The Israeli army is battling cyber attacks of increasing complexity, edging closer to an age in which online attacks become a central component of asymmetric warfare, the head of the IDF’s cyber defense unit told The Times of Israel recently.
The danger to the military, which has stored all of its information on computers for the past 35 years and is increasingly run online, was underscored on Monday when hackers identifying with the Islamic State terror group managed to hijack social media accounts of the US Military’s Central Command, posting propaganda and what it claimed was secret information.
For Israel, though the principle threats come from Hamas, Hezbollah, and Iran, which “invest” heavily in cyber warfare “and their capacities continue to improve,” said the IDF cyber unit’s commander, who spoke on condition of anonymity.
The unit, which graduated a new class of so-called cyber defenders last week, was founded two years ago. During Operation Protective Edge in Gaza this summer, Israel was subjected to “a wide-scale attack the likes of which we have not before seen,” a commander in the army’s computers and technology branch, known as C4I, told a group of Israeli military reporters.
Iran, he added, had put “very significant effort” into the offensive.
The bulk of the threats, as is the case with terror, were aimed at civilian systems rather than the more heavily protected military systems, the officer said.
The army’s operational systems, very much reliant on technology, were not attacked. The sole high profile success was the Iranian-backed, so-called Syrian Electronic Army’s hacking of the IDF Spokesperson’s English Twitter feed on July 3.
“#Warning: possible nuclear leak in the region as two rockets hit Dimona nuclear facility,” the feed read until it was corrected several minutes later.
Nonetheless, some of those who closely followed the advance of the cyber threat in recent years and specifically during the operation saw a notable shift in the Iranian approach.
“It’s quite possible that the Iranian progress in the cyber sphere during Operation Protective Edge is evidence of the beginning of a process in which cyber war replaces the classic terror as a central tool in Iran’s doctrine of asymmetric warfare,” Col. (ret) Gabi Siboni, the director of the Cyber Security Program at the Institute for National Security Studies think tank in Tel Aviv, wrote shortly after the operation.
Cyber attacks would enable Israel’s enemies to strike the home front and are often easily deniable — two elements that are central to the Iranian approach to asymmetric warfare against Israel, Siboni wrote.
Iran, he added, is quickly and adroitly “bridging the gap” in cyber technology between itself and Israel.
“We don’t need to be naive,” the unit commander said. “It’s simple” – the axis of Islamist resistance is constantly probing for chinks in the IDF’s armor; hence the rise of the rocket and missile threat. As that threat has been partially thwarted, he said, the tunnel threat, a dominant feature of the Gaza war, was pushed to the fore. “In the coming wars,” he said, “especially those in the north, I imagine that the cyber capacity will be far more significant than in the past wars”
The possibility of a 1973 Yom Kippur-like scenario, in which cyber threats, disguised as something more benign, are suddenly released, in unison, is one Israel cannot afford to dismiss. “Massive cyber attacks, like the Egyptian onslaught on Yom Kippur” are feasible, he said. But the unit’s “very, very wide intelligence picture,” coupled with a dynamic defensive system, “keeps us two steps ahead of the known assault level.”
The army’s defensive posture, in cyber space, he said, is akin to that along Israel’s borders. There are visible barriers, erected in cyber space. They are meant, like border fences, to provide one layer of protection. Around them are other obstacles meant to guide an intruder toward central channels of attack, which are studded with covert traps.
He described the net around Israel’s secrets and computerized weapons systems as deeply layered and said that in a “very, very high percentage” of cases the army is able to locate the point of attack and either stymie its advance or launch a counter-strike.
“It’s no different than the kinetic world of war on land,” he said.
However, potential attackers can come from anywhere in the world, not just enemy states, and need no special infrastructure in order to succeed. A nation seeking to advance its intercontinental missile capacity needs a planning infrastructure, a support network, and a lot of money, the head of C4I, Maj. Gen. Uzi Moskovitz, noted last year in a public address. “In cyber space, though, one can climb from seventh or eighth in the world to second or third easily. There is virtually no dependence on physical factors; the only necessity is human capital.”
The IDF’s Cyber Defense Unit, which last week graduated a small group of soldiers to the pool of several hundred currently in service, seek highly curious people, with the ability to work in a team, learn new material fast, and the tenacity to never leave a stone unturned, the unit commander said.
“Once we have that, we can give a short course and they will be able to attain a very wide knowledge.”
He described the nature of the work as sifting through “many piles of noise” and fishing out that which seems suspicious, and then linking it to other suspicious events, inspecting them, developing a “three-dimensional picture,” compiling the evidence into a diagnosis and then investigating the threat thoroughly enough so as to render it transparent.
For now, this unit has proven demonstrably successful. But there is no guarantee this superiority will endure, particularly in light of the disorder among the many bodies addressing the cyber threat, including the IDF, the Shin Bet, the Mossad, communications companies and providers, the Bank of Israel and the Israel Police. The absence of order in Israel’s defensive cyber deployment, Saboni wrote, “may cause holes in the digital Iron Dome shielding Israel and allow hostile elements to harm Israel.”
The commander of the most recent cyber defense course, cleared to speak only as Lt. S., noted the growing threats against Israel and the growing reliance on technology within the army. “The cyber threat level is always going up,” he said, “but, on the other hand, we’re not going to go back (in time) and start working with paper.”