Rafael has been involved in cyber defense for the past 15 years, but the Company has been developing commercial cyber defense products and services only during the last two years. “One of our primary challenges was deciding what added value we should offer our clients,” explains Ariel Karo, Head of Intelligence & Cyber Systems at Rafael. “For example, we are required to defend the Iron Dome system. It is a highly complex system calling for a unique cyber defense solution. It is a real-time system and even if a single process dysfunctions, people will be in danger. We excel at solutions of this type.”
Karo and Michael, another representative of Rafael’s Intelligence & Cyber Systems Administration, list three advantages Rafael enjoys. The first advantage stems from Rafael’s need, as a defense industry, to defend itself. Over the years, they have developed cyber defense solutions for their own infrastructures and for such systems as the Iron Dome. The second advantage stems from the fact that Rafael constitutes a national R&D laboratory in certain fields. The third advantage stems from Rafael’s unique ability to connect the cybernetic world with the physical world – an advantage other companies that hail from the IT world do not possess.
“We are entering the field of defending industrial infrastructures by offering cyber defense solutions for SCADA-based environments,” explains Karo. “Unlike classic information security companies whose starting point is the IT world, we are familiar with the physical world as well. This enables us to create cyber defense solutions – as opposed to cyber security solutions.”
One manifestation of the explanations provided by Karo and Michael may be found in the “Information Grid” system by mPrest – a Rafael subsidiary which also develops the C3 system for the Iron Dome. The system was launched last November, having been developed in cooperation with the Israel Electric Corporation at Karat – the IEC’s Technological Idea Development Incubator. The system manages multiple databases of the security systems within the organization and offers enhanced command and control of the various elements of the electrical power network.
If you stop to think about it, a C3 system for managing the energy infrastructure is the first defensive circle – understanding what’s going on in your own network. Additional defensive layers may be erected on top of the foundation provided by the C3 system, like irregular behavior analysis, threshold checks and other layers. As Karo stated, a good C3 system is also based on familiarity with the physics of the elements it manages.
“Eventually, physical laws are generic. If you understand how a specific content world behaves, you will be able to make the analogy to another world. There are not too many IT companies out there that possess the interdisciplinary knowledge Rafael possesses,” explains Karo.
“Rafael also specializes in the development of algorithms. If you need to steer an Iron Dome interceptor to the target, you will require algorithms of a very high standard. It is a whole world of algorithm specialists that you will not find at classic information security companies.
“One should bear in mind that most (cyber) attackers, most hackers, hail from the IT world. Most of them do not understand physics as well as we do at Rafael. This gives us the advantage of being able to ‘see’ things that others do not see. We can provide solutions to focused attacks where the existing solutions cannot provide the answer. These are the attacks where the display screens of the controllers will show that everything is OK, while in fact the infrastructure elements will be doing other things. We can provide a solution where even if the hacker managed to access a physical controller, he would not be able to cause any damage.”
Defending Weapon Systems in Cyberspace
Another field of activity Rafael aims for is defending proprietary applications developed by the organization. Owing to the fact that the applications in question are not very common, the existing defensive solutions do not provide the answer, and in-depth understanding of the application environment is required in order to defend it effectively. “We are extensively engaged in development, so we know how to tailor-design a solution for a proprietary application. This activity involves major clients where the damage potential is substantial,” they explain at Rafael. “This is a holistic defense concept. We analyze how the attacker will operate, and develop a unique defense solution.”
Along with defense for SCADA systems, there are other fields where clients seek defensive solutions, including APT attacks, defense for the critical infrastructures of a state and defense for weapon systems.
The systems in question are highly sensitive. Will a foreign country be willing to allow an Israeli defense contractor to secure them?
“We cooperate with local companies,” explains Karo. “No country will allow a foreign company, Israeli or not, to access sensitive systems. It is almost a conditioned reflex. We call it ‘Glocal’ – a global activity based on cooperation with local companies. We have several such initiatives around the world. These are real-time systems with multiple variables. As far as cyber defense is concerned – it is a major challenge. If you do not understand how such systems work, you will have a hard time developing cyber defense solutions for them.”
The people at Rafael explain that cyber warfare and electronic warfare have a common ground, but not every EW element is a cyber warfare element – and vice versa. “When you launch an electron bombardment – that is not cyber warfare,” explains Michael. “Cyber warfare attacks involve everything associated with disrupting or sidetracking the operation of a component using software means. In other words, (cyber defense means) defending weapon systems against attempts to damage them using software. One should bear in mind that both EW and cyber warfare measures may be employed against some threats.
“In the EW world, you can disrupt the functioning of a sensor by saturating it using physical means. You lead it to a state where it can no longer receive information. Another option is to attack the sensor’s software. At Rafael’s Intelligence & Cyber Systems Administration, we deal with the cyber warfare aspect.”
Unlike threats that stem from technology, another equally lethal threat category is the one that stems from humans. The case of Edward Snowden, who leaked the secrets of the NSA, is a notable example. The case of Anat Kamm in Israel is another example. “When you provide cyber defense for a system, you do it from the operator level down to the bit level,” says Karo. “Some of the solutions we provide to our clients are operating doctrines rather than technology. Such solutions include recommendations for the proper use of the systems, how to implement authorization mechanisms, how to control access to classified areas and various other aspects we at Rafael deal with on a daily basis.
“Another aspect is data integrity. If a network command should be sent from component X to component Y, we must ensure that no element along the way will be able to alter it, either intentionally or accidentally. A scenario where a command is altered on the way to its destination can have catastrophic results. Think of UAVs, missiles or other autonomous systems. As far as weapon systems are concerned, the question of whether the command is genuine is critical.”
While defense industries like Rafael, in Israel and around the world, are entering the cyber defense service market as a new growth engine, the question arises whether cyber defense is also becoming a differentiating factor in weapon system sales. In a scenario where a state considers two missile defense systems – can cyber defense act as a tie breaker? “We are not there yet,” says Karo. “Admittedly, clients are more aware of the cyber defense standards of weapon systems, and some of them even demand this as a mandatory prerequisite, but performance is still the name of the game. At the same time, when cyber defense does become a differentiating factor between products, the increase in demand will be exponential – not linear.
Although the people at Rafael are very careful about not being conceived as a competitor of such classic information security companies as Kaspersky Labs, Symantec, Trend Micro or McAfee, it is hard to imagine a future that does not include competition between those companies over the same tenders and clients.
“I think that in the future we will see such competition,” says Karo. “In the business world there are two opposing trends. The first is fragmentation. You can see that in the number of start-up companies being established. The second, opposing trend is amalgamation. You see larger companies buying smaller companies. This leads the market to a state of polarization. At one end you will find the start-up companies, developing new products and features, and at the other end you will find the major corporations, offering holistic solutions.
“Consequently, in the realm of the larger companies, we can expect competition between defense industries and classic information security companies. At the same time, competition is a healthy mechanism, and Israeli defense industries have nothing to be ashamed of on the international market. We have excellent solutions.”