Israel

What the U.S. Could Learn from Israeli Cybersecurity

Israel’s hard-won expertise in the realm of cyber-security can provide unique insights and valuable lessons for the United States, Yahoo Tech columnist Rob Pegoraro concluded in a report published Tuesday.

“If only the Israeli approach were something we could pack in a box and put on a plane to the States,” wrote Pegoraro after returning from Israel’s recent CyberTech 2016 conference.

Pegoraro illustrated this approach by describing the cyber-security strategy developed by Israel Electric Corporation’s (IEC) in light of chronic hacking attacks. According to Yosi Shneck, IEC’s senior vice president, the utility experiences 4 to 5 million cyber attacks every month, a number that peaked at 25 million during an assault by anti-Israel groups on Holocaust Remembrance Day in 2013. None of the attacks have been successful, however, and Shneck believes that this is because of Israel’s unique political situation.

He added that the nature of the attacks on IEC have changed in recent years, with fewer denial of service attacks, “but more phishing attacks and attempts to tunnel into its networks with long-lived “advanced persistent threat” malware.”

While the attacks IEC suffers are significant, they are also not the most sophisticated. Alex Crowther, a cyber-policy specialist at the National Defense University’s Center for Technology and National Security Policy, explained that this is because Israel isn’t a priority target among the most advanced cyber powers. “The top three most capable states are China, Russia and the United States, and none of them are going to target Israel,” he observed.

To deal with the attacks, IEC formed a team of 100 full time cyber-security experts and an operations center that monitors events around the clock for any signs of trouble. The utility also developed its own cyber-security training program and spun it off as a separate company called CyberGym. While no American utilities have, as of yet, taken advantage of IEC’s training, the company is looking to open a CyberGym location in the United States.

Ronen Kenan, managing partner of Atlanta-based BizDev USA Israel, told Pegoraro that such Israeli expertise could benefit American companies. “There’s a lot of knowledge you can bring here to the U.S. — experience, knowledge, training.” Crowther agreed, saying, “They have a lot to teach at the tactical level.”

“Israel is one of the top targets of cyber attacks, and also a source of a lot of defensive and offensive cybersecurity technology,” explained Johannes Ullrich, dean of research at the SANS Technology Institute. He also noted that according to a recently released report by the Tel Aviv-based IVC Research Center, Israel was second to the United States in cyber-security expertise.

Pegoraro acknowledged that some of advantages enjoyed by the Israeli cyber-security sector, including the reality of compulsory military service in Israel, which ensures that the country’s top talents are trained in and graduate from the IDF’s elite intelligence units every year, could not be easily replicated in the United States. Nadav Zafrir, a former commander of Israel’s elite Unit 8200 intelligence unit who now helps develop cyber-security startups as CEO of Team8, pointed out that Unit 8200 is roughly the equivalent of the National Security Agency (NSA) in the United States, but that the NSA can’t simply draft all the individuals it wants. On the other hand, Unit 8200 “can choose every year the best people.”

Another aspect that may be hard for Israel to export is the government-led nature of its cyber-security sector. IEC, in addition to being almost totally owned by the government, also has Israel’s internal security agency, Shin Bet, in charge of its cyber-security.

The government’s role in driving the cyber-security industry was enunciated by Israeli Prime Minister Benjamin Netanyahu at the CyberTech conference. “We are coordinating all of our civilian cybersecurity efforts in one address,” said Netanyahu. “Every single business, here is what we expect you to do in cyber,” he added, referring to directions given by Israel’s national cyber-security authority.

One expert who believes that Israel’s top-down approach to cyber-security might eventually find its way to the United States is Gabi Siboni, who heads the Institute for National Security Studies’ cyber-security program. “I know that in your part of the world, regulation is a bad word, but I assume that in 10 years everything will be regulated,” said Siboni.

Some Israelis also acknowledge that the growth of the nation’s cyber-security sector hasn’t only been internal. “The multinationals, primarily the U.S. multinationals here, are part of our revolution,” said Erel Margalit, founder of Jerusalem Venture Partners and a member of Knesset for the Labor Party. He specifically credited American “management culture” and venture capital for helping launch Israel’s cyber-security industry.

Even if Israel’s state-dictated cyber-security policy won’t fly in the United States, Pegoraro concluded, America “could learn a thing or two from the seriousness Israel brings to online security.”

[Photo: Ofra Berger / YouTube