As Iranian hackers grow more skilled, Israel builds ‘cyber dome’ to protect itself
Jerusalem working with international allies to build consolidated defenses in cyberspace; Tehran said to have launched more than 800 significant cyberattacks on Israel since Oct. 7
Israel’s Iron Dome defense system has long shielded it from incoming rockets. Now it is building a “cyber dome” to defend against online attacks, especially from arch-foe Iran.
“It is a silent war, one which is not visible,” said Aviram Atzaba, the Israeli National Cyber Directorate’s head of international cooperation.
While Israel has fought Hamas in Gaza since the October 7 attacks in southern Israel, it has also faced a significant increase in cyberattacks from Iran and its proxies, Atzaba said.
“They are trying to hack everything they can,” he told AFP, pointing to Hamas and the Hezbollah terror group in Lebanon, but added that so far “they have not succeeded in causing any real damage.”
He said around 800 significant attacks had been thwarted since the war erupted. Among the targets were government organizations, the military and civil infrastructure.
Some attacks could not be foiled, including against hospitals in the cities of Haifa and Safed in which patient data was stolen.
While Israel already has cyber defenses, they long consisted of “local efforts that were not connected,” Atzaba said.
So, for the past two years, the directorate has been working to build a centralized, real-time system that works proactively to protect all of Israeli cyberspace.
Based in Tel Aviv, the directorate works under the authority of the prime minister. It does not reveal figures on its staff, budget or computing resources.
Israel collaborates closely with multiple allies, including the United States, said Atzaba, because “all states face cyber terrorism.”
“It takes a network to fight a network,” he said.
‘An impressive enemy’
Iran is “an impressive enemy” in the online wars, said Chuck Freilich, a researcher at the Institute for National Security Studies, which is affiliated with Tel Aviv University.
“Its attacks aim to sabotage and destroy infrastructure, but also to collect data for intelligence and spread false information for propaganda purposes,” he said.
Iran has welcomed Hamas’s October 7 terror assault on Israel, in which some 1,200 people were slaughtered, mostly civilians, and 253 others were seized as hostages, of whom 129 are still captive in Gaza.
In response, Israel vowed to stamp out Hamas and topple its regime in Gaza, launching a military campaign that the Hamas-run health ministry in Gaza says has killed at least 34,400 Palestinians. The figures cannot be independently verified and include some 13,000 Hamas gunmen Israel says it has killed in battle. Israel also says it killed some 1,000 terrorists inside Israel on October 7.
Regional tensions have soared, particularly after Iran for the first time fired hundreds of attack drones and missiles directly at Israel last month in retaliation for a deadly strike on what it said was an Iranian consulate building in Damascus. Israel has not commented on the strike, but was accused of being behind it by both Iran and Syria.
The direct attack on Israel was the most dramatic escalation yet after a years-long shadow war of killings and sabotage attacks between Israel and Iran.
Freilich argued in a study published in February that Iran was relatively slow to invest in cyberwarfare until two key events triggered a change.
First, its leaders took note of how anti-government protesters used the internet as a tool to mobilize support for a 2009 post-election uprising.
In the bloody crackdown that crushed the movement, Iran’s authorities cut access to social media and websites covering the protests.
Then, in September 2010, a sophisticated cyberattack using the Stuxnet virus, blamed by Iran on Israel and the United States, caused physical damage to Tehran’s nuclear program.
Freilich said the attack “demonstrated Iran’s extreme vulnerability and led to a severe national shock.”
Since then, Iran has gained substantial expertise to become “one of the most active countries in cyberspace,” he said.
‘Concern for future’
While Israel is considered a major cyber power, Iran is only likely to improve, said Freilich.
He pointed to assistance from Russia and China, as well as its much larger population — more than 89 million people live in Iran in comparison to 9.3 million in Israel — and an emphasis on cyber training for students and soldiers alike, adding that the trend was “concerning for the future.”
Atzaba insisted that the quantity of hackers is secondary to the quality of technology and the use it is put to.
“For the past two years, we have been developing a cyber dome against cyberattacks, which functions like the Iron Dome against rockets,” he said.
“With cyber dome, all sources are fed into a large data pool that enables a view of the big picture and to invoke a national response in a comprehensive and coordinated manner.”
The Israeli system has various scanners that continuously “monitor Israeli cyberspace for vulnerabilities” and “informs the stakeholders of the means to mitigate them,” he said.
Israel’s cyber strength relied on close cooperation between the public, private and academic sectors, as well as Israel’s “white hat” hackers who help identify weaknesses.
“We work hand in hand,” he said.