Behind the scenes of Israel’s cyber power
Back in 2010 Prime Minister Benyamin Netanyahu had one objective: to make his country one of the world’s leading cyber powers. A mission many today would deem accomplished! Mostly thanks to the first Head of the Israeli National Cyber Bureau, Eviatar Matania, who gives us an impassioned glimpse behind the scenes of the Israeli cyber power in his book, Cyber Power, cowritten with journalist Amir Rapaport.
Matania and Netanyahu are among those men who have the gift of intuition: they can sense future upheavals in order to better prepare for them. It should be said that the hostility faced by Israel is conducive to this trait. Indeed, constraints, and the pressure they bring about, favor the growth of certain virtues: caution, hope, strength, which in turn foster vigilance to prevent risks and ingenuity to deal with them.
Thus, after a visit to the commander of unit 8200, tasked with cyber matters, the former Prime Minister sensed a new threat creeping up on his country: cyberwarfare. At the same time, his military secretary, Yohanan Locker, gave him a book recommendation: Babel Minute Zero, by Guy-Philippe Goldstein. The thriller describes a world war started by China, targeting the computer systems of critical sectors such as utilities. After reading the entire book in one sitting, Netanyahu realized cyberspace was now a real battlefield. The novel was a revelation, instilling within him a mission: to make Israel a powerful cybernation capable of dealing with enemy threats.
Eviatar Matania was selected by the Prime Minister to carry out this mission. Thus, on December 11 2011, he was appointed to set up and head the National Cyber Bureau (which later became a Directorate): “The position I had been granted was the first of its kind coming from the Prime Minister’s office. On one hand I was going to have to answer directly to Netanyahu (…). On the other, unlike Israel’s security bodies, this new office would also work to instruct Israel’s armed forces, in terms of infrastructure and R&D, with the clearly outlined goal of giving Israel capabilities in cyberspace,” relates the author of Cyber Power. Therefore, as the man tasked with making Israel a cybernation, his raw testimony propels the reader into the heart of cyberwarfare, giving him valuable lessons along the way.
At the heart of the complexity of cyberwarfare
“Historically, the transition from one period to the next is often not clearly defined,” rightly point out the authors. Indeed, the deep transformations it brings about disprove all the firmly established preconceptions. The same goes for cyberwarfare, which “has made the limits of war, so clear in the past, more blurred than ever,” insofar that it cannot be grasped through old, traditional, patterns. And for good reason: unconstrained by the limits of space and time inherent to physical warfare, cyber attackers are always near their target. Moreover, they truly are chameleons! Their potential for harm is, unfortunately, constant. “The extremely wide range of cyberattacks, the difficulties in pinpointing where they come from, the ability of attackers to disguise themselves as criminals or terrorists and resort to intermediaries, all this clouds the concept of warfare as humanity has always known it,” they write.
To illustrate their point, Matania and Rapaport often use examples of cyberattacks against Israel, thus better drawing the reader into the hostile world of cyberspace. In recounting how their country was the target of an attack against a number of hydropower plants in April 2020, they show the extent to which it is difficult to identify the attack in time but also to pinpoint its source (even if some media attributed it to Iran): “How could Israel be sure its hydropower infrastructure was really under attack? Could it not have been a technical failure? Who would have been able to connect the dots between all the problems encountered by various plants and understand a deliberate and combined cyberattack was underway? These questions had always unsettled us and we now had to provide a practical answer.” Fortunately, the national cyber director had anticipated this type of attack by running simulations and coming up with solutions. Thus he was able to identify some clues very quickly.
An instructive testimony
Matania faced great difficult when coming up with a national cybersecurity doctrine in 120 days, as requested by the government resolution that created the Bureau. Indeed, “no other country had the type of strategic document we needed,” he recalls. Thus, he had to start from scratch and, with his teams, conceptualize an innovative strategy, which is made up of three levels: solidity, resilience and national cyber defense.
While solidity “relates to the measures that must be taken daily, in an ‘offline’ manner, no matter the type of attack” (for example, installing antivirus software or promoting employee alertness), resilience “is the ability to sustain an attack and get back to normalcy as quickly as possible with minimal damage.” These two levels, which all organizations, public and private, must implement, aim “to deal with an attack,” above all. In regard to the level pertaining to “national cyber defense”, its implementation is exclusively within the government’s purview, since it is an issue of facing, on a national scale, “very skilled enemies that may be acting on behalf of another country, a terrorist cell or organized crime.” In order to do so, the state must strengthen its capabilities “at the highest level”, which is mainly a military matter.
Along with this new strategy, the national cyber ecosystem was strengthened through significant state funding (as is the case for the military), promoting “innovative cybersecurity projects, particularly startups”: “I argued (…) that the appropriate way to take action was by supporting high risk projects, which businesses would have a hard time funding on their own, and to make sure we flooded the market with Israeli initiatives and solutions before anyone else could.” Moreover, a number of research centers in the cyber field were created in universities, in order to guarantee the strengthening of the ecosystem was sustained in the long run.
Finally, patriotism was crucial in shaping the Israeli cyber power. Indeed, in order to hire the best experts in the operations branch of the National Cybersecurity Authority created by the Directorate, Matania appealed to their patriotic sentiment in order to persuade them to join him instead of going into the private sector where pay is obviously more attractive.
Rich in lessons, and opening up many avenues on how to adapt the government’s cyber strategy to tomorrow’s challenges (for example in regard to the role of cybersecurity in the military), this captivating story provides decisionmakers with the intellectual keys to strengthening their country’s cybersecurity.
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty
- Digital transition