Israel’s online security czars: an inside view

The sylvan surroundings which once housed the historic Heftziba Farm that was lined with orchards, are now home to the largest supplier of electricity to Israel. Intriguingly, this huge campus that belongs to Israel Electric Corp. (IEC) also hosts another firm called CyberGym, which is partly owned by IEC but does not sell products or services that have any apparent synergy with the electricity sector.

However, there is a very strong connection between IEC and CyberGym, an online security firm comprising cybersecurity experts. It was set up in 2013 to counter the “countless cyber-attacks that IEC was facing at the time", Ofir Hason, chief executive officer and co-founder of CyberGym, told a group of select mediapersons during a visit to this facility in the last week of January.

Electricity companies such as IEC are increasingly using “smart grids"—computer-based remote control and automation—to deliver electricity to homes. This allows for real-time prediction, monitoring and control of potential failures, automatic isolation and self-healing of communication and electricity networks. They are also prime targets for hackers. A case in point is that of a Russian hacker group called Sandworm, which attacked the Ukrainian power grid in December 2015, disrupting power to more than 225,000 customers.

The white building consists of a team of Nisa veterans, who act as mentors and coordinate between the blue and red teams.

Cyberattacks on smart grids also explain why CyberGym is owned jointly by the $7.7 billion (around Rs49,440 crore) electric company and Cyber Control, Israel’s leading cybersecurity consultancy. The latter was established by former security experts from the National Information Security Authority (Nisa).

“CyberGym started as a basic facility to help IEC employees to get into a geek fight against real hackers using real technology," Hason explained. The company goes about the task of training freshers, mid- and senior-level managers and senior executives by holding sessions in three buildings that are coloured blue, red and white, to symbolize the work they do.

Colour-coded defence

The red building comprises a team of experienced hackers from the elite Unit 8200, the cyber-intelligence unit of the Israel Defence Forces (IDF), and veterans of other cyber-defence organizations. Hason himself is a graduate of Unit 8200, and also the former head of the Israel Shin Bet security agency’s cyber unit. The high-tech Unit 8200 is considered to be the local equivalent of the US National Security Agency (NSA).

The blue building houses a team of “defenders" comprising cross-organizational technical and non-technical employees. Their goal is to protect the critical assets of their organization while minimizing the damage.

The red team executes “real-world cyber-attacks" on the blue team’s “environment" in a bid to challenge the trainees, according to Hason. They attempt to attack national infrastructure (airports, roads, power plants, water facilities and trains, etc.), IT systems, factories and equipment.

The red building resembles a small-sized factory with industrial and IT equipment. It has boilers, servers, network intrusion detection software, programmable logic controllers (PLCs), firewalls for supervisory control and data acquisition (Scada) control systems and human-machine interfaces (HMIs).

To replicate the banking, financial services and insurance (BFSI) sector environment, CyberGym has “an ATM that helps us simulate, in part, the workings of a bank", Hason said. He insisted, though, that CyberGym’s “hackers do not attack real-world installations" but only use these models to understand the workings of a real-world scenario.

The third building is white and consists of a team that has Nisa veterans. They act as mentors, manage the training sessions, and coordinate between the blue and red teams.

The training is typically spread over two days for senior executives, while mid-level managers are trained for three-five days. “We have a lot of training (about a week long) for freshers too in all aspects of cybersecurity," Hason said. The training costs $100,000-300,000.

“Effective training is much better than putting a firewall in your company. Simply installing software to protect your assets will not help much. You must train employees to protect the assets. We provide companies, critical infrastructure organizations and government agencies with the right experience just before the real cyberattack," Hason explained.

Hason claimed CyberGym had “trained 3,000 people already from across the world". Over the last five years, Hason has expanded CyberGym’s reach, with units in Portugal, the Czech Republic, Lithuania and Australia. He plans to expand in the near future to North America and Asia. “We hope we will make inroads in India sometime in 2019," he added.

Other than CyberGym, Israel is well known for having spawned a number of cybersecurity firms over the years. Notable among these is the Nasdaq-listed Check Point Software Technologies Ltd. Its co-founder , Gil Shwed, is considered the inventor of the modern firewall.

Team8, another Israeli company, was founded by veterans from Unit 8200. Nadav Zafrir, the co-founder and CEO of Team 8, was, in fact, the commander of Unit 8200, as well as the founder of the IDF cyber command. Udi Mokady, the founder, chairman and CEO of CyberArk, too, was a member of Unit 8200.

The next wave

“In 2017, cyberattacks made it to the top of CEOs’ concerns, and it is the inflection point in the world of cybersecurity," said Shwed during his presentation at the Cybertech event held in Tel Aviv on 29 January.

“Today we encounter the fifth generation of attacks, with combined viruses, as the mobile environment is challenging. Hackers today do not use amateur technology. The next generation of protection, the sixth generation, will be nano agents to control the connections, a small, open-source software," he added.

At the same event, Zafrir agreed that cyber threats have “become much more imminent. One of the reasons is the world becoming much more connected, enhancing the hackers’ capacity." John Delk, chief product officer and general manager, security product group Micro Focus International Plc., likened enterprise security to “3D chess". “Users, applications and data are the players. As new vulnerabilities arise, we must solve the security issues and encrypt information. The arena forces us to protect all three layers, pervasive across all aspects of enterprise. Data management is the most important to protect all three," he said.

Israeli cybersecurity experts consider Iran to be their main opponent in cyberspace. “The Iranian nuclear threat is a future threat, but the Iranian cyber threat is an immediate threat, and Israel’s civil infrastructure in Israel is exposed and vulnerable. Eleven Revolutionary Guard strike groups attack Israeli nuclear researchers and civilian infrastructure on a daily basis," Jerusalem Venture Partners (JVP) founder and chairman Erel N. Margalit noted during his address.