A promotion for the Israel Defense Forces at the CyberTech 2016 conference. (Images by Rob Pegoraro/Yahoo Tech)
The first day of the recent CyberTech 2016 conference on cybersecurity in Tel Aviv, Yuval Steinitz, Israel’s minister of national infrastructure, energy and water resources, dramatically demonstrated the urgency of the matter at hand: He admitted that the state electric authority itself was currently “facing a very serious cyber attack.”
His government agency had identified the malware and isolated the infected computers. And the attack affected only a regulator of the electric industry, not the actual power generation or transmission systems. But Steinitz’s point still stood: “This is a fresh example of the sensitivity of infrastructure to such attacks.“
Or, as Israeli prime minister Benjamin Netanyahu put it during an address earlier that day: “In the Internet of everything, everything can be penetrated. Everything can be sabotaged, everything can be subverted.”
Israel knows this better than most countries. It has been on the receiving end of numerous online attacks of varying levels of competence (though not as many as the United States receives), and it has launched some particularly advanced and effective assaults of its own — most famously, the Stuxnet malware that it and the U.S. reportedly collaborated on to disable Iranian nuclear centrifuges.
“Israel is one of the top targets of cyber attacks, and also a source of a lot of defensive and offensive cybersecurity technology,” according to Johannes Ullrich, dean of research at the SANS Technology Institute, a cybersecurity research and training organization in Bethesda, Maryland. A report released before the conference by the IVC Research Center, a Tel Aviv tech-startup hub, touted Israel as second in the world to only the U.S. in cybersecurity.
I spent a week in Israel to get an overdue introduction to its cybersecurity sector, courtesy of a trip for a group of U.S. journalists and analysts sponsored by the America-Israel Friendship League, a New York- and Tel Aviv-based nonprofit, and by Israel’s Ministry of Foreign Affairs. I wanted to see how the countries private and public sectors were coping with cybersecurity threats and to see what U.S. might learn from them.
My conclusion: If only the Israeli approach were something we could pack in a box and put on a plane to the States.
Lines of code on a monitor at CyberGym’s training facility.
Keeping the lights on
“Yes, we are in war,” said Israel Electric Corp. senior vice president Yosi Shneck at the start of a briefing at the company’s headquarters in Haifa. “If not war, at least a significant battle.”
At the low end, the almost-entirely-state-owned utility is subject to 4 to 5 million online attacks a month; at the peak of the “OpIsreal” campaign, that number approached 25 million. None have succeeded in taking IEC’s grid offline, although Shneck wouldn’t say how close they’d been.
“I don’t think we are smarter, but I am sure that we are unique in one thing: We are in a political situation that puts us in front,” Shneck said.
He did say that the nature of these attacks had changed, with fewer “distributed denial of service” attacks (in which massive numbers of computers are used to flood a targeted site with useless traffic) but more phishing attacks and attempts to tunnel into its networks with long-lived “advanced persistent threat” malware.