and Israel is no different,” said Prime Minister Binyamin Netanyahu in a recent television interview.
Today, the cyber-front has become one of the main battlegrounds and is a major security concern, constituting a sixth defense front — joining the fronts in the air, sea, land, home and outer space. “A cyber-war can inflict the same damage as a conventional war,” Ben-Yisrael points out. “If you want to hit a country severely, you hit its power and water supply. Cyber-technology can do this without shooting a single bullet. Cyber-security is not about saving information or data; it’s about securing the different life systems regulated by computers.”
Israeli security experts claim that the country experiences about 1,000 cyber-attacks per minute, every day. Most of them are not necessarily state-sponsored hackers. Also in strike mode are hacker groups, organized crime and terrorist groups. Recently, Anonymous reportedly launched a series of cyber-attacks against Israeli websites in retaliation for attacks on Gaza. Many websites found their homepages replaced with messages in support of Hamas and the Palestinians. Yuval Steinitz, Israel’s finance minister, said in November that 44 million attempts were made to bring down government web sites. A few days later, the Hamas Interior Ministry said Israeli hackers had “paralyzed and penetrated” its web site, according to a report in BusinessWeek.
Two Types of Attacks
The IT security industry classifies two main types of attacks: Public, where assailants randomly attack end points, and targeted, where a specific organization or individual is penetrated, explains Gabi Siboni, senior research fellow at Tel Aviv University. Siboni is also director of the military and strategic affairs program and director of the cyber-warfare program at the university’s Institute for National Security Studies.
Siboni adds that with public attacks, little physical damage is done: It is only the inconvenience of having a website down for several hours. The targeted attacks are those aimed specifically at causing damage to infrastructure. An example is the Israel Electric Corporation that has been a major target for hackers, with 10,000 to 20,000 attempts a day.
Wharton legal studies and business ethics professor Andrea Matwyshyn says an increasing number of security attacks is emanating from what appear to be state-sponsored hacker groups. Private companies in the U.S. are frequently the targets for large-scale attacks. In December 2010, an attack was launched on more than 30 businesses in Silicon Valley, including Google, Adobe and several other companies. These attacks were so sophisticated that they caught these companies off guard.
Google executives have said they suspect the attacks originated from China and were likely perpetrated by government-sponsored or facilitated groups. Google and other private companies have been joining hands with government agencies to address information security challenges.
In Israel, the Prime Minister’s Office established the National Cyber Bureau at the beginning of 2012 with the goal of coordinating strategy. The focus is on creating a national cybernetic defense concept and introducing the regulation necessary. At a recent Homeland Security Conference 2012 in Tel Aviv, cyber-security was given a prominent platform. Opening the panel discussions was newly appointed NCB head Eviatar Matania. “The more centralized our data information systems are, the more connected we are to the Internet,” he said. “This makes us more vulnerable…. One of our plans is to establish a national cyber-situation room, which will construct a national assessment among the various organizations and constitute the beginning of a defensive layer at the state level.”
The main goal is to build advanced technological infrastructure and encourage industry to participate in developing a cyber-defense system. The NCB will also begin the process of coordinating security in cooperation with private security companies, and will promote cooperation with international organizations, so that Israel might comply with important international treaties.
Matania spoke about a new program with US$20 million in funding for R&D companies for their efforts on cyber-security solutions. The program is due to commence in January 2013 and will contribute to building a strategic center of excellence in Israel.
The Israel Defense Forces are also actively engaged in dealing with potential cyber-threats. According to the Defense website, the military’s operations department has recently defined the essence of cyber-warfare. “Cyberspace is to be dealt with similarly to other battlefields on ground, at sea, in the air and in space,” the website says. “…If necessary, cyberspace will be used to execute attacks and intelligence operations.” The military intends to double the manpower of its Unit 8200, an elite intelligence corps, which is charged with waging cyber-war on Israel’s enemies.
While the defense is taking precautions, Israeli businesses and consumers remain vulnerable to cyber attacks. Most businesses are reluctant to invest in cyber-defenses because they don’t consider an attack a serious threat. Israel also lacks strong legal incentives to compel corporations to take the necessary precautions. (Israel is not alone in this; U.S. companies are equally ill-equipped — see Israel Knowledge@Wharton’s interview with Amos Guiora). As the NCB has been in existence for a relatively short while, there has not been time to draft legislation.
Raviv Raz, CEO of Hybrid Securities, an information security startup, says the private sector doesn’t care. Only a few major corporations have best-of-breed, layered protection. The banks are a bit more concerned, he says. The telecom sector falls under critical infrastructure and has to be more alert. It’s the small business segment, some 80% of the Israeli market that is particularly negligent in this area. They are likely to fall victim to fraudsters and criminals who are taking to the Internet in a big way. “Criminal organizations such as the Russian mafia” have got into the act, says Erez Kreiner, director of Israel’s National Information Security Authority, the agency responsible for protecting critical infrastructure.
“Right now, the situation resembles the Wild West,” continues Kreiner. “I see a cyber-arms race. Vast amounts of money are being spent in this field by countries developing cyber-arms… We are only at the beginning of this new era and there are no international treaties governing cyberspace.”