"Quite a few Terrorists lost their lives owing to Big Data"

A first-ever interview with the Head of the Information Technology Division of ISA, Ronen Horowitz, upon his retirement. How intelligence information is utilized in the era of the Internet, cellular telephones and social networks? Exclusive

The crowning achievement of ISA (Israel Security Agency) during the operation in the Gaza Strip in the summer of 2014 were the targeted killings. Following a 5-day ceasefire that ended on August 10, several senior Hamas leaders were eliminated one after the other. This effort included a direct hit on a house where the head of Hamas' military wing, Mohammed Deif, was supposed to be present at the time.

The bodies of Deif's wife and son were extricated from the rubble, but the fate of the Hamas leader himself remains unknown even weeks after the operation. Another issue that remains untold are the methods of operation of ISA, which succeeded, while executing the missions assigned to it in the context of Operation Protective Edge, to successfully complete the hunt for all of the terrorists involved in the kidnapping and murdering of the three Israeli youngsters from Gush-Etzion near Jerusalem last June. The hunt for those murderers took no less than three months.

An exclusive interview granted to Israel Defense by Ronen Horowitz, the Head of the Information Technology Division of ISA, provides a rare glimpse (at least to the extent that may be revealed) at one of the least familiar aspects of counterintelligence work: advanced information technology methods enabling the mining of significant bits of intelligence from the infinite ocean of information that flows in the present era through countless cellular telephones, computers, wireless communication channels, WhatsApp messages and even encrypted messages exchanged through social networks.

This is Horowitz's first-ever public interview. He completed his term in office in October 2014. So far, his activity has been taking place only behind the shadows of the national defense system. Even his name was a secret. Horowitz was awarded several prizes during his career, including the Israel Security Prize. Following his retirement he has taken up a position in the private sector as head of technologies at the credit company Visa CAL.

During Operation Protective Edge, in addition to the offensive operations, did ISA also deal with cyber warfare attacks by Hamas or by such parties as Iran and Hezbollah?

"There were all sorts of cyber warfare attacks against Israel," says the retiring head of ISA's IT Division. "ISA itself has an external Internet website, and if anyone attacks us we know how to shut the website down and deal with it. Sometimes we shut down the website at our own initiative. Unlike the external website, which we have no problem in shutting down as required, the internal systems of ISA are heavily secured."

Prior to his retirement, Ronen Horowitz had served in the ISA for 26 continuous years. He started out in the intelligence world, as an Academic Reservist who had studied computer engineering, and enlisted with Israel's primary SigInt unit – Unit 8200 of the IDF Intelligence Directorate.

In 1988, he started working for ISA as an external consultant, but was soon enlisted and became a regular Agency man. During his years with ISA, Horowitz played a major role in the information revolution the ISA – like other central intelligence agencies worldwide – had undergone. Along the way, Horowitz headed two IT departments before being appointed, in 2000, as head of the ISA's SigInt Division, and subsequently as head of its IT Division.

According to Horowitz, the information revolution started in ISA immediately following the surge of suicide attacks Hamas had staged in early 1995. In those days, suicide bombers blew themselves up one after the other inside Israeli population centers, in a series of vengeance attacks by Hamas pursuant to the targeted elimination of Yahya Ayyash, aka "The Engineer".

"Until 1995, they did not really understand at ISA why information technology was necessary," Horowitz recounts. "Up until then, intelligence had been stored in giant archives, in paper portfolios. The surge of terrorist attacks took place a short while after the assassination of Prime Minister Yitzhak Rabin, and Maj. Gen. Ami Ayalon, formerly the commander of the IDF Navy, who assumed the position of ISA Chief in March 1996, led the change.

"The entire Agency was deeply depressed in those days, pursuant to the Rabin assassination fiasco, when the buses began to explode. There was a sense that the Agency was unable to do its work. Then along came Ami Ayalon who decided that a strategic analysis of the situation was required, pursuant to which he made the Agency very technologically-oriented, as it is today."

Did this happen particularly because Ayalon had come from outside the ranks of ISA?

"First of all – yes, because he had come from the outside, and secondly – during his term as commander of the IDF Navy, he had led the first submarine project in Germany. Because of this project, among other things, Ayalon was acutely aware of the significance of technology as a force multiplier.

"Admittedly, in 1995 cellular telephones entered Israel with full strength, but I think that without Ami Ayalon, the technological revolution would not have taken place in the same way that it actually had. Ayalon argued that the Agency would only have a Raison d'etre (reason for existence) if it positioned itself at the highest level of technology.

"Under Ayalon, over a period of three years the technology and software divisions were doubled and trebled – in personnel complements and in budgets. It was a dramatic expansion. Ayalon diverted budgets (to these activities) at the expense of other projects – construction, for example. If conditions at ISA HQ are overcrowded at present, it is because the money was invested in those days in the SigInt Department, which soon evolved into a Division, and in other projects. The ISA Chiefs that followed Ayalon – Avi Dichter, Yuval Diskin and Yoram Cohen – only intensified the process."

Utilization of Information

Over the course of 2003, Ronen Horowitz was among the ISA people who led the establishment of the National Information Security Authority (NISA). According to him, it was not an easy task convincing numerous organizations regarded as critical infrastructures in the civilian sector of Israel to receive instructions from ISA on how to cope with cyber warfare attacks, while "today, being under the responsibility of ISA has become a status symbol."

In 2007, Horowitz started studying for a doctoral degree at the Tel-Aviv University, under the tutelage of Professor Oded Maimon, one of the world's foremost experts in the field of data fusion. However, his doctoral project was cut short before it began in earnest, as Horowitz was recalled urgently to lead a giant ERP project – a cooperative effort of ISA and the Israel Police – under the code name "Merkava Bithonit" (Defense Chariot, in Hebrew). Horowitz had served in his last position with ISA, as head of the IT Division, for six years – since 2008.

In fact, at the beginning of the present decade, the IT element of ISA was still regarded as a strictly "staff" element. Only a few years ago, during Horowitz's term in office, did this element evolve into a full division, at the same time as the new SigInt Division. By definition, the IT Division deals with technologies that would enable the Agency to effectively cope with the almost infinite amount of information and mine bits of intelligence out of it.

To what extent did the emergence of cellular telephones affect the intelligence work?

"The fact that the cellular telephone currently also serves as the personal computer of nearly everyone is of tremendous significance. It accelerated the information explosion: today, most of the web surfing activity is done through mobile telephones. It has been a very rapid process."

In the past, intelligence services used to monitor only telephone communication, but today communication is maintained through the Internet as well – including the social networks and countless other channels. Does this abundance of media constitute an advantage or a disadvantage as far as the intelligence services are concerned?

"Certainly, having more information is an advantage. In my opinion, the human capacity, as far as intelligence gathering is concerned, reached its maximum long ago – you do not have a sufficient number of ears that can listen to Arabic traffic, you do not have a sufficient number of eyes that can read Arabic texts – the quantities are endless. Out of this abundance, only thousandths of percent are relevant, so information utilization is required. In recent years, that has been our emphasis. What is information utilization? The challenge is using automatic tools to glean information according to the principle of 'gold first'.

"Once there were only texts. Today there is video, images, speech – in addition to the traditional texts. A lot is being invested in technologies that attempt to utilize the information and convert it into something that may be analyzed in the Big Data and then submit to the deskman only what had been graded highly so that he/she may process it.

"For example, if you enter a parking lot today, they have cameras that pick up the vehicle registration number and know how to convert it into a number and identify your vehicle when you exit, using a technology known as LPR (License Plate Recognition) – that's information utilization. You need to format that information, and you do not need a human operator to read the vehicle number from the image. If I have a number, I will be able to check it against my databases automatically."

Do you cooperate with research institutions, universities?

"Yes. As far as R&D are concerned, we maintain close relations with several professors and doctoral students and also cooperate with MAFAT (IMOD's Weapon System & Future Technological Infrastructure Research & Development Administration)."

Is ISA involved in MAFAT's project of utilizing information out of open sources on the Internet, which Israel Defense had reviewed in the past?

"Yes. We take part in it. There are projects in which we participate through funding and there are others with which we cooperate. There are quite a few things under way. We have excellent relations with Unit 8200 of the IDF Intelligence Directorate (Israel's primary SigInt unit) as well as with the Mossad. We cooperate extensively with the industry. We do not have joint projects with Unit 8200 as the environment is different, but I know what Unit 8200 has and where they are heading, and we help one another. In the military, they are getting extensively involved in the open source field. As far as technological shortcuts are involved, we cooperate and there are no political issues."

How does an organization involved in IT connect with the operational echelon?

"This is the flag I have been working under in the last few years. My concept as the Agency's CIO was to connect to the business and see how I can contribute to the operational side. When IDF trooper Gilad Shalit was kidnapped to the Gaza Strip (in 2006), we assembled think-tanks so as to come up with ideas on how to obtain and deliver intelligence. Some of the capabilities conceived in those days are still being used by the Agency for other purposes.

"Owing to the operational nature of the Agency, the pace here has been very high since 2009. I have external consultants who work for the Agency, and I ordered them to go down to the operations center of the IDF brigades that entered the Gaza Strip at the time. We are tightly connected to the field.

"10% of our work plans and budgets are allocated to fast developments. There are no more projects that last 3-4-5 years – they will fail. Every project must provide a solution within a realistic timeframe of one year. Technology is evolving. You must provide a solution within a year. It may not be full-proof, but you must come up with an initial solution nevertheless. It may contain bugs, but the Agency will have a product that works."

Are projects developed for ISA in the field of utilizing and fusing data regarded as groundbreaking projects at the international level as well?

"Yes. In 2000 I began managing the SigInt Department. That was the time when we received personnel complements and budgets and developed the first generation of data mining systems. We have been involved in BI for more than 15 years, since 2000. I am telling you with certainty that quite a few terrorists are looking at us from the sky owing to Big Data capabilities. We are at the cutting edge in this field, in Israel and worldwide."

Are you referring to developments carried out in-house?

"The scientific foundation came from the outside, but many of the software elements were developed in-house, alongside systems that were purchased from giant IT corporations. In some areas we identified Israeli products and start-ups at their very beginning. We purchased the products for the Agency and developed them before they had matured on the outside. Active Big Data out of which you produce alerts – we had developed it quite a few years ago, and it saved the lives of many Israelis.

"We are looking for a needle in a haystack – very weak signals, when the enemy is highly sophisticated."

Was the Israel Security Prize awarded for those systems?

"We received it along with the SigInt Division for the development of those systems and the 'combined elimination doctrine'. We are very proud about it."

According to Horowitz, "We also developed a system designated 'Yoman Meshutaf' (Shared Calendar) for the Agency. It was the most banal and simple development, but it revolutionized the entire work concept of the Agency. Everyone now shares a single calendar system and uploads information to this calendar. Everyone can see what's happening. That way, you link all of the units into a single status picture in real time. Before that, the units were separated and communication was maintained by telephone, at best. This is an example of simple, unsophisticated technology that brings about a revolution.

"During the last conflict, we were active participants – by providing assistance to the IDF brigades on the ground, to IDF Southern Command, by delivering intelligence."

"This place is simply fascinating, there is no other place where you feel that what you do technologically contributes immediately to national security," says Horowitz. "In 2000, at the height of the 'high-tech bubble', my employees kept receiving job offers with salaries twice as high as what they were being paid here, and people would walk into my office and tell me: 'I am not leaving because I'd rather work here, as here I can feel the contribution.

"You need excellent individuals with analytical capabilities, with a highly methodological yet outside-the-box way of thinking who can analyze the information, and luckily – we have those individuals. Today, approximately one quarter of the Agency's manpower is technologically-trained – engineers, programmers and people possessing other (technological) skills."

Do you succeed in recruiting professional manpower, considering the competition with so many high-tech companies in the civilian sector?

"Yes. Based on experience spanning many years, (I can say that) money is the third element in an individual's motivation. The first element is the professional challenge and personal development. The second element is the environment, procedures, the atmosphere and human (peer) quality. The salary only comes third, but it must be fair. The absolute majority remains with the Agency."

Do people join an organization like ISA for just a few years or for a lifelong career?

"They join for a lifelong career, but in order to prevent the division from 'backing up', we employ 40% to 45% of our personnel subject to a time limit. We determine in advance that some people will work at the Agency for up to nine years."

Do most of the employees come to the ISA IT Division from such units as Unit 8200?

"No, they come from all of the market segments, from the universities, from private companies. We take the crème de la crème. In many cases, it is a 'refer-a-friend' system. The ISA IT Division is an organization in the same league as the big banks – it has hundreds of people, substantial budgets and cutting-edge technology."