Chief of Staff Gadi Eizenkot recently decided to create a “cyber branch” within the Israel Defense Forces to consolidate all of Israel’s cyber capabilities into a single fist. This branch will identify the candidates it wants to become cyber specialists, train them, drill them, build up their skills and activate them. It will encompass all operational capacities pertaining to cyber warfare, including defense, offense and intelligence collection. Just like Israel’s air force, it will provide services to all of the IDF’s branches, divisions and commands that require its services.
For example, if the IDF decides to conduct a secret raid on some target deep in enemy territory, representatives of the cyber branch will participate in the planning of the operation.
Today, everything pertaining to cybersecurity and warfare is scattered throughout the Israeli defense network, and can be found in many different divisions and units throughout the IDF. These include the Computer Service Directorate and the legendary Unit 8200 (famous for its graduates, who are often successes in the startup world), which handles intelligence gathering. At the same time, both the Shin Bet and the Mossad have their own separate cyber capacities. Now, however, all of the IDF’s cyber activities will be consolidated under a single roof. It is even possible that this new roof will one day cover the cyber activities of the Shin Bet and the Mossad as well, to avoid redundancy. It is thought that the new cyber branch will be headed by an officer with the rank of major general.
“Unless a war breaks out, this is the most important decision that the current chief of staff will make during his entire tenure,” Al-Monitor was told June 16 by a senior military official who spoke on condition of anonymity. “It is a decision of historic proportions, underscoring how central cyberspace has become, not only in the wars of the future, but with what is happening now, too.”
Israel is a well-known cyber power. A National Cyber Bureau was created in the prime minister’s office in 2012; some 250 commercial cybersecurity companies operate in Israel, and the rate at which new startups in the field are created is among the highest in the world. Recently, the National Cyber Bureau released a startling statistic: Some 10% of all cyberspace transactions around the world involve Israeli companies. It is estimated that Israel commands about $6 billion in cyber transactions out of a total global sum of $50 billion per annum.
The former director of the Shin Bet, Yuval Diskin, started a cyber-tech company together with several other retired Shin Bet officers. So have many other senior officials in the defense establishment, including a commander of Unit 8200.
Haim Tomer, 59, who retired from the Mossad just over a year ago (after a much celebrated, 30-year career), is one of the cyber world’s brightest acquisitions of 2015. He already heads a major Israeli firm called Cyber-Sec, specializing in the development of cybersecurity solutions. Until only recently, Tomer was head of the Mossad’s Intelligence Division, and he also served as head of its Tevel Unit (responsible for liaisons with foreign governments and intelligence agencies). He agreed to speak with Al-Monitor about the topic.
"Over the past five years, cyber attacks between countries have become increasingly widespread," he says. "The most prominent examples of this include Russia’s attacks on the Baltic states. Government networks were attacked and damaged in that incident. Then there was an Iranian attack on a major Saudi oil company, which was so extensive that it completely paralyzed that country’s main computer system for 24 hours. There was the attack on Sony, attributed to the North Koreans, and a retaliatory attack against computer infrastructures in North Korea, allegedly by the Americans."
It is only natural that Tomer does not mention any attacks attributed to Israel, including the computer worm (Stuxnet), used to infiltrate Iran’s nuclear sites and damage their centrifuges, and the virus that infected hotels in Switzerland and Austria to collect information about the nuclear negotiations.
“More and more countries have cyber capabilities so highly developed that they can be described as state sponsored,” says Tomer. “The whole issue has become a matter of routine in the cyber world.”
According to him, "There are two areas in which cyber attacks operate. The first is intelligence-gathering. This means using Trojans to infiltrate computer operating systems, such as those used by a bank or the Pentagon. The Trojan is able to disguise itself as part of the system that it infiltrated, in order to open encrypted files and collect intelligence from them. The ability to do this has been around for at least a decade in countries with highly developed computer technology, including the United States, China, Russia, France and Israel, too."
"The advantage here," continues Tomer, "is the fact that there is very little friction and the risks are nonexistent. The defensive firewall of the site under attack should be able to identify the attacker and prevent it from hacking the system. The attacker has a big advantage, too, because the systems are vulnerable to hacking."
On cyber attacks, Tomer explains, "In addition to intelligence gathering, a new field of cyber attacks has developed. Today we can talk about the ability to shut down hospitals, and through that, to cause a loss of life. It is possible to shut down electrical systems. It is possible to attack national infrastructures. Israel’s Electric Company faces about 200 cyber attacks per day, some of them random, because Trojans have a life of their own and tend to skip from one network to the next. It is believed that countries like the United States or China have the capacity to develop the tools to launch strategic cyber attacks, which would paralyze their rivals’ civilian infrastructures. While Churchill and Hitler needed fleets of bombers and millions of tons of explosives to destroy cities, today, most cities are controlled and managed by computer systems. It is possible to turn off traffic lights, shut down electricity, disrupt control systems, interfere with hospitals and prevent systems from functioning properly. This is the battlefield of the future."
When asked if cyber attacks can also be used against military infrastructure and, for example, paralyze an enemy’s ability to fire rockets, Tomer responds, “Rocket systems are stupid systems, since they are not guided or operated by computer. That is their weakness, but it is also their advantage. When talking about a country like Iran, we are talking about computerized systems and sophisticated, computerized missiles. But rockets and missiles aren’t everything. Imagine penetrating the computerized system of some country and attacking its banking system. That can be used, for example, to prevent all civil servants from receiving their salaries. That is a strategic attack. It creates bedlam and causes enormous damage. That is where the world is heading now."
Tomer agrees with the assessments that Israel is a major cyber power. He confides that the deputy head of Germany’s National Council for Cyber Affairs told him just a few weeks ago that Israel is considered the global leader in the field of cybersecurity. "In terms of offense, I don’t believe that we are in the same league as the United States, China and Russia," he says. "I wouldn’t give us first place there — or second place either, for that matter. But when it comes to thinking up defensive solutions, we’ve been on top of the game for a long time. We also have a particular advantage that I call the 'Snowden effect.' What Edward Snowden revealed was that American intelligence agencies used the protocols of the leading American cyber firms to eavesdrop. This was a major blow to the attractiveness of American cybersecurity providers. Both Europe and Israel are benefiting from that."