The recent tensions between the US and Iran and its spillover into mutual cyberattacks point to such warfare becoming an expected part of hostilities, Mike Rogers, a former director of the US National Security Agency and a former head of the US Cyber Command, said Tuesday at a conference in Tel Aviv.
“We see that cyber, which has been an ongoing part of daily competition between states, will be part of the conflict between nations,” Rogers said at the Cyber Week conference at Tel Aviv University.
An Iranian minister said Monday that the US was unsuccessful in its cyberattacks against Iran after Tehran downed an American surveillance drone late last week.
On Sunday the New York Times reported US military and intelligence officials were drafting plans for additional cyberattacks against Iranian targets.
Current and former officials told the Times the White House was drafting a wide range of covert operations that include disabling Iranian boats used to conduct shipping attacks in and around the Strait of Hormuz, as well as unspecified efforts to stoke unrest inside the Islamic Republic. The White House may also be exploring ways weaken Iranian proxy groups in the region, the officials said.
Tensions between Washington and Tehran have flared since Iran on Thursday shot down the US drone. Iran said the drone violated its airspace — a claim the US denies — near the strategic Strait of Hormuz.
In response to the drone’s destruction, the US was ready to carry out a military strike against Iran but US President Donald Trump said he called it off at the last minute after being told some 150 people could die.
After the drone’s downing, Trump secretly authorized US Cyber Command to carry out a retaliatory cyberattack on Iran, The Washington Post reported Saturday.
The attack crippled computers used to control rocket and missile launches, according to the Post, which cited people familiar with the matter.
Tehran is believed to have stepped up its own cyber capabilities in the face of US efforts to isolate the regime.
Cyberattacks seen as less risky than active warfare
At the conference in Tel Aviv, Rogers, who emphasized he no longer worked for the government and all of his comments were based on what he had learned via the media, said that in the recent US-Iran tensions, both nations were using cyberattacks “as a potential response option that offers lower risk” than active warfare or a military strike.
“That suggests to me that we are going to see more of this,” he said, because a cyberattack has the potential to send a message without provoking more violence. “It is not likely to trigger an escalatory response from the other side,” he said.
A third insight that can be gleaned from the recent US-Iran events is that both nations and companies could face the threat of cyberattacks.
“In the West we have always drawn this line between what is government and what is commercial,” but Iran has not been respecting this distinction, which presents “another interesting challenge” for cybersecurity firms along with potential targets, he said.
Rogers added that cyberattacks are growing globally both in complexity and scale. Technologies such as AI and machine learning are a double-edged sword, offering “great defensive capabilities” but at the same time serving as a handy tool for malicious players. The huge amount of data available today and the convergence of networks makes it harder for both humans and machines to identify all kinds of threats. So, he said, the key is to prioritize the most critical data and processes to be protected, and identify the best possible partners to work with.
The way forward, he said, is to use “more integrated solutions.”
“Doing more of the same and expecting a different response is just not going to work,” he said. “I don’t understand why we are not using more integrated solutions between the government and the private sector,” which should be working together to learn from each other’s experiences.
Unlike the aviation industry, for example, where every incident is analyzed and widely reported, he said, “in cybersecurity we don’t learn from every incident. We need a new model, where the pain of one benefits many. But today, the pain of one is constantly repeated over and over again. ”
Becoming more ‘vulnerable’
At the conference, Yossi Cohen, the head of the Mossad spy agency, said that “cyber-collection” — or gleaning information from the cyber-sphere — has become “one of the main tools used by intelligence organizations in the war against terror,” and makes it possible for agencies like the Mossad to provide significant warnings to avert immediate threats to lives.
A world in which everything is becoming more and more connected is “redesigning the threat of the nation,” he said. “We are surrounded on all sides by the cyber threat and as a result we are becoming increasingly vulnerable and more exposed to attacks.”
The intersection of the cyber sphere with the physical world “creates vulnerabilities of an unprecedented scale” that are being discovered by malicious players.
To avert this threat, he said, cooperation is needed between governments and companies and societies.
The Mossad was presented by the organizers of Cyber Week with an Award for Achievement in Cyber.
The intelligence agency has set up a technology innovation fund, Libertad, that seeks to invest in technologies in a wide variety of fields, including AI, machine learning, natural language processing and remote personality analysis, to tap into cutting edge developments.
Modeling cybersecurity like human immune system
Michal Braverman-Blumenstyk, chief technology officer, Cloud & AI Security, at Microsoft, said in her talk that a key challenge ahead for cybersecurity firms is to find a balance between security and devices’ usability and privacy, and to ensure that security does not become too costly.
By making objects and devices too secure, she said, you may make them unusable. The same goes for privacy: sometimes more security comes at the cost of privacy. Regarding costs, she said, because not everything can be secured, only the “prime jewels” should be identified and secured.
“We should model our security system like our immune system,” she said. The human immune system is transparent and non-intrusive. “It doesn’t bother you,” she said; nor should cybersecurity systems.
The immune system also has a high detection rate — it identifies infections and averts them in a timely manner, and also has very few false positives — meaning it knows when to send in the the heavy artillery.
“That is the way we should build security systems,” she said.
Cyber Week is a conference attended by some 8,000 people from 80 nations and hosts experts from around the world in the field of cybersecurity and intelligence.
The conference is hosted by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), Yuval Ne’eman Workshop for Science, Technology and Security, Tel Aviv University, the Ministry of Foreign Affairs, and the National Cyber Directorate at the Prime Minister’s Office.