The digitalization of the energy and infrastructure field in recent years has made it more vulnerable to cyber threats. If in the past the threats were essentially physical, today, in the technological era, providing cybersecurity to critical infrastructure and energy installations has become a major task. In fact, attacks on the computerized systems of this sort might result in severe physical damages and disrupt the lifestyle in the country.
One may claim that cyber threat to critical infrastructure is, perhaps, the most significant issue in the realm of cyber security. Only a thoughtful, informed process can design a policy of effective critical infrastructure protection from cyber threats and thus, reduce the risk confronting the State of Israel and other developed countries from cyberspace. Politically and economically, critical installations have become more attractive targets for attacks.
Since all infrastructures have been affected by the information revolution and all now include computerized components that are mainly for command and control, this rapid technological change has created a new, additional security threat. The nature of cyberspace allows an attacker to disrupt the functioning of critical infrastructures without even being physically near the target and without risking being tracked down. Therefore, the renewed discussion on critical national infrastructure protection focuses on the cyber dimension.
Cyber damage to critical infrastructure may cause damage to the country's economy, not only directly, such as the inability to provide essential services, but also in the form of a commercial strike on the ability of Israeli companies to supply their products for a given period of time.
Nevertheless, the major challenge in protecting critical infrastructures from cyber threats is not technical, but political. Today most states have legal and technical regulation for selected sectors. The Israeli policy for critical infrastructure protection was set up nearly a decade ago, and served it well. In other words, the critical infrastructure protection emphasizes market mechanisms and voluntary public-private cooperation towards a model that grants broad powers to the government to guide business entities and supervise its directives execution.
The primary objective of a national cyber defense strategy is to maintain the state’s functional continuity. It strives to have a strong enough capability to withstand a cyberattacks in order to allow relevant Israeli authorities to actively apply operations against cybernetic and kinetic space enemies. There are three main kinds of attacks, including: an advanced persistent threat (APT), penetration into an organization’s computer system, a superficial attack striving to change the site or prevent access to it and to the services it provides in the cybernetic space, and a direct infrastructure attack like damaging hardware components.
Activity in cyberspace includes a number of components, among them: defense for institutions responsible for state security, institutions supplying essential services, and those responsible for administrative procedures and everyday life. Terror is not the only source for cyber threats, it could be attributed also to hostile states, enemy states, hacktivists, and even private individuals. In parallel, the State of Israel is exposed to criminal activity in cyberspace, including business espionage and intellectual property theft, financial crime, etc. Israel also must address the offensive component on a national level. Naturally, the ability to cover these components in this paper is extremely limited due to the secretive Israeli approach.
“Cyber security” is a more limited field dealing with the stability and regular management of the national cyberspace, such as Israel’s dependence on communications satellites, cellular companies, and so on. “Cyber defense” is one aspect of cyber security, and the sole responsibility of the Authority. Following the establishment of the Authority, the National Cyber Staff’s center of gravity aspires to gradually start also to handle the field of national cyberspace in a general sense. This means encouraging R&D, building up human capital, expanding education and governance via cyber efforts etc. Furthermore, to address national cyber security affairs, such as the construction, stability, and survivability of the national cyberspace during routine times and in emergencies in areas outside the Authority’s purview.
Israel has chosen to place the responsibility for the protection of vital infrastructure on a designated body of the General Security Service, which provides binding instructions to infrastructure operators. Hence, the Israeli strategy is based upon models of regulation, both a limited organizational model that deals with the transfer of information and incentives, and a more aggressive model dictating the way to deal with this threat.
On the other hand, the advantages of the Israeli model are that it offers incentives while enforcing the standard by an external party. Second, it overcomes the problems of information gaps for firms by centralizing security tasks with one government agency that ensures that the entire range of offensive information will be passed between the various agencies through the mediation of government authority, and that the expertise is concentrated in one central body that coordinates the resources. Another clear advantage is secrecy in the operation of the control mechanism. The concentration of power only on one entity prevents inefficiency resulting from the decentralization of powers by many entities.
Israel’s national cybersecurity strategy against the threats rests on three layers characterized as robust, resilience and defense. Defense stands for proactivity, developing security tools prior to the events. Israel identified 40 critical infrastructure facilities, which are core systems, and provided them with the latest knowledge and best-practice, while ensuring that they have coping capabilities and safeguards. Resilience is related to Israel's recovery capability, and the ability to continue to function and minimize the risks. Lastly, a part of building robustness is finding ways to make computers and other connected devices vulnerable. Israeli companies or government entities report immediately to their in-house security officers when they notice that something with their computer devices is wrong.
The INCD, which operates directly under the Prime Minister, is a security-operative, non-secretive body that is designed to verify that the Israeli civilian cyberspace is fully protected. In the civilian sphere, it operates as an overall authority, working closely with all the other operational players, including the army, which has a fairly common interface with the civilian sector, especially in protecting Israel's home front during war. Other players are the Israeli Security Agency, whose responsible for the prevention of terrorist threats, including cyber-terrorism, and the Police, which is responsible for criminal activities. The goal is to make sure that the national effort in the field of cyber protection is synchronized, that there will be no shortage of means, tools and resources for the various systems and that the budgets will be allocated to meet the various needs.
Protecting computer infrastructures is not a new issue for Israel, and there are Cabinet decisions dating back to 1996 on defense against cyber threats. In 2002, the Ministerial Committee on National Security laid out the format for protecting computer infrastructures in decision B/84, which to this day, serves as the basis of the Israeli response to cyber threats to critical information infrastructures. Consecutively, it mandated the establishment of a steering committee responsible for identifying institutions that are critical to protect, as well as creation of the Information Security Authority (RE'EM), a government unit to protect civilian computerized infrastructure. RE’EM was established within the Israel Security Agency in order to comply with legal restraints on government intervention in business, since by law only civilian authorities, such as the police or the GSS, could intervene in private businesses. The agency oversees IT security in critical institutions and provided guidance, implementation services, and even posed sanctions against institutions that violate its directives. The institutions bear the costs of the protection required.
However, due to the evolving cyber-environment, a comprehensive review of national cyber-posture was conducted in 2011 leading to significant policy changes. One was to foster coordinated cooperation between public, security, academic, and private sectors. In 2012, the Israeli government established the National Cyber Bureau to regulate cyberspace activity.
In 2015 the local Computer Emergency Response Team (CERT), an emergency center constantly equipped with trained cyber defense experts, was established. The team is connected to over 100 organizations through special cyber-net, which allow them to identify the type of event and determine whether it is an individual or widespread incident. Continuously, the team instructs them on how to deal with the attack and even dispatched to the site of the attack if needed. The CERT is run by the National Cyber Authority, which is in charge of the daily operational cyber defense of Israel’s private sector. Israel National Cyber Directorate includes the National Cyber Bureau and the National Cyber Security Authority. The directorate operates directly under the prime minister. The IDF and Mossad secret services are mainly in charge of protecting the security services from cyber-attacks and of working outside Israel’s borders to collect relevant intelligence.
As the directorate within Israel's Ministry of Defense (IMOD) is responsible for defense exports and international cooperation, SIBAT facilitates global relationships by promoting agreements, industrial cooperation and technology sharing. As the key interlocutor between Israel's defense establishment, foreign security agencies, military forces, and global industries, SIBAT locates a wide range of business opportunities, including local production, joint ventures, research and development.
Moreover, in 2015 Israel's Innovation Authority, the ministry of economy and the National Cyber Directorate announced a new 24 million USD three-year program to boost Israel’s cyber industry. "Kidma" offers a benefit package for creating technological solutions in cyberspace security, while encouraging related research and development activities. The program is three-pronged: investing in “game-changing” technologies, supporting companies passed the development stages by funding pilot tests for their technologies with potential clients, and boosting resources to CyberSpark (the Israel Cyber Innovation Arena in Beersheba).
Under the initiative, startups will be eligible for funding of up to 66% of their R&D expenses, and up to 1.35 million USD a year for their project. The program will also finance up to 30% of the budget of a pilot test in Israel and up to 50% of a pilot test abroad on approved projects. In addition, the Israel National Cyber Directorate and the Innovation Authority will jointly promote the creation of “innovation arenas” in sectors that are undergoing a significant digital transformation. Such as health, transportation and finance, which are becoming more and more exposed to cyber threats. Towards the end of the program, an internal evaluation of the program was conducted, including conducting a comprehensive survey in industry. As a result, it was decided to launch a follow-up program. "Kidma 2" will focus on promoting the industry according to the barriers that arose from the follow up of the headquarters and enable the growth of large companies while concerning the full economic potential in the cyber industry.
2016 marked the official beginning of the National Cyber Defense Authority, founded over the guiding rationale that a close cooperation among all parts of the civil sector is crucial for the defense of cyberspace. Its primary function is to direct, operate, and execute all defensive and operational efforts at the national level, based on a systemic approach to allow a constant defensive response to cyberattacks. That includes handling cyberspace events in real time, formulating a current situation assessment, intelligence gathering and working with the special institutions. The director of the Authority is subordinate to the head of the National Cyber Staff, who is defined as the head of the national cyberspace operation.
On 2017, the Israeli government approved a decision to merge the Israeli National Cyber Bureau with the National Cyber Security Authority into one cyber security entity. Both bodies are under the aegis of the office, with the Bureau being in charge of cyber security strategy and the Authority being in charge of cyber security operations. Israel’s military, police and internal security agency have separate cybersecurity departments. National bodies like the Bank of Israel or the Israel Securities Authority also have their own cybersecurity departments.
During the last decade, the Water Authority replaced the classical defense of water installations through security cameras and physical armed security with the defense of the water itself, through monitoring the status and quality of the water to ensure that there was no sabotage. During emergency, the Water Authority operates a center that manages all the activities involved to supply alternative water and repair the infrastructure. Israel Electric Corporation (IEC) developed a system of comprehensive response to all security situations, used by Israeli power companies. IEC is the largest power company in Israel, consisting of 17 gas and coal-fired power plants with a total capacity of 13.6 GW, which accounts for 99.8% of Israel’s electricity generation.
Lastly, Israel’s expertise in border security dates back to 1960, when its initial investments in border security, surveillance, route clearing and patrols were made. Today, Israeli companies are at the forefront of border security, offering sophisticated electronic fencing and covert “virtual fences,” backed by video motion detection capabilities, radar, and electro-optical-based surveillance sensors, and autonomous, unmanned aerial, ground and maritime patrol vehicles. Computerized information technology systems offer sophisticated tracking of people, vehicles, and cargo, ensuring that open borders do not become a security risk.
© De Angelis & Associates 2019. All Rights Reserved.