IEC’s ‘cyber-gym’ gives good-guy hackers a workout

A special ‘practice’ system, duplicating the actual working one, will enable Israel Electric Company to protect computer systems from cyber-attack

An illustrative photo of an electricity company control room. (Tsafrir Abayov/Flash90)
An illustrative photo of an electricity company control room. (Tsafrir Abayov/Flash90)

If you want to get in shape, the best place to do it is in a gym. And for cyber-defenders, whose job it is to fight hackers and keep them from damaging crucial systems, there is now a “cyber-gym,” where “white hat” good-guy hackers will be able to hone their cyber-fighting skills against “black hat” bad-guy hackers.

The program is a joint effort of Israeli cybersecurity company Cyber Control, and the Israel Electric Company. “Actually, the idea of the gym could work in many industries, including banks, corporations, and so on,” said Ofir Hason, CEO of Cyber Control. “But we wanted to start with infrastructure companies, because they are among the most vulnerable, and the IEC is perhaps Israel’s biggest infrastructure company.”

The idea of the cyber-gym is to duplicate real-world conditions in which hackers might try to break into the IEC’s system. The IEC is no stranger to hack attacks. “The IEC’s CEO has said that hackers have tried to hack the company’s control systems and information systems several times,” said Hason. At a press conference, the IEC’s Deputy CEO Yasha Hain said that the company “has been dealing with cyber-attacks that have already become a matter of routine.”

In fact, Hason said, the IEC and other utilities may be more vulnerable than businesses, financial institutions, and government agencies. “Infrastructure computer systems are usually legacy systems, and were not designed with cybersecurity in mind. The designers of the systems were more worried about safety and liability, and the code that runs those systems is much more vulnerable.”

Cyber Control and the IEC signed the agreement to set up the cyber-gym this week, and the actual system will be ready in the summer. “We need to set up the environment, duplicating the code and applications on the real IEC system, then write the code that hackers would use to invade a system, and train staff in how to recognize those invasions and what to do about them,” said Hason. The cyber-gym will operate at the IEC Training Center in Heftziba, adjacent to the Orot Rabin Power Station in Hadera.

Hason expects the effort to produce novel techniques to defend infrastructure systems that will benefit not only the IEC, but utilities around the world. Once the IEC system is set up, the company and Cyber Control will market it to other utilities around the world, he said.

Cyber Control is such a security-minded group that it doesn’t even have its own website (the company is a subsidiary of Israeli IT consulting group Liacom Systems). Hason has been involved in cybersecurity in Israel and abroad for over a decade, and is a veteran of IDF and Homefront Command cybersecurity units.

“Many of our workers have done security work for financial institutions and governments,” Hason said. “With this project, we are entering a new area, one where cyber-defense is crucial, given the vulnerability of systems and their importance to the smooth functioning of society. I am positive we will develop new methods to defend systems and fight hackers.”

Most Popular
read more: