Third in a series on Israel’s energy and cybersecurity sectors.
RAMAT GAN, Israel — A group of Israeli soldiers gathers around a miniature city replete with houses, traffic lights and a nuclear plant. A toy train circles the town.
One of the assembled troops explains how the simulated city runs on Arduino, an open-source digital platform that can stand in for critical networks such as power grids.
It can also be hacked.
With a few commands on his computer, the soldier speeds up the train until it careens off the tracks.
The attack may not be as simple to carry out in the real world. But "these scenarios aren’t far-fetched, as we could see during Stuxnet," a lieutenant in the Israel Defense Forces explained, referring to the complex computer virus that infected Iranian nuclear centrifuges in the late 2000s.
The Stuxnet attack was widely attributed to Israeli and U.S. intelligence agencies, who have denied involvement. Regardless of Stuxnet’s author, the worm’s implications have been global, opening eyes to the potential for digital strikes on physical infrastructure.
The Israeli military’s cyberdefense center here outside of Tel Aviv is aimed at preparing soldiers for the brave new world of warfare.
The Sim City offers a training environment modeled after the supervisory control and data acquisition (SCADA) systems that undergird everything from surveillance cameras to oil pipelines.
But the city "is not only for the SCADA systems," explained the lieutenant in charge of cyberdefense training at the Ramat Gan military base. The officer requested anonymity for information security purposes. "It’s also to make the defenders understand their responsibility and what can happen if they fail their mission," the officer said.
Strictly speaking, the IDF is responsible only for the defense of its own network. But in a small country such as Israel, the roles of the military in cyberspace can overlap with other areas of the government and even private critical infrastructure.
"The society builds an army that builds a society that builds an army," said Maj. Oron Minche, offering a loose translation of a Hebrew saying about the IDF.
Minche is spokesman for the IDF’s C4I Corps, a defensive branch that stands for Command, Control, Communications, Computers and Intelligence.
"We don’t have the same [information technology] challenge the Americans do — we don’t have Hawaii, we don’t have Afghanistan. Our IT maneuvers are close," Minche said in an interview.
"When the scale is different, it makes our life easier."
Some adversaries are intent on making Israel’s life harder.
The country has faced cyberattacks from a range of foes. In 2013, a toll road system in Haifa was hacked, jamming traffic in the area and causing thousands of dollars in damages. The following year, companies tied to Israel’s Iron Dome missile defense system were breached for their technology, according to evidence uncovered by security blogger Brian Krebs. In March, researchers at cybersecurity firm Check Point Software Technologies Ltd. attributed the "Volatile Cedar" malware campaign to Lebanon, noting that the hackers aimed their attacks at defense contractors, media companies and other organizations with ties to Israel.
Israel faced coordinated attempts to disrupt national systems during Operation Protective Edge, a 2014 war in Gaza that claimed more than 2,200 Palestinian and more than 70 Israeli lives, according to leading officials.
"In Operation Protective Edge last summer, the state of Israel was attacked in the cyber arena by a country, by Iran," said Moshe Ya’alon, Israel’s defense minister, in a Hebrew-language speech at a cybersecurity conference in Tel Aviv last month. "Government sites were attacked, military sites were attacked, and economic sites were attacked."
Israeli concerns over Iran have mounted in recent days as the United States seeks to wrap up negotiations over Tehran’s nuclear program. It’s not clear how a nuclear deal will test Israel’s cyberdefenses. Security researchers say Iran has upped its cyber capabilities since being caught unawares by Stuxnet and have tied several advanced online threats back to Persian-speaking hackers. Last week, Israel’s cyberdefense authority warned of an impending cyberattack, Haaretz reported, although it’s not known what prompted the urgent alert.
"All the time we see attacks coming from all our opponents, both Iran and terror organizations," Eviatar Matania, head of the Israel National Cyber Bureau, told journalists at the Fifth Annual International Cybersecurity Conference in Tel Aviv last month. "We see it, for example, during the last operation in Gaza, but we see it also day to day. The problem with cyber is, it is not just during emergency times — it happens all the time."
At the same conference, the Iranian nuclear negotiations were the focus of a war game designed to test Israel’s preparedness for a cyber crisis.
The exercise, developed by Tel Aviv University’s simulation lab SIMLAB, involved Qatari actors spreading false information about a new secret Iranian nuclear facility that flew in the face of existing restrictions.
The fictional scenario set off a series of events that derailed talks over Iran’s nuclear program.
The simulation highlighted the fog of war in any cyber conflict, which Iddo Moed, cybersecurity coordinator in Israel’s Ministry of Foreign Affairs, called "one of the most important attributes in international relations with cyber."
"This kind of uncertainty will be there. It’s a fact," he said. "When you’re attacked, this attack may have already taken place a year ago."
Israel has regulated cybersecurity for critical infrastructure organizations since 2002, but the government has rushed in recent years to keep up with the fast-changing threat to national systems.
The Israel National Cyber Bureau, which reports to the prime minister’s office, was set up three years ago to deal with the widening array of civilian cyber challenges.
More recently, the banking sector has had to adapt its practices, and private banks and credit card companies now have until Sept. 1 to comply with a cyberdefense directive issued through the Bank of Israel.
"This is not an information security directive — it doesn’t have a checklist of how you are going to protect your servers," explained Rachel Jacoby, head of the Operational Risk and Cyber Management Unit at the Banking Supervision Department of the Bank of Israel. "By the term ‘cyberdefense’ — and not ‘cybersecurity’ — you can get the perspective of the cyber threat landscape and understand that protecting this arena is much more than security."
Her supervision department was established 3 ½ years ago to strengthen Israeli banking and credit card companies’ resilience to cyberattacks through coordination, guidance and enforcement tools.
Since then, the BSD has launched an interbank professional forum that meets every few weeks, in addition to enacting baseline cybersecurity requirements for banks of all sizes. Jacoby’s unit is encouraging growth of an information-sharing group modeled after the Financial Sector-Information Sharing and Analysis Center in the United States.
"Israel really is a strategic target of attack because of the geopolitical situation," Jacoby said, adding that there are pros and cons to the country’s small size. "On the one hand, damage to an Israeli bank can harm the banking system, unlike a nation such as the USA … on the other hand, it’s easier and perhaps more effective to share intelligence and information if there are not so many banks and not so many sectorial and national entities dealing with cyber."
As in the United States, in Israel, the financial industry has a reputation for being progressive in its approach to cyberdefense, with lessons and strategies trickling out to other sectors.
The best defense
Israel has adopted the old mantra that the best offense is a good defense, although applying that to the cyber arena hinges on the ability to identify who is actually attacking you.
"Any progressive country that has enemies must be able to defend itself in the cyber arena," Defense Minister Ya’alon said. "It would be better that each such country under threat could also have the capability to strike against its enemies — even if only in retaliation against their strikes — in order to deter them."
The Israeli approach to cyber is in keeping with the country’s military history.
Since winning against the odds in its 1948 war of independence and the Six-Day War in 1967, Israel has shed its underdog reputation by developing or acquiring state-of-the-art military technology and grooming a large percentage of the population for armed service.
The country is widely known to have developed its own arsenal of nuclear missiles, although the government has not acknowledged such a weapons program.
In a similar vein, Israel has warned it can outgun enemies in the cyber arena — Ya’alon declared the country a "cybernetic superpower" — while denying any role in some of the advanced hacking campaigns that have been traced back to its military and intelligence units (EnergyWire, July 1).
The military has recently begun a yearslong restructuring to unite cyberattack and -defense units under the same roof. Maj. Minche of the C4I Corps noted that even the country’s cyberdefenders must train on offense to hone their skills.
"As far as we know, we are the only military in the world to do live cyberattacks on our own networks," he said, observing that a recent exercise knocked out a few thousand live military computers. "One of our main goals is not only to provide the high-tech capabilities, [but] to provide tension to our defenders."
Minche said recent conflicts, including Protective Edge, had highlighted the "tight relationship between the kinetic world and the cybernetic world" — the physical and the virtual.
The IDF’s planned reorganization, its Sim City and Israel’s counterstrike capabilities are all aimed at keeping up with that convergence.
"Our goal is to defend Israel and win the war; doesn’t matter who is our enemy," Minche said.