Army beefs up cyber-defense unit as it gives up idea of unified cyber command
Military Intelligence to keep collected intel with coveted Unit 8200; IDF’s Computer Service Directorate to be charged with protection and counter-attack, officer says
Judah Ari Gross is The Times of Israel's religions and Diaspora affairs correspondent.
The Israel Defense Forces is officially abandoning plans for a unified Cyber Command meant to bring the military’s online activities under one roof, keeping its cyber-defense arm separate from its intelligence collection division, in a reorganization the army says reflects improved electronic warfare capabilities, a senior official said Sunday.
At the beginning of his tenure as IDF chief of staff in 2015, Lt. Gen. Gadi Eisenkot announced he would bring together the military’s cyber units under one body, a command unit on par with the Ground Forces, Navy or Air Forces.
The plan for the unified Cyber Command was conceived under the belief that the cybernetic front was a sufficiently independent area that it demanded its own consideration, as Eisenkot explained in 2015 in an unclassified document, known as “IDF Strategy,” that set out the army’s overall goals and methods to achieve them.
However, after two years of discussion and work, the military has opted to scrap that proposal and instead keep the existing dynamic of having the military’s defensive capabilities remain in the army’s Computer Service Directorate, also known as the C4I Directorate, and keeping the elite, secretive Unit 8200 inside Military Intelligence, the senior officer told reporters, speaking on condition of anonymity.
Under the new cyber plan, the role and methods of Unit 8200 will remain the same: both collecting signal intelligence, known as SIGINT, and — according to foreign reports — carrying out cyber attacks.
On the defensive side, however, the military will undergo a number of changes to boost the capabilities of the C4I Directorate, turning its cyber defense unit into an “operational command,” with the authority to act and respond, according to the official.
Currently, the unit is only charged with building and maintaining the military’s online network.
The army expects the improved cyber defense unit to be up and running by September, the senior officer said.
The officer did not specify who specifically threatens Israel on the cyber front, but most experts consider Iran and the Hezbollah terrorist group to be Israel’s main foes in this realm, along with Hamas to a lesser extent.
According to some reports in the Hebrew press, the proposal to integrate Unit 8200 into the Cyber Command was opposed by senior Military Intelligence officers.
The highly secretive elite 8200 unit — roughly equivalent to the National Security Agency in the US — is well regarded for its computer prowess and seen as a major incubator of Israel’s hi-tech startup culture.
According to foreign reports, the Military Intelligence unit is believed to have collaborated with the United States to create the sophisticated Stuxnet virus, which hit Iranian nuclear facilities in 2010.
The senior cyber defense official did not discuss the specifics of why the plan was scrapped, but stressed that the C4I Directorate and Unit 8200 maintained an excellent relationship and were dependent on one another.
The army first announced it was considering abandoning the planned unified Cyber Command at the beginning of the year, but Sunday marked the first time the military presented the cyber warfare reshuffle.
“Reorganizing the IDF is more like going into a jungle and trying to garden it, than writing a white paper, where you draw [a plan] from scratch,” the officer said, referring to the difficulties faced.
‘Reorganizing the IDF is more like going into a jungle and trying to garden it’
Before this plan, the C4I was concerned with the functioning of the military’s technology and only then with the operational side of things, but now that will be reversed, the officer said.
“That’s a change of DNA, not just a change of words,” he said.
While responsible for the protection of military systems, as well as some national infrastructure during emergencies, the C4I Directorate will also be charged with counterattacks and “active defense,” measures designed to deter attacks before they happen, the officer said.
“Defense is not standing on the line and waiting [for an attack]. You’re responsible for beating [the enemy],” the officer said.
As part of the army’s multi-year Gideon Plan, which is meant to streamline the military and cut costs, the area of electronic warfare is meant to actually receive a boost in funding across the board — for manpower, equipment and training.
“Every year, we try to bring more and more funds into cyber,” he said.
However, the C4I’s cyber defense unit will be smaller than initially planned, the officer said, owing to budget constraints.
“We wanted it to be bigger, but the money wasn’t there,” he said.
Under the original plan, Brig. Gen. Yaron Rosen was meant to head the Cyber Command, but that position has now been cut, leaving the C4I Directorate with three brigadier generals instead of four, the officer said.
The enhanced cyber defense unit in C4I will be coordinated by a so-called “Firewall Control” unit, the officer said.
The “Firewall Control” will oversee the military’s cyber defense efforts, as well as the cooperation with Military Intelligence.
The general strategy for the cyber defense unit will be to assign commanders a particular area of responsibility and allow them to determine the best way to protect it. These team leaders have already been chosen, he said.
The military’s cyber defense program is primarily responsible for protecting the army’s own systems from attack. Civilian networks are under the purview of the National Cyber Authority and the Shin Bet security service’s cyber unit. However, the specifics of which organization will be responsible for what in the case of emergency is currently being resolved in a proposed national law.
“If there were an attack on national infrastructure, the IDF will be there,” the officer said.
Israel was largely unaffected by the WannaCry ransomwar cyber attack that hit countries around the world over the weekend. Officials credited both the fact that the attack was unleashed on Saturday, when most systems in Israel were down for Shabbat, and the country’s advanced cyber-defense efforts.
The specifics of who would coordinate an effort were Israel hit in a major nationwide attack are still being discussed in the Knesset.
In August 2016, the Knesset proposed reforming the National Cyber Authority, which was designed to bring together country’s various cyber defense groups under one umbrella.
Last month, top members of Israel’s security establishment sent an angry letter to the prime minister warning against the establishment of the NCA, as it stood. A copy of the letter was then leaked to Channel 2 news.
The senior officer said the issue had been “sensationalized.”
“It was a question of how the law gets made,” he said. “I’m sure it will be resolved soon.”
