Fighting the next cyber war
Special: Retired majors general Yitzhak Ben Yisrael and Eitan Ben Eliyahu,
and Colonel (Ret.) Rami Efrati discuss possible cyber war scenarios
Operators of the police emergency hotline found themselves under a blitz of
phone calls by nervous Israelis trapped inside elevators; emergency services
received panicked distress calls reporting of a horrifying train accident;
the transportation minister was told that Ben Gurion International Airport
was all but paralyzed and the government was summoned for an emergency
meeting: "Israel is under a massive cyber attack. Are we at war?"
This is only a scenario, but could it really happen?
"One of the characterizations of cyber-attacks is the difficulty in
determining the aggressor's identity, as well as whether the attack is a
minor breach or a full-scale onslaught," Prof. Major-General (Ret.) Yitzhak
Ben Yisrael, one of the founders of the National Cyber Directorate and a
pioneer in cyber development in Israel, explained.
Ben Yisrael served as head of the Defense Ministry's Administration for the
Development of Weapons and the Technological Industry, and is currently the
director of the Yuval Ne'eman Science, Technology & Security Workshop at Tel
"You wake up one morning, turn on the radio, and hear of a railroad accident
with 300 casualties – a cyber-attack isn't the first thing that comes to
mind. If enemy warplanes unleash an attack any nation immediately mobilizes
its armed forces, but the source of a cyber-attack is hard to pinpoint,
unless you have first-rate intelligence," he said.
"Last year, the president of the United States announced that a major
cyber-attack on his country would be considered a declaration of war. This
is US policy and it makes sense, but you have to remember that in the midst
of an attack, it's very hard to determine where it's coming from."
Ben Yisrael, along with former Air Force Commander Major General (Ret.)
Eitan Ben Eliyahu and Colonel (Ret.) Rami Efrati, formally of the IDF
Military Intelligence Directorate and today the assistant-director of the
National Cyber Directorate, were invited to participate in a special war
games exercise hosted by IsraelDefense.
"We have to differentiate between attacks on critical and non-critical
systems. If a bank is breached, it doesn’t necessarily mean that the country
will collapse. On the other hand, in case of a cyber-attack against critical
infrastructure in wartime, such as command and control systems, the entire
infrastructure is neutralized," Ben Yisrael added.
'National Cyber Defense is Tricky'
Colonel (Res.) Rami Efrati believes that while extreme, a scenario that sees
an integrated, simultaneous cyber-attack against several critical systems is
"Based on similar events that have taken place around the world in recent
years, one can see that the field of cyber-offensives is escalating and it
might reach extreme scenarios like the one described.
"On the other hand, the field of defensive measures requires significant
improvements, since thwarting such attacks requires considerable operations
and professional knowledge by various entities," Efrati said.
"The attacker seeks the existing vulnerabilities in the system, whereas the
defender must 'hold the line' and ensure that there are no vulnerabilities,"
"When discussing national defense, the line is long and wide and
professionals with considerable technological savvy and capabilities are
required to handle these types of threats. Furthermore, the field is
characterized by several problems, including a difficulty in identifying the
assailant; the ability to discern the attacks themselves from a clutter of
information and even realizing whether the event in question is an attack or
just preparations for one."
Major General (Ret.) Ben Eliyahu said that it is important to prepare for a
cyber-attack by creating certain backup mechanisms that keep vital systems
running in case of a malware strike against critical infrastructures.
"We're talking about a concept of safeguards and backup measures built into
the system in the early stages of development. Why is this important?
Because when a breakdown occurs, reaction-time is virtually nonexistent. The
victims need to employ technological defenses, but they must also remember
that when a new fighting arena manifests there are checklists, training
schedules and emergency procedures to follow – things outside the realm of
software and well into the tactical arena.
"We have to understand that we must prepare for a different kind of
mobilization until the IT guys deal with the problem from their end."
In the case of hundreds of fatalities in a runway train crash due to a
cyber-attack, should Israel mount a physical retaliation, via an air strike
for example, or should it limit is response to the cyber sphere?
"If we're attacked, then it's legitimate to retaliate by any means," Ben
Yisrael asserted, "especially when lives are lost. However, if there are no
casualties and the damage extends only to computer systems, then a physical
retaliation is unnecessary.
"Nevertheless, the challenge remains the discerning of whom to target and
how. It's possible that the aggressor isn't cyber-vulnerable. Some of our
enemies are Third World countries and if we were to hit their cyber
infrastructure, the effect would be minimal.
"Another problem is the deterrence factor: even if we know who the
aggressors are – say they were Syrian – they may not be operating from
Syria. They can be based in Paris for all we know. What should we do then?
This is definitely a challenge to our deterrence capability," he explained.
War of a Different Kind
Unlike conventional warfare, an all-out cyber-attack will not target just
one field, but is likely to simultaneously target multiple fronts.
"There is no 'war' in cyberspace. We're talking about effects that
compromise our physical life in the air, at sea, or on land. Battles that
were once waged with bows and arrows – are now waged electronically and
these electronic and technological measures can wreak havoc on modern
society," Ben Yisrael stated.
Another issue raised during the exercise was the need for a cyber corps or
cyber headquarters, to coordinate Israel's various activities and conduct
training exercises for various cyber-attack scenarios.
"Cyber technology can be more devastating than explosives and missiles," Ben
Eliyahu warned, "But to date, no cyber command has been established.
"No one denies that we're at the dawn of a new age," he continued.
"Cyberspace is a major theater of operations. Despite the huge tactical and
technological investment made in meeting this challenge, an unchecked
cyber-attack could unleash untold damage.
"We have to figure out a way to create deterrence and design a recovery
plan, even though this seems like a daunting task. We have to look for and
implement tactical and intelligence solutions – not at the expense of
development endeavors, but alongside them."
Ben Eliyahu further explained that, "We have learned which indicators will
point us to a cyber-incident. If we know where such efforts are concentrated
then we know which countries have these capabilities and what intelligence
resources need to be utilized in order to stop them."
So what you are saying is that cyber warfare is similar, in a sense, to
"Yes, only now we're talking about a new dimension."
How much would you invest in devising such offensives?
"The fact that a new age and new theater of operations has emerged on the
national and military levels means that we have to make all the necessary
preparations. Even the realization that resources have to be allocated is a
step in the right direction. No one has any illusions – manpower will have
to be increased in this sphere at the expense of others," he admitted.
Computer Wisdom First
In the summer of 2011, the government adopted the recommendations of Ben
Yisrael's National Cyber Initiative and approved the formation of the
National Cyber Directorate, tasked with coordinating cyber activities on
both military and civilian levels.
How do you prepare for war from the cyber, educational and national points
"Mounting cyber defense on a national level is built on several layers,"
"The first is education and academia: developing human capital and
technological infrastructure to position Israel as a leader in the cyber
field. The second is the promotion of the Israeli industry so that it will
be a leader in the field.
"The third is regulation, authorization and standardization, which will
result in significant steps in defending all elements that may suffer as a
result of a cyber-attack against Israel. The fourth measure is raising
awareness to the risks and the tools needed to handle them, so that every
Israeli citizen will be an active partner in protecting Israeli cyberspace.
The last is promoting global technological cooperation towards protecting
Israel is a very technologically advanced country. Is this an advantage or
disadvantage in the cyber sphere?
"The fact that Israel is very technologically advanced represents both an
advantage and a disadvantage," Efrati hedged.
"The advantage is that it places Israel at one of the best starting points
with regards to technological knowledge and control. The disadvantage is
that it makes us more vulnerable to cyber-attacks. In my opinion, the
advantage outweighs the disadvantage and we must leverage it in order to
bolster Israel's cyber defense capabilities."
Prof. Ben Yisrael, the taskforce you led has contributed significantly to
Israel's defense, but on the other hand, we have been caught unprepared by
hackers. Which scenarios are we prepared for?
"The Tel Aviv Stock Exchange system was infected by malware. The market, as
you know, runs on computers, but since it's a protected system, it was able
to separate the attack from its ongoing operations. As proof, trade
continued unhindered. However, during the attack, no one could access the
TASE website. This is a protected system because Israel linked it to other
"To say that the cyber-attacks caught us unprepared is incorrect, because
critical infrastructure systems were protected, albeit not completely. We
were happy to learn that we are one of the world's five leading countries in
the field of cyber protection, but there remains an Achilles heel.
"We found that as computerization is taking over every aspect of our lives,
almost every vital life system is computerized nowadays, so we must
continuously expand and upgrade our cyber-defense network. One system cannot
guarantee protection for everything all the time. This is why we must
establish and enforce regulations, laws, and standards."
Ben Yisrael stressed that Israel must pursue new legislation as well: "Take
credit card companies, for example. They're not under the protection of the
State's systems because they are privately held companies, so new laws have
to be passed. (Shin Bet Chief) Yoram Cohen is promoting this, but there are
"These issues are rather intimidating," Ben Eliyahu concluded, "But Israel
is a very advanced nation. Be that as it may, we still don’t know how
protected we really are."
*At the time of this interview, Rami Efrati was a cyber security