The cyber technology market is not a bubble and it will continue to grow at a high rate," says Adi Dar, CEO of CyberBit, established by the Elbit Systems Group in one of the most surprising moves of the last year.
In a first exclusive interview granted to Israel Defense, Adi Dar reveals his company's strategy and primary products: CyberBit will target the civilian and government cyber technology market. At the same time, it will incorporate the activities of the division recently acquired from the Nice Company and activities transferred from various divisions within the Elbit Systems Group.
In addition to the establishment of CyberBit, Elbit Systems also established the new ISTAR Division – in charge of electro-optics, UAVs and tactical intelligence. The ISTAR Division, headed by Elad Aharonson, is based on the El-Op electro-optics company (an interview with Aharonson about the Division was published in the previous issue of Israel Defense). Adi Dar himself served as CEO of El-Op and the Intelligence Division in the context of the previous format at Elbit Systems, before he was appointed to head CyberBit.
Only just born, the CyberBit Company has already won (in October 2015) the Award for Competitive Strategy Innovation and Leadership in the Global Cyber Intelligence and Security Market from the prestigious research institute Frost & Sullivan. The institute ruled that the establishment of CyberBit and the acquisition of the cyber warfare and intelligence division of the Nice Company enable CyberBit to address an extensive range of clients in the various markets. The analysts of Frost & Sullivan regard the establishment of CyberBit as a unique strategic initiative that will substantially increase the company's market share among both defense/security and civilian clients, and would ensure it becomes a highly dominant player.
So what, in fact, were the objectives of the initiative involving the establishment of CyberBit? What is the function of the new company?
"The initiative was unique but not that complicated. We had identified more than a year ago that in the world of cyber technology, on the intelligence gathering side as well as on the defensive side, there is a massive growth. Only once in a long while something happens like the things that are happening these days. Something that is not just a buzz or a whim. We at Elbit Systems have decided to concentrate everything in one place: the development effort as well as the business aspect.
"We decided to add more assets that would help complete the picture, and that was the division we acquired from Nice. The objective is to produce a critical mass, we have almost 500 people involved in this activity. I am not sure there are many other organizations in Israel today who can concentrate so much energy in this field.
"That was how we took off in April 2015, and decided to take our assets in the defense field, that we had cultivated at Elbit over the years, and divert them to the civilian side. Almost all of our competitors had turned to the cyber technology field but most of them play on the defense/security, government playgrounds.
"It is not a commonly accepted practice in the world for a defense industry to come and attempt to bundle the entire package – defense and intelligence, put everything in one place and address the defense/security as well as the civilian markets. We are currently developing stand-alone, seemingly civilian products and direct them at exclusively civilian worlds – banks, energy and so forth."
Are you referring to services?
"No, I am referring to products – software products, mainly for monitoring SCADA networks, IP management networks and cyber management networks. We do not offer a firewall but a system that 'sits' on the SCADA networks and attempts to spot anomalies over the protocols. For example, if someone wants to disable the electrical grid, then the system will know how to spot the anomaly and block that attempt.
"Most of those companies select a niche for themselves, and they can be excellent at what they do. We focus on products. We opted for a highly diversified model of 'multi-everything'. It opens the entire world for us – both the defense/security world and the civilian world. We focus on the civilian field much more than on the defense/security field.
"The bank and energy sectors are the most mature sectors for this activity. The financial sector took quite a lot of strife and has the money to invest, and they are first in line to acquire protective measures. In the energy sector, too, they know they need protection and have the financing for it. Then come other sectors. Incidents like the Sony Pictures attack led everyone to realize that no one is immune. They will not always attack you for the money. Sometimes they will do it just to harm you. The market is huge and it is growing at a mind-boggling pace. We are talking about a market of US$ 70-80 billion."
There are those who claim that the massive investments in cyber technology are a kind of a bubble…
"I do not think so. Even those who think it is a bubble may be referring to the equity of the companies involved, but there is a huge market out there. All you have to do is look at the sales figures of companies like Check Point and even small start-up companies. You can argue about the equity, but it is an endless market. You can see this market everywhere."
So Elbit has entered this field because you were certain it is a strong and developing field?
"Certainly. You can see the growth rate. I am not an analyst but everything indicates that there is something big and powerful here.
"There is a major problem here that is not going to disappear. Every day we report a hack into some network – as they had in the USA with the hack into the records of the federal government.
"When a bank realizes that a billion dollars were stolen from a bank it will have no problem spending two million dollars on protection. The cyber threat is everywhere – in banks, in the medical field, it is the entire universe. I do not think there is any question about it by now, and I believe that we at Elbit were pioneers. Elbit initiated the move and acquired C4 long before that buzz began in the civilian field."
Comprehensive Intelligence Solution
How did you build CyberBit? How does it fit with the acquisition of the security division of Nice?
"The company is built along two main axes – protection and intelligence. Let's start with intelligence: here we offer a solution that I do not think any other company in the world can offer. There is an extensive range of sensors – some in the cyber technology world and some in the intelligence world, all the way to debriefing/analysis systems.
"The sensors 'sit' on the probes (the 'pipeline') and can accomplish quite a lot in the realm of OsInt (Open Source Intelligence). You realize that the intelligence world leans more and more toward the Web. Even the dilemmas faced by the Israel Police or by other organizations in Israel.
"Most of our activity today involves federal police forces that have the mandate to legally monitor all of those materials, like OsInt.
"We have to cope with a mass here. Coping with the Web is much more complex than coping with the telephones. Eventually, it is your ability to harvest, to handle multilingual tasks and gain insights from the social media. It is inconceivable in terms of the amounts of information and the dynamics. You cannot expect to have someone monitoring every person who posts something on Facebook. You need a machine capable of generating alerts and understanding moods based on what it scans on the Web. Will there be a major demonstration or not? Eventually, the machine should be able, at a specific point, to neutralize someone who had decided to take action. It is an awesome world and I think that now it begins to receive the importance it deserves.
"The primary asset we acquired with the division of the Nice Company, Target, is the desktop of the SigInt analyst. Today, most of the intelligence collected consists of data. As a SigInt analyst today, you look at a target and want to contain all of the information it generates – what have you just done on the Web? What SMS messages have you sent? What is your location?
"You monitor three display screens on which you can see the entire communication activity. What sets this system apart is the fact that it delivers everything together.
"On top of the Target system sits our analysis system, WIT – which collects all of the sources of information. It is an analytical system. Up to this point you have the SigInt elements, from this point on you have the analysis elements."
Where is the technological gap in this intelligence collection system?
"I do not think there are many gaps. A mad 'arms race' is under way for the civilian market. The amount of applications and changes in the civilian market is endless. All of the companies are racing madly to close the gap and catch up. I must adapt myself to the new technological situation."
Can you spot incidents before they take place using such systems? For example, public gatherings organized through the social media?
"That is possible only in the world of OsInt (Open Source Intelligence). In this world you can claim to be able to identify major events, but I am not sure anyone can identify things with 99% certainty. This is another niche that will develop in the future. In my opinion, the main thing here is our race to try and provide a solution capable of handling any new world that emerges, be it a social medium, a new kind of telephone or a new computer."
Who is winning this race?
"I do not think there is a single winner. I think that the world of sensors offers tremendous variety. At any given moment there is someone who has the upper hand, for each sensor individually. With some of the things we are global leaders and with other things we are not. These worlds of the Target and WIT systems are worlds of organizations capable of providing long-term solutions for storage of information – what we call heavy duty systems. In these worlds I believe that we are, today, one of the two world leaders – we and the Verint Company."
CyberBit invests not just in the intelligence collection activity but also in protection for systems, Dar explains. "In the context of the protective activity we develop civilian technologies," he tells us. "In this world we focus on the segment known as the protection segment. The protection world is structured like the layers of an onion. The first layer is the perimeter, let's call it the firewall. It is like a perimeter fence. A lower and deeper layer is the data – the information is the asset deep within. And then there are the other layers whose objective is the world of detection (the second and third layers). This world believes that 'we will certainly be penetrated and the best thing to do is work quickly in order to respond and clean up the organization'."
Is it similar to an identification layer?
"Yes, it is an identification layer but it is deployed within the organization. The basic assumption of the cyber warfare world today is that a perimeter defense will not do the job, so the important thing is prompt detection and identification. You can delay, you will be able to catch some of the parties attempting to penetrate, but eventually someone will manage to penetrate your network. Once you have reached this assumption, you have to deal with it as quickly as possible and minimize the damage to the organization to nearly zero. This is the fastest growing segment of the market today – the net-work layer and the net-point layer.
"We deploy an 'agent' in every server, in every end station, in every router, in anything. That agent sits under the operating system and reports all of the events that take place in that end point. For example, if a code is injected in that end point, you should know you have a problem and you have to deal with it. This identifies anomalies at the end-point level and reports back to the Big Data. Here we employ a kind of algorithm at the pattern identification level. All of this is intended to deal with a worm that advances from one computer to another. We are trying to accomplish the negative of the 'horse'. Here is where those 'serious' cyber warfare researchers come into the picture. They receive the incident and run forensic tests on our system. We know how to provide the scores and say that we have something here. I do not see anyone who would be smart enough to solve all of the problems of the universe. That is our core system. It is super essential. It is called the 'Cyber-Shield'."
Does this system require adaptation as to whether it is used by an electrical company or by a bank?
"In the end, it is all very simple. You sell a license for an end station, for a backroom station. It is a software product. If you have 500 workstations, I will give you 500 licenses."
Who does the control? You?
"In most places it is not us. The organization itself will handle it."
Are your products intended for smaller organizations?
"We aim for large and intermediate size organizations. It is highly suitable for organizations of 300 employees or more."
Where do you draw the line between the intelligence collection activity in this context and the activity Elbit's ISTAR division?
"Elbit's ISTAR division is concerned more with tactical intelligence – for generating targets and closing fire circles. Here it is strategic intelligence. WIT is about data. We do not sell this product to armed forces, we are not looking for tactical intelligence. You will not find us selling our product to the Air Force. If a hotel chain from one country or another shows an interest – we will be happy to sell our product to that chain."
So the difference is in the application? Or in the concept itself?
"In that case it is about military warfare, systems for the tactical battlefield. CyberBit is a company that does not play with anything physical – it is all about software, primarily SigInt intelligence collection – that is the difference. The difference is in the substance, but we are also a 100% Elbit Systems subsidiary."
Do you have access to the technologies of other members of the group, like Elisra?
"We do have access. The direction is, first and foremost, for this organization, especially with regard to the cyber security activity, to be an element of the Elbit Systems Group. A part of our concept is that eventually, Elbit is a C5I company. Everything is about C5I and everything needs protection. There is no other way.
"The objective is eventually to take all of the assets that we have here and the highly unique technological understanding that we accumulated and direct them to two activities: to provide unique, state-of-the-art protective solutions that rely extensively on technology, and in addition to develop infrastructures in the civilian market, which is hungry for solutions. It is a fact that we have strong assets and a foundation based on proven operational experience with super-critical systems. We are working on a solution that will maximize our advantages."
Do these systems provide information about whatever staged the attack against you?
"Yes. I know what attacked me and I deal with it. We know how to identify where the 'horse' is in all of the workstations, how to block things, disconnect and clean. This process is known as mitigation and response. The system enters the picture from the moment of detection all the way to cleanup. It provides the users with management and control tools that enable them to contain the incident and then handle it. In some cases, such handling will require removal and reinstallation.
"This system is a sort of C3 system for the cyber world. It receives everything from everywhere, understands the incident and issues commands. Most of the management tools are not ours – they are IT tools. We employ them to do things. We are not even close to claiming that we can do everything."
Do you believe in the civilian market? Are you expecting a breakthrough?
"Yes, we believe very strongly in it. It looks for things that are slightly different – like different working methods. Without a doubt, the cyber world is based extensively on branding. We want to develop a leading global brand."