IAI decided to establish a new cyber division as part of their ELTA Systems subsidiary. Heading this division is Esti Peshin, and it has recently been awarded two major projects overseas, one in Asia and the other in South America. The project in South America is estimated at US$ 50 million and includes the establishment of a national CERT. Among other things, ELTA Systems' cyber division is also competing for a major cyber project in Argentina.
Another activity Peshin has led vis-à-vis the Ministry of Economy, is the establishment of 3IC – an Israeli cyber group. IAI leads this group, which combines the capabilities of several Israeli cyber companies under one roof. The members of the group include such companies as Check Point, Verint, Bynet, ECI, Cyber-X, and ClearSky, along with recent newcomers CyberArk, BGProject and Safebreach.
To better understand the challenges facing a government company selling cyber solutions to other governments, I went out to interview the management team of ELTA Systems' cyber division. Seated around the table were Esti Peshin – GM of ELTA Systems' cyber division; Camilla Edri – Head of IAI's Cyber Projects Administration; David Teuri – Head of IAI's Cyber Intelligence Systems Administration and Moti Har-Lev – Head of the Marketing Administration at IAI's cyber division.
Building a State's Cyber Infrastructure
"We come from the world of integration of sensors and intelligence, so cyber is a natural extension of that activity," explains Edri. "Initially, we were a part of the 'Ma'alot' plant, and subsequently became an independent plant. One of the reasons for it is the fact that IAI has realized that cyber is a strategic field of activity which is expected to grow in the coming years.
"Most of the sales of the cyber division involve cybersecurity systems for state/government organizations, like the project in South America. The process begins with the development of a strategy in cooperation with the client, understanding the needs and the capabilities that are unique to that country, and eventually – the actual implementation. It is important to stress that in the context of the latest projects, IAI does not actually operate the CERT or SOC. It only helps the client establish these facilities, and the client will subsequently operate them on his own.
"When you travel around the world and meet with government organizations, you will come across a diverse range of situations. Some countries write their own documents but do not know how to actually implement them. Others have not yet consolidated their needs. One of the things that is typical of almost all states is the establishment of a CERT. Even if it is not entirely clear which element within the government is responsible for the field of cyber, we see a desire to establish a CERT so that it may constitute a focal point for cyber knowledge.
"We may enter the picture at any stage – whether we have to formulate the strategy and methodology documents or when such documents are already available and we have to translate them into an actual cybersecurity layout. In some places we find illegitimate operating systems and public domain firewalls downloaded free of charge from the Internet. In some cases, the cyber effort is divided among different government ministries and agencies. In some countries, the cyber activity is the responsibility of the ministry of defense, the internal security ministry or the ministry of communications. In other countries, cyber is the responsibility of an external consultant, and some countries have not decided yet, and the responsibility shifts between ministries every year. The variance between states is substantial. This is the challenge involved in the supply of cybersecurity solutions to the government sector."
Despite the fact that the cyber division is located at ELTA, one of the activities where a clear distinction is made between the world of physical Radars and intelligence systems and the world of cyber is marketing. How do you sell to a client a product that you deliver through email?
"Cyber is not measurable like Radars, in decibels or nanoseconds," explains Har-Lev. "On the other hand, if you manage to prevent a cyber-attack you will save the organization millions of dollars.
"In cyber, owing to the fact that the product is less measurable than a Radar, the marketing effort is based on your ability to convey a reliable message to the client. That is the challenge facing you – how to convey a sufficiently reliable message, so that the client will believe you more than he believes your competitor. One of the rules is to never let anyone catch you telling a lie. After you have established trust with the client, it will become easier. One must bear in mind that a government client does not replace a cyber supplier every day. These are long-term business relations that include on-going support.
"One of our clients once told me: 'You are a company owned by IMOD and the Government of Israel, so as the transaction is finalized between countries, I guess you are not going to harm your owners.' That is yet another example of the reliability aspect."
The Seal of Approval
At IAI they stress that although Israel abounds with cyber companies (according to some estimates, at least 500 startup companies are currently active in this field), not all of them are excellent. "There are quite a few mediocre companies," they say at IAI. "One of the reasons for it is an inflation of investors. When an investor spots a sale or a public offering of a company, he will invest in multiple startup companies with the intention of cashing in and making a fast profit. This produces many mediocre companies. When you sell a solution to a government organization, that organization wants to know that you are installing a security setup that will work opposite attacks by other countries."
Edri explains that some clients issue an RFP and specify the products they want, including specific suppliers. Others make their purchases according to recommendations by Gartner Consulting. "We are not committed to any specific products," says Edri. "For example, in the banking world, we offer the product by TrapX of Israel, as it was approved by Swift (an organization responsible for money transfers between banks around the world). Everything is done on a case-by-case basis. It is a part of our added value – to offer unique solutions that are specifically adapted to the client."
Peshin adds that one of the missions of the cyber division is to review solutions and determine what works and what does not. "We serve as a 'seal of approval' of sorts for our clients before the product is installed," says Peshin. "The entrance barriers in cyber are very low for niche solutions, like those that monitor the activity of social media or search for irregular behavior. Most of the companies in Israel do not develop the next antivirus software.
"If a government client plans to purchase a security system, they should better ask themselves who they are buying from. As far as the other aspect – that of cyber intelligence and attack systems – is concerned, there are additional considerations. These systems tend to be exposed. When it happens, it will become a matter of public knowledge that you had been spying and you would lose your spying capabilities. For some parties, the knowledge that they had been spying is more of a problem while for others the fact that their capabilities were compromised is the main problem. Clients always take such considerations into account all the time.
"Cyber is a saturated market worldwide. There are good players and not-so-good players. Your potential is differentiated by your credibility, by the long-term endurance of your solutions and by your ability to cope with changes. Consequently, when a solution by IAI is placed on the table alongside a solution by a startup company, the considerations do not always revolve around the actual capabilities. Some state-level players want to know who stands behind the solution."
In the cyber intelligence category, IAI develops products for intelligence collection in the social media, cloud computing services, cellular communication and WiFi networks. Some of the solutions are being developed by companies in which IAI is an investor in Singapore, Switzerland, the Netherlands, and Hungary. "It is by no means a simple task finding the right people to develop the tools," explains Teuri. "A part of our agenda is to cooperate with other companies in Israel and overseas, join forces and combine our capabilities. Another effort is invested in personnel training. We offer internal training courses to our employees and have recently launched the Company's first ever cyber cadet course as part of the recruitment of new employees for our cyber division.
"Cyber intelligence systems are smaller, as far as the financial scope is concerned, than military intelligence systems, but there are more organizations, worldwide, we can sell them to. We operate mainly opposite such government organizations as armed forces, intelligence agencies and internal security organizations, and less opposite commercial organizations. Still, the competition is substantial. Cyber intelligence is a dominant trend at the moment, and it produces inflation."
Another aspect of the competitiveness in the cyber field is the independent development of cyber products by various states. At IAI they explain that in most countries, the state invests in independent cyber development. "We have to compete against that, too," says Peshin.
"Along with the independent development and the competition against other companies from around the world, regulation is tightening and constitutes yet another challenge. Today, cyberspace is a 'Wild West' of sorts, and states around the world understand that it must not remain as it is today. The absence of regulation is a situation that harms not just the services of the state, but private users as well. Regulation will compel suppliers of national-level solutions to adapt their solutions and accept close supervision. We are aiming for such solutions. Just as not all of the world's states are capable of manufacturing missiles or satellites, so not all of the world's states will be able to come up with cyber solutions at the national level subject to regulation.
"Being a player at the national level is more than just developing a cool code. You need technology that provides protection against states, infrastructure for cooperation, on-going innovation and methodology, in short – the capabilities of a state. These are the things that an organization like IAI knows how to do. There are less than 12 players, worldwide, who can offer cyber solutions at the national level – we are one of them."