Interview

Staying humble is key to staying safe, says Israel’s cyber chief

Last week’s hospital cyber-attack was no big deal and the electoral system is secure, according to Cyber Bureau head Eviatar Matania, who’s both worried and confident

Shoshanna Solomon was The Times of Israel's Startups and Business reporter

Eviatar Matania, head of Israel's National Cyber Bureau and National Cyber Directorate (Courtesy)
Eviatar Matania, head of Israel's National Cyber Bureau and National Cyber Directorate (Courtesy)

Israel’s cyber chief Eviatar Matania was not too concerned about the cyber attack that infiltrated computer systems in Israeli hospitals last week.

“We see attacks like this all the time,” Matania, who heads the National Cyber Bureau, in charge of setting out the nation’s cybersecurity policies and strategies, said in a wide-ranging interview on Thursday evening. “We mitigate [their damage] all the time, and this is one of them. It is not too difficult or dangerous.”

Matania was speaking from the bureau’s headquarters in the Tel Aviv area. The building is nondescript, with no markings at the entrance to indicate that any government activity was going on within. A board that indicates which offices are to be found on each floor didn’t reveal the whereabouts of the bureau, which is also in charge of developing new cyber technologies for the so-called startup nation.

For the interview, this reporter was asked to hand in her cellphone at the reception desk and bring to the interview only pen and paper along with a voice recorder. No tablets, laptop or anything else digital was allowed. There was also a request for the ink to be blue, but that apparently was just a joke.

The National Cyber Authority on Thursday said that a cyberattack targeting Israeli hospitals was smaller than previously believed and was not in fact connected to a ransomware virus affecting computers worldwide, despite earlier reports. While eight hospitals were originally thought to have been targeted, it turned out that only two were affected, with the other six hospitals having issued false warnings of attacks on their computer systems, the cyber authority said in a statement.

Map locates top 20 countries affected in the first hours of the global ransomware cyberattack in May 2017. (AP)
Map locates top 20 countries affected in the first hours of the global ransomware cyberattack in May 2017. (AP)

It also said that the incident was not linked to an international ransomware attack targeting computer networks last week — namely in Ukraine and Russia — and emphasized that no damage was caused. Institutions targeted were continuing their operations as usual, it added.

A global wave of cyberattacks that began in Russia and Ukraine on Tuesday last week wreaked havoc on government and corporate computer systems as it spread around the world. Britain’s parliament shut down external access to email accounts on June 24 following a cyberattack. Malicious software dubbed Crash Override or Industroyer was reportedly responsible for a 2016 power outage in Ukraine, while in May a worldwide extortionate ransomware attack, WannaCry, affected 10,000 organizations and 200,000 computers in over 150 countries. All of these attacks highlight how vulnerable companies and nations are to the growing number of cyberthreats globally.

At any given moment there are probably three to five attacks on a national level that emanate from various sources, Prime Minister Benjamin Netanyahu said at Cyber Week, an international cybersecurity conference in Tel Aviv last week.

Even if most of the attacks are unsophisticated and what the public hears about are generally the unimportant ones, there are “a lot more sophisticated attacks” and much more dangerous ones happening under the radar, Matania said. The public is usually kept in the dark about those and information released only on a need-to-know basis.

“You need all the time to be very careful,” he said. “You do not want the opponent to understand what you know and what you don’t know. It is a very sophisticated combat.”

Prime Minister Benjamin Netanyahu speaks at Cyber Week in Tel Aviv, June 26, 2017. (Courtesy/Chen Galili)
Prime Minister Benjamin Netanyahu speaks at Cyber Week in Tel Aviv, June 26, 2017. (Courtesy/Chen Galili)

Matania, a graduate of the Israeli army’s elite Talpiot program who holds degrees in physics and mathematics and a PhD in judgment and decision making, says his bureau’s job is to build up what he calls Israel’s “robustness” and “resilience” against cyber attacks.

Creating robustness and resilience

Building up robustness is finding ways to make computers and other connected devices “less vulnerable,” he said, comparing these systems to the human body.

“Most of the time you are not sick because you are robust,” he said. “If you sleep well and if you eat the right food and drink water you don’t get sick.”

For computer systems, if security is set up correctly, 80 percent of attacks can be thwarted, he said. However, most are “currently are not robust enough” because they were designed without attention to cybersecurity.

Illustrative: Staff monitoring the spread of ransomware cyberattacks at the Korea Internet and Security Agency (KISA) in Seoul, May 15, 2017. (AFP/ YONHAP)
Illustrative: Staff monitoring the spread of ransomware cyberattacks at the Korea Internet and Security Agency (KISA) in Seoul, May 15, 2017. (AFP/ YONHAP)

Costs, and lack of awareness, were part of the reason for this flaw, he said. “Think about a camera, a sensor in your fridge or washing machine,” which are expensive to design with built-in cybersecurity. Nobody realized there would be a need for security when these systems were built, and consumers will usually opt for the cheaper product, even if security is poorer.

Now the world is waking up to the threat, but meanwhile, the battle against hackers is being lost. So that is when the need for resilience kicks in: identifying an attack and reacting to it in a timely manner when it happens.

The Israeli CERT

When Israeli companies or government entities notice something wrong with their computer systems, their in-house security officers are alerted. When they suspect an attack is underway they are instructed to alert the local Computer Emergency Response Team (CERT) — an emergency center manned 24/7 by “trained cyber defenders.” The team is connected via a specially dedicated cyber-net to some 100 organizations and can immediately know if the attacks are isolated incidents or widespread. Accordingly, they issue instructions of how to deal with the problem, and if necessary a team is dispatched to the site of the attack.

The CERT is run by the National Cyber Authority, which is in charge of the daily operational cyber defense of Israel’s private sector. Matania is also the head of Israel’s Israel National Cyber Directorate, which includes the National Cyber Bureau and the National Cyber Security Authority. The directorate operates directly under the prime minister.

In April, leaders of Israel’s security establishment sent an angry letter to Netanyahu warning against a plan to expand the oversight powers of the National Cyber Authority.

The letter signed by Mossad head Yossi Cohen, Shin Bet head Nadav Argaman, IDF deputy chief of staff Yair Golan and Defense Ministry director general Udi Adam warned Netanyahu that in its current proposed form, the cyber authority would cause “severe harm to the security of the State of Israel.”

Mossad director Yossi Cohen on January 10, 2016 (Alex Kolomoisky/POOL/Flash90)
Mossad director Yossi Cohen on January 10, 2016 (Alex Kolomoisky/POOL/Flash90)

The officials said the body’s powers were too broadly defined, giving it too much power, according to a copy of the letter obtained by Channel 2 news.

Matania said that when there are different organizations dealing with the same issue, there is “always some friction,” but now “everything is settled.” Any changes made to the cyber authority will be done with the full cooperation of all of the security forces, he said.

The IDF and the Shin Bet and Mossad secret services are mainly in charge of protecting the security services from cyber-attacks and of working outside Israel’s borders to glean intelligence that will make Israel better protected in the cyber-sphere, he explained.

Israeli electoral system is ‘safe’

Last week, sounding an urgent warning note, Yesh Atid opposition party leader and Knesset member Yair Lapid predicted that the next Israeli elections would likely be hacked and called for the establishment of a task force to start preparing a defense against it.

The US is currently conducting an investigation into the Russian involvement and hacking into its 2016 elections.

“We are prepared and we are preparing very well” for any possible attack on the Israeli electoral system, which is actually “very safe,” he said, highlighting the fact that in Israel the votes are cast using paper ballots and not electronic voting machines. After the ballots are cast all of the communication networks need to be secured, and that is “not so complicated. We know exactly how to do that,” he said.

Yesh Atid party leader Yair Lapid leads a faction meeting in the Knesset on May 8, 2017. (Miriam Alster/FLASH90)
Yesh Atid party leader Yair Lapid leads a faction meeting in the Knesset on May 8, 2017. (Miriam Alster/FLASH90)

The recently set-up US-Israeli bilateral cyber working group will increase the amount of information shared by the two nations, set out strategies and boost cooperation in developing technology and human capital, said Matania, who will lead the team together with White House cybersecurity coordinator Rob Joyce.

Even if Israel is recognized as a global leader in cybersecurity, Matania sounds a humble note as he speaks of the huge challenges that lie ahead. “The fact that we know what we are doing, and we do, and that we have very interesting strategies, does not mean that we know everything,” he said.

Israel needs to be “afraid all the time,” consult with different people from different places, and check itself and its methods again and again and again, he said.

Stay humble, get partners, check yourself

“If you are humble enough, you will say I will check it again,” he said. Israel needs “partners, we need cooperation, we need to think again, to rethink, to check ourselves.”

What keeps him up at night, he said, is not the unknown threats lurking ahead, but not being able to read the map correctly, even when the writing is on the wall, as was the case in Israel’s 1973 Yom Kippur War or in the unfolding of the 9/11 terror attacks in the US, “when everything was on the table but we didn’t interpret it in the right way.”

“Not reading a situation well, that is what I am afraid of,” he said.

Most Popular
read more: