Israel’s cyber Iron Dome

 

While Israel’s security establishment is currently debating the political and military assessments and lessons of the war in the Gaza Strip in July-August 2014, known as “Operation Protective Edge,” there is a consensus on the widening spectrum and increasing sophistication of cyberthreats.

 

 

During the conflict, Israel faced large-scale cyberattacks on its civilian communications infrastructure, including denial of service and Domain Network System attacks from both state and nonstate actors, traced to Qatar and Iran ― Hamas’ main benefactors.

 

Cyberattackers also targeted the Israel Defense Forces ― its websites and communications networks. The Israeli Security Agency (Shin Bet) announced that these attacks against government and military networks had been contained, while in the civilian sector the attacker’s intent to cause maximum disruption was not achieved. Still, cyberattacks ― as projected by Prime Minister Benjamin Netanyahu ― are viewed as “one of the four main threats to Israel.”

 

Israel has not published official cyberdefense strategy, yet an analysis of Israeli cyberdebates and leading open forums such as the Annual Cyber Security International Conference organized by the Yuval Ne’eman Workshop for Science, Technology and Security at Tel Aviv University, yields four underlying drivers: leadership support for a national cyberdefense vision; continuous upgrading of IDF’s cyberdefense capabilities such as in the Unit 8200; Israel’s cutting-edge R&D programs for boosting civilian and dual-use cybercapabilities; and the development of a unique comprehensive national “cyberecosystem.”

 

At the highest levels, Israel’s cyberdefense policy has been led by the Prime Minister’s Bureau, which established a National Cyber Bureau in August 2011. The NCB has brought a new interdisciplinary thrust into Israel’s cybersecurity, aiming to link civil-military expertise to tackle evolving cyberthreats.

 

Paradoxically, the NCB has been opposed by Shin Bet, the internal security agency, which argued that action against hackers should be taken proactively in the early organization and planning stages, rather than reactively. The Shin Bet claimed that the NCB is unable to carry out this task because it lacks intelligence-gathering capabilities, has no operational tradition of deterrence and no possibility of integration with similar security organizations worldwide.

 

After nearly two years of policy battles, Prime Minister Netanyahu announced on Sept. 21 the establishment of a new government authority alongside the NCB with the responsibility of protecting Israel’s economy and civilian space from computer attacks; effectively rejecting recommendations of the Shin Bet security services.

 

Meanwhile in the military domain, the IDF has been consistently upgrading its cybercapabilities. Well-known units of the IDF that specialize in various aspects of computer network operations are frequently profiled in the media for their high levels of operational sophistication, technological advances and training. These include the Intelligence Corps Unit 8200 tasked with signal intelligence and code decryption; the Cyber Unit within 8200, established in 2009; the C4I Branch developing netcentric warfare concepts and technologies; and other intelligence units. In 2013, the IDF also established a new Cyber Branch tasked to integrate operational concepts based on strategic needs and cyber capabilities of the IDF.

 

The experiences, training and expertise of many former IDF Unit 8200 members have over time diffused into Israel’s cutting-edge high-tech R&D sector, reinforced by the “start-up nation” culture. As of 2014, there are over 200 Israeli start-ups working on innovative cybersecurity solutions, resulting in $3 billion in cyberexports, second only to the U.S. worldwide and constituting 5 percent of the global market, according to the National Cyber Bureau. Moreover, in 2013 Israeli start-ups raised $165 million in investment funding, a figure which represents 11 percent of global capital invested in the field of cybersecurity. According to the NCB, 14.5 percent of all the firms worldwide attracting cyber-related investment are Israeli-owned.

 

In this context, Israel is creating a unique, symbiotic national “cyberecosystem.” Strategic cooperation among leading national sectors: the defense establishment, private enterprise, academia, and key government agencies such as the Chief Scientist and the Ministry of Defense’s Export Controls Agency shape national cybersecurity priorities, and more importantly, the implementation of cybersecurity innovation across civil-military domains.

 

During the Operation Protective Edge, the main defense system used by Israel against the rocket attacks was the Iron Dome system operated by the Israel Air Force. The system is composed of locator-radar, which identifies the rocket’s source and tracks its trajectory, launcher with advanced interceptor missiles (Tamir), and a command and control center which calculates the likely target. Iron Dome effectively creates a defensive envelope around a specific area, and is able to launch selective salvo intercepts against multiple incoming rockets with a success rate of 90 percent.

 

As of now, one of the influential schools of thought in the Israeli cyberdebate is discussing the applicability of the operational concepts and lessons learned from the Iron Dome missile defense methodology in the cyberdomain. For example, how to create effective cyberintelligence (enemy analysis and target creation), early warning and absorption readiness, strike effort, area suppression, active defense, command and control, passive detection and, ultimately, cyberdeterrence.

 

Israel’s cyberinnovation must therefore be linked to the changing strategic realities over the past decade, including the emergence of the varying cyberthreats that have created yet another layer of asymmetric security predicaments, while mitigating the effectiveness of Israel’s traditional deterrence, early warning, and rapid military decision strategies. Amid these changes, Israel’s subconventional threat spectrum has blurred the traditional offense and defense lines and widened the scope and character of operational requirements, including the need to protect both the physical and cyberdomains concurrently.

 

The key challenge for Israel, as well as other advanced IT countries such as South Korea, will be integrating its cyberstrategy with the main defense strategy, particularly in creating “a national cyberdefensive envelope” ― a multilayered cyberdefense leveraging automated computerized systems and highly trained personnel to secure a nation’s critical information infrastructure. At the same time, international cooperation in tackling future cyberthreats will be increasingly required.

 

By Michael Raska

 

Michael Raska is a research fellow at the Institute of Defense and Strategic Studies, a constituent unit of the S. Rajaratnam School of International Studies, Nanyang Technological University in Singapore. ― Ed.