Home / Blogs

Spymaster Sees Israel As World Cyberwar Leader

Reuters reports from the Institute for National Security Studies (INSS), a Tel Aviv University think tank, where Major General Amos Yadlin, IDF chief of military intelligence, spoke:

In a policy address, Major-General Amos Yadlin, chief of military intelligence, listed vulnerability to hacking among national threats that also included the Iranian nuclear project, Syria and Islamist guerrillas along the Jewish state’s borders.

Yadlin said Israeli armed forces had the means to provide network security and launch cyber attacks of their own.

He further said, as mentioned in this Israeli publication, that other countries, such as the United States and Great Britain, are establishing units for cyber defense, and that Israel has soldiers and officers on the job.

In fact, just today I heard a lecture by the director of the CIA who, as is general United States policy, places cyber security on the map when discussing issues such as proliferation of nuclear weapons and international terrorism.

HaAretz, an Israeli newspaper, quotes Major-General Yaldin as saying:

“Fighting in the cyber dimension is as significant as the introduction of fighting in the aerial dimension in the early 20th century.” (my translation)

If this statement is to be believed, Israel is active in cyberspace. And yet, why would Israel admit that, regardless of if it really happens?

One option is that Israel decided it needs to show that its military is on par with other militaries around the world.

“Preserving the lead in this field is especially important given the dizzying pace of change,” Yadlin said.

On the surface, disclosing cyber space activity, which your enemies can develop as well, or push to develop more of, seems silly.

After all, Major-General Yadlin said:

“Cyberspace grants small countries and individuals a power that was heretofore the preserve of great states,”

As Israel, much like the Western world, is very advanced technologically, it is more reliant on computers than many of its enemies and neighbors, and is therefore more at risk from potential cyber attacks. With attacks against Israel’s internet presence these last few years, it may not be a silly idea after all.

With the world becoming more aware of threats to computer systems, investment in cyber security rising and more and more security incidents being disclosed; countries around the globe invest in cyber capabilities. Indeed, Israel too, which has been under internet attacks for years, needs to buckle up and do more to combat the threats.

Major-General Yadlin also mentioned cyber attacks fit well with Israel’s doctrine for military offensives (mistranslated below as defense). This bit is tricky, and I will try and read between the lines.

“I would like to point out in this esteemed forum that the cyberwarfare field fits well with the state of Israel’s defense doctrine,”

While Major-General Yadlin in all probability meant something along the lines of being bold and staying ahead of the curve, as in the same sentence he also spoke of Israeli youth and innovation, mentioning how Israel is often referred to as the “start-up country”:

“This is an enterprise that is entirely blue and white (Israeli) and does not rely on foreign assistance or technology. It is a field that is very well known to young Israelis, in a country that was recently crowned a ‘start-up nation’.”

It is possible, although unlikely, that he meant to indeed discuss Israel’s defense doctrine, thus possibly speaking about deterrence in cyberspace.

Deterrence is an integral part of Israel’s defense doctrine, with the goal, in broad lines, of widening the window between inevitable Arab attacks by a strong response, some would say a disproportionate one, which will score a quick and decisive victory. Hopefully deterring them from attacking again. This strategy has roots in Israel’s history all the way back to Ben Gurion’s time and the formation of Israel.

Deterrence on the Internet, however, is mostly nonsense. This due to inability to identify who it is actually attacking you, and then if somehow successful, if it is really them or if their computer has been taken over by yet another attacker. Is someone trying to frame another as your attacker? Is your attacker even a nation-state to begin with, rather than an organization that doesn’t care about retaliation?

On the internet, you may know who your enemies are rivals are, but you may never find out who is attacking you. The Internet is perfect for plausible deniability.

If this was the thinking behind the announcement, which I’d like to think is not the case, then the strategy was copied from the United States where this silliness has been going on now for a few years. The US strategic experts have been using Mutual Deterrence (or MAD, Mutually Assured Destruction) for over 70 years now, and feel comfortable with it. Therefore, when they needed to tackle the cyber realm, they immediately started pushing for a deterrence strategy even though cyber experts have been warning about it continually.

Deterrence for the most part, doesn’t work online. It is my hope Israel does not repeat the American mistake on this matter and that I am right, and Major-General Yaldin was only speaking of Israel’s spirit, where commanding officers lead the charge rather than wait behind.

From a completely different perspective, cyber warfare has been recognized as a strategic weapon on par with weapons of mass destruction for at least two decades. Israel does not admit strategic capabilities such as Nuclear Weapons, if it has them. Should it admit cyber capabilities?

“The potential exists here for applying force ... capable of compromising the military controls and the economic functions of countries, without the limitations of range and location.”

While cyberspace is certainly strategic, the analogy to nuclear weapons is relatively weak.

There are obvious differences between the nuclear world and the cyber world, such as with tactical cyber uses of a very targeted nature—without collateral damage, and in international law governing the proliferation of nuclear arms, while the cyber realm is in its infancy. In fact, the United States, Russia and the United Nations arms control committee are as I write these lines engaged in early discussions on securing cyberspace, and limiting military use of this realm.

When I first heard of the speech by Major-General Yaldin, I was highly disappointed with Israel for taking this route of public disclosure. Now, I am not so sure.

Disclosing that Israel is ready to defend itself and potentially engage its enemies in cyberspace right along-side the physical world, certainly has merit considering recent world events such as the attacks against Estonia and Georgia. I am just left wondering if this indeed discloses a real capability, or is just public relations.

I can personally attest from my years of defending Israel’s internet, that Israel is under constant attack in cyberspace, and this intensifies whenever political tensions mount.

“At times it would seem,” said Major-General Yaldin, “that our enemies would like to give a special award to Western companies whose products can be bought off-the-shelf at a reasonable price.” (my translation)

Regardless, putting cyber security on the agenda along-side with Iranian nuclear weapons, Syria and Islamist guerrillas, is a step in the right direction to defending against the threats of cyberspace.

By Gadi Evron, Security Strategist

Filed Under

Comments

Israel as world cyberwar leader? Not true. Joe Baptista  –  Dec 29, 2009 10:33 PM

To claim Israel is a world cyberwar leader is nonsense. Like the U.S. and many other countries they are way behind the established leaders in cyberwar. I speak of the Chinese.

Joe, you bring up a very good Gadi Evron  –  Dec 30, 2009 12:02 AM

Joe, you bring up a very good point. China may be a world cyber power, we simply don't know. Most of the information we have is complete b/s and hype in the news media picked up and recirculated by experts. Russia without a doubt is, along with other Western powers. I am unsure if Israel is, or isn't, but we are not likely to find out, unless a leak on the scale of what happened in Germany happens.

I agree with you Gadi most of Joe Baptista  –  Dec 30, 2009 6:29 PM

I agree with you Gadi most of the information we get is indeed b/s and hype with a generous spin added for good measure.

However in the case of China we do have proof they are the worlds leading cyberwar experts. Being a cyber power has little to do with initiating attacks and everything to do with protecting national infrastructure against attack. Any snotty nosed hacker kid can initiate a cyberwar attack as good as or even better then the ones launched by governments.

But how many nations can protect themselves against such an attack? Certainly not the U.S. The same applies to Russia. China however is in a very special position to protect itself.

The great firewall of China is one such example. It not only protects the citizens of China from surfing to forbidden places - it also protects China from external attack. If there is a threat to national infrastructure they simply shut down access to their internal Internet. Neither the U.S. nor Russia can make that claim.

Another example is the Chinese National DNS service. They don’t depend on ICANN to resolve their TLDs. In fact the only Chinese TLD ICANN lists is .cn. There are about three or more TLDs in China that can only be accessed in China. While most of the world depends on ICANN the Chinese are completely independent from them.

These are only two examples of their cyber readiness for attack. I am sure there are more in place.

Now as for the ability to use cyberwar to attack others I have no doubt that China, Israel, the U.S. and Russia are on an equal footing with the snotty nosed hacker kid. But thats the standard state of affairs and not the exception.

kindest regards
joe baptista

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign