Cyber: Not what You Thought!
Though much talked about, the true meaning of cyber remains unclear to most people. Maj. Gen. (ret.) Prof. Isaac Ben-Israel attempts to distill the most accurate definition of "Cyber" and addresses the nature of the Israeli cyber ecosystem
Isaac Ben-Israel
| 02/02/2017
Illustration: Bigstock
The issue of cyber has evolved into one of the most talked-about issues on our planet. From an obscure field that was the exclusive domain of intelligence and security specialists until just a few years ago, cyber has become the 'topic of the day' in almost every possible forum. The Russian intervention in the recent US presidential election and the expulsion of the Russian 'diplomats' from the USA that followed have added a tier to the options cyber warfare embodies. Obviously, the term 'cyber' is not only about hacking into computers for the purpose of extracting information ("espionage"), obtaining user passwords (phishing) in order to steal money from banks, disabling systems the computers hacked into control ("cyberattack") or preventing such hacking ("cybersecurity"). It is also about hacking into and dominating social media ("influence") or about such new phenomena as hacking into computers, encrypting the data they contain and releasing them for ransom ("ransomware"). So, what does the field of cyber include and what does it not include? What is the most accurate definition for "cyber"? This issue is not at all clear to most of the people who talk about it. In short: what do we mean when we say "Cyber"?
In order to find out what cyber really is, we should first establish what cyber is not. For this purpose, we will initially address four commonly-held paradigms regarding cyber, which are false or at best grossly inaccurate.
Four Erroneous Paradigms
1. Cyberattacks are associated with data stored in computers. One of the first functions for which computers were used was storing data. Gone are the days when photographs were kept in albums and articles were kept in hard-copy format. This is also one of the reasons why intelligence agencies were compelled, since the 1980s, to seek techniques for covertly accessing computers. Admittedly, a substantial percentage of cyberattacks are still intended to obtain data stored in computers or to disrupt it, but the most serious damage does not necessarily come from these attacks: a much more substantial damage might be inflicted by physical attacks against vital systems. One major example of such physical damage was presented to the world through the attack reported in 2010, when a computer virus known as Stuxnet destroyed the centrifuges of the uranium enrichment facility in Natanz, Iran. The attack was staged by hacking into the computers that supervised the rotation of the centrifuges and destroying them. Similar hacking techniques may be used, for example, to access computers that control potable water supply or the rotation of electricity-generating turbines. This is not a fictional example. About a year ago, in December 2015, the Russians sent a warning message to the Ukraine by disabling – using cyber warfare – the supply of electrical power to Western Ukraine for 24 hours. In all of these examples, no data were stolen, altered or distorted in any way. All of them involved actual damage in the physical world.
2. Cyberattacks are executed through networks. One of the false beliefs regarding cyber that is widely held throughout the world maintains that attacks are executed through networks: the Internet, Twitter or any other network. Obviously, if the computer is connected to a network, the attacker will be offered a readily available attack "channel", through which he may be able to insert malware into the computer being attacked. But it is far from certain that this is the only way to insert such malware. For example, the uranium enrichment facility in Natanz was not connected to any network! It is not known how the virus had been inserted in that case, but one can imagine many ways for such insertion: an employee may have introduced it into the system, hacking may have been accomplished in the context of a software "update", or the virus may have been inserted during the manufacturing process or during routine maintenance operations. There are many potential methods but the result is one and the same: no computer is immune against malware. It could be inserted even during the manufacturing process. After the attack against Iran was reported, the US Department of Defense (DoD) inspected all of the computers used by the various defense/security agencies of the USA and realized that about 80% of them contained a chip made in China… so even a computer that is not connected to a network might contain malware.
3. Only computers are vulnerable to cyberattacks. In fact, this paradigm addresses the nature and essence of the machines we call "computers". What is a computer? We possess and use numerous machine types that are all referred to as computers: large mainframe computers, normally used by universities, major industries or government organs; home/personal computers; portable (laptop or tablet) computers and so forth. But we also possess other machines to which we do not refer as computers, despite the fact that they actually contain computer chips. The most prominent example is the smartphone. This device is built around a computer chip that also has a voice communication capability. A quick check around us will show that we are practically surrounded by computer chips: they are in our air-conditioners, in our washing machines, in our TV control boxes, in our elevators and so forth. If we were to go back to the story of the attack against the Iranian uranium enrichment facility and look for "computers" over there – we would have found no machine referred to as a computer. What the uranium enrichment facility did have were machines named centrifuges that rotate around their axis at a very high speed: about 60,000 revolutions per minute, namely – about one thousand revolutions per second. So what was being attacked over there? What was the virus inserted into? Well, it was inserted into boxes known as "controllers". In this case, the controller contains a computer chip whose function is to control the rotation speed of the centrifuge. The controllers in Natanz had been supplied by the Siemens Company of Germany, and similar controllers may be found in thousands of other production lines, worldwide. The malware inserted into those controllers was not activated unless it had established that the controller in question was associated with Iranian centrifuges. So, cyber technology may be employed not just against standard computers, but also against any device in which a computer chip is installed: from centrifuges through cars to aircraft.
4. Cyber is a "technological" field. If I were to sum up more than a quarter of a century during which I have been involved in what is currently known as "cyber" in a single sentence, it would be this: although most of the solutions to cyber problems are technological, the problems are never "technological"; one cannot even begin to understand the problems without taking into consideration such aspects as the law, the psychology of individuals, social behavior, business and economic considerations and so forth. Cyber is essentially an interdisciplinary field. Incidentally, this is one of the reasons why the universities where one can study for a bachelor's degree in cyber may be counted on the fingers of one hand. This interdisciplinary nature calls for cooperation between numerous faculties – and that is a very difficult task to accomplish.
FBI vs. Apple
The story of the dispute between the FBI and the Apple Company in 2016 demonstrates this more effectively than anything else. On the fact of it, the story is fairly simple. As everyone recalls, about a year ago (December 2015), a Muslim US citizen and his wife murdered 14 civilians in San-Bernardino, California and were subsequently shot and killed by police officers. The murderer was found in possession of an Apple iPhone mobile device. The FBI, in their attempts to investigate the terrorist's potential connections, wanted to read the data stored in that mobile phone, but the data were encryption-protected. Consequently, the FBI approached the Apple Company asking that the mobile device be unlocked, and when the Apple Company declined, the FBI attempted to compel them to comply through a court motion. The Apple Company fought the motion and recruited a team of advocates to present their position in court, but after a few months the US Department of Justice had the motion withdrawn. The top federal prosecutor for California issued a statement according to which the FBI investigators had received help from a "third party" in unlocking the terrorist's mobile device, but did not specify who that third party was. According to the prosecutor, the investigators had "a solemn commitment to the victims of the San Bernardino shooting… It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with co-operation from relevant parties, or through the court system when co-operation fails." According to various reports in the press, the "third party" that provided the solution was the Cellebrite Company of Israel.
Apparently, this is a simple story regarding a technological problem in the field of cyber, which was resolved through the acquisition of advanced encryption unlocking technology. But in fact, the real story is much more complex. I will not be revealing any major secrets when I say that the technological capabilities of the cyber warfare agencies in the USA (including NSA) enabled them to easily unlock the iPhone device of the San Bernardino terrorist and obtain the data they wanted. They did not do it – not because they were unable to, but because the law prevented them from doing it, as the murderer was a US citizen. The acquisition of the software from the Cellebrite Company was made after one of the advocates of the FBI had identified a legal loophole that enabled the Bureau to acquire the information they required overseas. On the other hand, the Apple Company objected on the pretext that they were maintaining the privacy of the citizens, but their primary motivation was increasing their sales turnover. The entire dispute also contributed to the perceived image of mobile phones by Apple being more difficult to hack into. If we were to set aside the legal and business considerations that had motivated the FBI and the Apple Company, one could have concluded – mistakenly – that the problem encountered in this case was a technological one.
So what is "Cyber"?
My definition is extremely simple: the cyber threat is the dark side of computers. As we become more computerized, introducing computer chips into more and more "things", and as we facilitate more communication between those chips, we make our life more efficient and faster and enable everyone to be much more knowledgeable and up-to-date. The computer technology development effort is intended to benefit human society. However, through this effort, we also create a weakness: we become increasingly dependent on computers and on the communication between them. Malevolent parties (and human society will always include malevolent parties) will be able to exploit that dependence – not for the benefit of society, but to its detriment. We must never forget the fact that the computer has not just a bright side, but a dark side as well, and we must consider how to minimize that dark side without throwing the baby out with the bath water. Cybersecurity was intended to minimize that dark side.
One remark regarding computer technology: since the first computer was built by Von Neumann (1903-1954) for the US Army (1946) based on the mathematical concept of Alan Turing (1912-1954), computer technology has evolved into the dominant technology to this day. The transition from vacuum tubes to the transistor chip (1960) was the turning point. Five years later, Gordon Moore (born 1929) formulated his famous "Moore's Law": every eighteen months, smaller transistors may be manufactured so that the number of transistors per area unit on the computer chip may be doubled. In other words, a "generation" in computer technology lasts only eighteen months (compared to a generation in human life, which lasts about 25-30 years). The core of computer chips available today accommodates a few billion transistors! The rate of development is so fast that the computer every one of us now keeps in his or her pocket – namely the smartphone – is infinitely more powerful than the computer Tel-Aviv University had while I was studying there for my bachelor's degree (back then, it was the most powerful computer in Israel). So what about the rate of development of cyber technology? As I said, this technology is the dark side of the computer, so in this field, too, a generation passes every eighteen months or so.
If some of the technological dreams come true, the future may become highly problematic. Even today, trains are driven by computers with no driver involvement and the role played by pilots of passenger aircraft has been significantly reduced. The future holds driverless cars and the introduction of a computer chip into every "home" object. For example, we will be able to go to bed at night and the computer (our smartphone) will "peek" into our calendar to see where we should be in the morning, check Waze just before we wake up to find out the journey time, taking into consideration the traffic conditions, and eventually wake us up at the appropriate time. All of this is becoming possible owing to Moore's Law, according to which the physical size of computer chips continues to decrease, and the fact that all of the various chips are now interlinked in a network of objects (IoT – Internet of Things). All of this is well and good, but it provides the "bad guys" with multiple opportunities to disrupt our lives. The situation described above will not be possible without a proper level of cybersecurity. So, cyber technology is no longer just one of many technologies. In fact, it is a technology that will enable the realization of such visions as IoT, the Smart Home concept or the Smart City concept.
The National Cybernetic Project
The insight outlined above guided me when the Prime Minister had asked me, in 2010, to lead the cybernetic project team that would recommend to the government how the State of Israel should prepare for the cybernetic era, following the reports of the virus that had attacked the uranium enrichment centrifuges in Iran and the dramatic increase in the global awareness to the physical threat the cyber field presents. Until then, that awareness had been the domain of a handful of specialists in a handful of security and intelligence communities, but now, with the genie out of the bottle, the threat we were facing was expected to make a quantum leap, severity-wise. It was abundantly clear to me that we were facing an almost impossible task: assuming a cyber technology generation passes every eighteen months, how can we submit to the government a five-year plan for implementing solutions to the threat? By the time we have concluded our discussions and consolidated our recommendations, and by the time the cabinet has concluded its own discussions and adopted our recommendations, one or two cyber technology generations would have passed, and our recommendations would not be worth the paper they were printed on. The solution we came up with for this issue was a simple one: instead of recommending solutions for the cyber threat for the next five-year or ten-year period, we chose to recommend the establishment of an ecosystem that will monitor the changes in the threat and the technology automatically, and would be able to develop solutions to the new threats as they emerge, even in five years' time (three technology generations) or ten years (seven generations!) from now. This approach compelled us to look at the whole system, which in fact encompasses all walks of life in our country, including the industries and the business sector, the government and the defense/security organs, the elementary and higher education system, the law enforcement system, et al. No wonder, then, that our first recommendation concerned the establishment of an organ within the Prime Minister Office – the National Cyber Bureau – whose primary function would be to continuously develop the cyber ecosystem.
The second overriding insight that guided us was the interdisciplinary nature of the field, as outlined above. It was clear to us that a project that only addressed technology would not lead to the desired revolution. In order to develop the desired ecosystem in a manner that would enable the system to monitor technological changes on its own, encourage new ideas and solve the problems that emerge in the future, the ecosystem should address the legal, economic, educational and social aspects of the cyber problem, along with other aspects. For this reason, the definition of the vision and objective of the cybernetic project (whose recommendations were endorsed by the government and received the appropriate budget, personnel complement and organizational structure) were formulated as follows:
Vision: to maintain Israel's global position as a center for the development of information technologies and provide it with superpower capabilities in cyberspace in order to ensure its economic and national strength as an open, democratic and knowledge-based society.
Objective: to position Israel within the world's top five nations in cyberspace by 2015.
The entire process was completed in 2014, when I was recalled by the Prime Minister to resolve the issue of day-to-day security for the civilian cyberspace. This is by no means a trivial issue: an inherent tension exists between the cybersecurity needs on the one hand and maintaining privacy and civil rights on the other hand. In order to balance between these two needs, we recommended that the National Cyber Authority be established. The primary function of this authority will be to actually defend the civilian cyberspace against attacks (that are being staged at any given moment, incidentally). It is important to stress that the Authority is not an enforcement agency. The function of the new authority is to clean the computers, the networks and the other elements associated with them from malware. It is not the Authority's function to apprehend the attackers. That function was, and still remains, the responsibility of the enforcement agencies like the Israel Police in the case of cybercrime and ISA in the case of cyberterrorism and so forth.
The Blavatnik ICRC
One of the recommendations we submitted to the cabinet in 2010/11 concerned the education system generally and academia in particular. Among other things, pursuant to our recommendations, national cyber research centers were established at five research universities with support provided by the National Cyber Bureau. The first and most substantial center was the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel-Aviv University, which I am privileged and honored to be the head of. The Blavatnik Interdisciplinary Cyber Research Center (ICRC) employs about 250 research associates, about 50 of whom are faculty members and the rest are doctoral and post-doctoral students. This is a substantial number even by international standards. But what sets the Blavatnik ICRC apart is not its size but rather its interdisciplinary nature: about 2/3 of the associates hail from the core disciplines (computer science, engineering and mathematics), but the remaining 1/3 hail from such disciplines as law, business administration, life sciences (neuroscientific research in particular) and even humanities and social sciences, including psychology, economics, political science and so forth. The research grants are more substantial (per researcher) in the case of research theses that are interdisciplinary originally.
It may be stated, even at this early stage, just three years following the establishment of ICRC, that it gradually consolidating a well-respected position within the international research community, along with the fact that it provides the Israeli cyber ecosystem with top-notch researchers, innovative ideas and original technologies.
This is one of the reasons why the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel-Aviv University has become a Mecca not just for researchers but also for captains of industry, government ministers, state governors and cyber technology companies from around the world. All of them intend to learn and understand how we managed, within such a short period of time, to position ourselves at the cutting edge of the global cyber industry.
Closing Remark
There is no better proof of the success of the national cyber project, which has been implemented over the last five years by the National Cyber Bureau headed by Dr. Eviatar Matania, than the statistics for 2016. These statistics indicate a dramatic increase in Israeli cybersecurity product and service exports. In the last five years, these exports have increased by four times, securing an almost 10% share of the world market and even exceeding the regular Israeli defense exports. A similar growth rate was observed with regard to the number of Israeli companies involved in cyber. As far as investments in cyber R&D are concerned, the figures are even more impressive and according to current estimates, the scope of investments in cyber R&D in Israel (mostly from overseas sources) has reached about 15% of the global market.
Israel is a small country that abounds with talent. The success story of the cyber field demonstrates what we can achieve when we really put our mind to something.
***
Maj. Gen. (ret.) Prof. Isaac Ben-Israel is Head of the Blavatnik Interdisciplinary Cyber Research Center (ICRC), Tel-Aviv University
Though much talked about, the true meaning of cyber remains unclear to most people. Maj. Gen. (ret.) Prof. Isaac Ben-Israel attempts to distill the most accurate definition of "Cyber" and addresses the nature of the Israeli cyber ecosystem
Illustration: Bigstock
The issue of cyber has evolved into one of the most talked-about issues on our planet. From an obscure field that was the exclusive domain of intelligence and security specialists until just a few years ago, cyber has become the 'topic of the day' in almost every possible forum. The Russian intervention in the recent US presidential election and the expulsion of the Russian 'diplomats' from the USA that followed have added a tier to the options cyber warfare embodies. Obviously, the term 'cyber' is not only about hacking into computers for the purpose of extracting information ("espionage"), obtaining user passwords (phishing) in order to steal money from banks, disabling systems the computers hacked into control ("cyberattack") or preventing such hacking ("cybersecurity"). It is also about hacking into and dominating social media ("influence") or about such new phenomena as hacking into computers, encrypting the data they contain and releasing them for ransom ("ransomware"). So, what does the field of cyber include and what does it not include? What is the most accurate definition for "cyber"? This issue is not at all clear to most of the people who talk about it. In short: what do we mean when we say "Cyber"?
In order to find out what cyber really is, we should first establish what cyber is not. For this purpose, we will initially address four commonly-held paradigms regarding cyber, which are false or at best grossly inaccurate.
Four Erroneous Paradigms
1. Cyberattacks are associated with data stored in computers. One of the first functions for which computers were used was storing data. Gone are the days when photographs were kept in albums and articles were kept in hard-copy format. This is also one of the reasons why intelligence agencies were compelled, since the 1980s, to seek techniques for covertly accessing computers. Admittedly, a substantial percentage of cyberattacks are still intended to obtain data stored in computers or to disrupt it, but the most serious damage does not necessarily come from these attacks: a much more substantial damage might be inflicted by physical attacks against vital systems. One major example of such physical damage was presented to the world through the attack reported in 2010, when a computer virus known as Stuxnet destroyed the centrifuges of the uranium enrichment facility in Natanz, Iran. The attack was staged by hacking into the computers that supervised the rotation of the centrifuges and destroying them. Similar hacking techniques may be used, for example, to access computers that control potable water supply or the rotation of electricity-generating turbines. This is not a fictional example. About a year ago, in December 2015, the Russians sent a warning message to the Ukraine by disabling – using cyber warfare – the supply of electrical power to Western Ukraine for 24 hours. In all of these examples, no data were stolen, altered or distorted in any way. All of them involved actual damage in the physical world.
2. Cyberattacks are executed through networks. One of the false beliefs regarding cyber that is widely held throughout the world maintains that attacks are executed through networks: the Internet, Twitter or any other network. Obviously, if the computer is connected to a network, the attacker will be offered a readily available attack "channel", through which he may be able to insert malware into the computer being attacked. But it is far from certain that this is the only way to insert such malware. For example, the uranium enrichment facility in Natanz was not connected to any network! It is not known how the virus had been inserted in that case, but one can imagine many ways for such insertion: an employee may have introduced it into the system, hacking may have been accomplished in the context of a software "update", or the virus may have been inserted during the manufacturing process or during routine maintenance operations. There are many potential methods but the result is one and the same: no computer is immune against malware. It could be inserted even during the manufacturing process. After the attack against Iran was reported, the US Department of Defense (DoD) inspected all of the computers used by the various defense/security agencies of the USA and realized that about 80% of them contained a chip made in China… so even a computer that is not connected to a network might contain malware.
3. Only computers are vulnerable to cyberattacks. In fact, this paradigm addresses the nature and essence of the machines we call "computers". What is a computer? We possess and use numerous machine types that are all referred to as computers: large mainframe computers, normally used by universities, major industries or government organs; home/personal computers; portable (laptop or tablet) computers and so forth. But we also possess other machines to which we do not refer as computers, despite the fact that they actually contain computer chips. The most prominent example is the smartphone. This device is built around a computer chip that also has a voice communication capability. A quick check around us will show that we are practically surrounded by computer chips: they are in our air-conditioners, in our washing machines, in our TV control boxes, in our elevators and so forth. If we were to go back to the story of the attack against the Iranian uranium enrichment facility and look for "computers" over there – we would have found no machine referred to as a computer. What the uranium enrichment facility did have were machines named centrifuges that rotate around their axis at a very high speed: about 60,000 revolutions per minute, namely – about one thousand revolutions per second. So what was being attacked over there? What was the virus inserted into? Well, it was inserted into boxes known as "controllers". In this case, the controller contains a computer chip whose function is to control the rotation speed of the centrifuge. The controllers in Natanz had been supplied by the Siemens Company of Germany, and similar controllers may be found in thousands of other production lines, worldwide. The malware inserted into those controllers was not activated unless it had established that the controller in question was associated with Iranian centrifuges. So, cyber technology may be employed not just against standard computers, but also against any device in which a computer chip is installed: from centrifuges through cars to aircraft.
4. Cyber is a "technological" field. If I were to sum up more than a quarter of a century during which I have been involved in what is currently known as "cyber" in a single sentence, it would be this: although most of the solutions to cyber problems are technological, the problems are never "technological"; one cannot even begin to understand the problems without taking into consideration such aspects as the law, the psychology of individuals, social behavior, business and economic considerations and so forth. Cyber is essentially an interdisciplinary field. Incidentally, this is one of the reasons why the universities where one can study for a bachelor's degree in cyber may be counted on the fingers of one hand. This interdisciplinary nature calls for cooperation between numerous faculties – and that is a very difficult task to accomplish.
FBI vs. Apple
The story of the dispute between the FBI and the Apple Company in 2016 demonstrates this more effectively than anything else. On the fact of it, the story is fairly simple. As everyone recalls, about a year ago (December 2015), a Muslim US citizen and his wife murdered 14 civilians in San-Bernardino, California and were subsequently shot and killed by police officers. The murderer was found in possession of an Apple iPhone mobile device. The FBI, in their attempts to investigate the terrorist's potential connections, wanted to read the data stored in that mobile phone, but the data were encryption-protected. Consequently, the FBI approached the Apple Company asking that the mobile device be unlocked, and when the Apple Company declined, the FBI attempted to compel them to comply through a court motion. The Apple Company fought the motion and recruited a team of advocates to present their position in court, but after a few months the US Department of Justice had the motion withdrawn. The top federal prosecutor for California issued a statement according to which the FBI investigators had received help from a "third party" in unlocking the terrorist's mobile device, but did not specify who that third party was. According to the prosecutor, the investigators had "a solemn commitment to the victims of the San Bernardino shooting… It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with co-operation from relevant parties, or through the court system when co-operation fails." According to various reports in the press, the "third party" that provided the solution was the Cellebrite Company of Israel.
Apparently, this is a simple story regarding a technological problem in the field of cyber, which was resolved through the acquisition of advanced encryption unlocking technology. But in fact, the real story is much more complex. I will not be revealing any major secrets when I say that the technological capabilities of the cyber warfare agencies in the USA (including NSA) enabled them to easily unlock the iPhone device of the San Bernardino terrorist and obtain the data they wanted. They did not do it – not because they were unable to, but because the law prevented them from doing it, as the murderer was a US citizen. The acquisition of the software from the Cellebrite Company was made after one of the advocates of the FBI had identified a legal loophole that enabled the Bureau to acquire the information they required overseas. On the other hand, the Apple Company objected on the pretext that they were maintaining the privacy of the citizens, but their primary motivation was increasing their sales turnover. The entire dispute also contributed to the perceived image of mobile phones by Apple being more difficult to hack into. If we were to set aside the legal and business considerations that had motivated the FBI and the Apple Company, one could have concluded – mistakenly – that the problem encountered in this case was a technological one.
So what is "Cyber"?
My definition is extremely simple: the cyber threat is the dark side of computers. As we become more computerized, introducing computer chips into more and more "things", and as we facilitate more communication between those chips, we make our life more efficient and faster and enable everyone to be much more knowledgeable and up-to-date. The computer technology development effort is intended to benefit human society. However, through this effort, we also create a weakness: we become increasingly dependent on computers and on the communication between them. Malevolent parties (and human society will always include malevolent parties) will be able to exploit that dependence – not for the benefit of society, but to its detriment. We must never forget the fact that the computer has not just a bright side, but a dark side as well, and we must consider how to minimize that dark side without throwing the baby out with the bath water. Cybersecurity was intended to minimize that dark side.
One remark regarding computer technology: since the first computer was built by Von Neumann (1903-1954) for the US Army (1946) based on the mathematical concept of Alan Turing (1912-1954), computer technology has evolved into the dominant technology to this day. The transition from vacuum tubes to the transistor chip (1960) was the turning point. Five years later, Gordon Moore (born 1929) formulated his famous "Moore's Law": every eighteen months, smaller transistors may be manufactured so that the number of transistors per area unit on the computer chip may be doubled. In other words, a "generation" in computer technology lasts only eighteen months (compared to a generation in human life, which lasts about 25-30 years). The core of computer chips available today accommodates a few billion transistors! The rate of development is so fast that the computer every one of us now keeps in his or her pocket – namely the smartphone – is infinitely more powerful than the computer Tel-Aviv University had while I was studying there for my bachelor's degree (back then, it was the most powerful computer in Israel). So what about the rate of development of cyber technology? As I said, this technology is the dark side of the computer, so in this field, too, a generation passes every eighteen months or so.
If some of the technological dreams come true, the future may become highly problematic. Even today, trains are driven by computers with no driver involvement and the role played by pilots of passenger aircraft has been significantly reduced. The future holds driverless cars and the introduction of a computer chip into every "home" object. For example, we will be able to go to bed at night and the computer (our smartphone) will "peek" into our calendar to see where we should be in the morning, check Waze just before we wake up to find out the journey time, taking into consideration the traffic conditions, and eventually wake us up at the appropriate time. All of this is becoming possible owing to Moore's Law, according to which the physical size of computer chips continues to decrease, and the fact that all of the various chips are now interlinked in a network of objects (IoT – Internet of Things). All of this is well and good, but it provides the "bad guys" with multiple opportunities to disrupt our lives. The situation described above will not be possible without a proper level of cybersecurity. So, cyber technology is no longer just one of many technologies. In fact, it is a technology that will enable the realization of such visions as IoT, the Smart Home concept or the Smart City concept.
The National Cybernetic Project
The insight outlined above guided me when the Prime Minister had asked me, in 2010, to lead the cybernetic project team that would recommend to the government how the State of Israel should prepare for the cybernetic era, following the reports of the virus that had attacked the uranium enrichment centrifuges in Iran and the dramatic increase in the global awareness to the physical threat the cyber field presents. Until then, that awareness had been the domain of a handful of specialists in a handful of security and intelligence communities, but now, with the genie out of the bottle, the threat we were facing was expected to make a quantum leap, severity-wise. It was abundantly clear to me that we were facing an almost impossible task: assuming a cyber technology generation passes every eighteen months, how can we submit to the government a five-year plan for implementing solutions to the threat? By the time we have concluded our discussions and consolidated our recommendations, and by the time the cabinet has concluded its own discussions and adopted our recommendations, one or two cyber technology generations would have passed, and our recommendations would not be worth the paper they were printed on. The solution we came up with for this issue was a simple one: instead of recommending solutions for the cyber threat for the next five-year or ten-year period, we chose to recommend the establishment of an ecosystem that will monitor the changes in the threat and the technology automatically, and would be able to develop solutions to the new threats as they emerge, even in five years' time (three technology generations) or ten years (seven generations!) from now. This approach compelled us to look at the whole system, which in fact encompasses all walks of life in our country, including the industries and the business sector, the government and the defense/security organs, the elementary and higher education system, the law enforcement system, et al. No wonder, then, that our first recommendation concerned the establishment of an organ within the Prime Minister Office – the National Cyber Bureau – whose primary function would be to continuously develop the cyber ecosystem.
The second overriding insight that guided us was the interdisciplinary nature of the field, as outlined above. It was clear to us that a project that only addressed technology would not lead to the desired revolution. In order to develop the desired ecosystem in a manner that would enable the system to monitor technological changes on its own, encourage new ideas and solve the problems that emerge in the future, the ecosystem should address the legal, economic, educational and social aspects of the cyber problem, along with other aspects. For this reason, the definition of the vision and objective of the cybernetic project (whose recommendations were endorsed by the government and received the appropriate budget, personnel complement and organizational structure) were formulated as follows:
Vision: to maintain Israel's global position as a center for the development of information technologies and provide it with superpower capabilities in cyberspace in order to ensure its economic and national strength as an open, democratic and knowledge-based society.
Objective: to position Israel within the world's top five nations in cyberspace by 2015.
The entire process was completed in 2014, when I was recalled by the Prime Minister to resolve the issue of day-to-day security for the civilian cyberspace. This is by no means a trivial issue: an inherent tension exists between the cybersecurity needs on the one hand and maintaining privacy and civil rights on the other hand. In order to balance between these two needs, we recommended that the National Cyber Authority be established. The primary function of this authority will be to actually defend the civilian cyberspace against attacks (that are being staged at any given moment, incidentally). It is important to stress that the Authority is not an enforcement agency. The function of the new authority is to clean the computers, the networks and the other elements associated with them from malware. It is not the Authority's function to apprehend the attackers. That function was, and still remains, the responsibility of the enforcement agencies like the Israel Police in the case of cybercrime and ISA in the case of cyberterrorism and so forth.
The Blavatnik ICRC
One of the recommendations we submitted to the cabinet in 2010/11 concerned the education system generally and academia in particular. Among other things, pursuant to our recommendations, national cyber research centers were established at five research universities with support provided by the National Cyber Bureau. The first and most substantial center was the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel-Aviv University, which I am privileged and honored to be the head of. The Blavatnik Interdisciplinary Cyber Research Center (ICRC) employs about 250 research associates, about 50 of whom are faculty members and the rest are doctoral and post-doctoral students. This is a substantial number even by international standards. But what sets the Blavatnik ICRC apart is not its size but rather its interdisciplinary nature: about 2/3 of the associates hail from the core disciplines (computer science, engineering and mathematics), but the remaining 1/3 hail from such disciplines as law, business administration, life sciences (neuroscientific research in particular) and even humanities and social sciences, including psychology, economics, political science and so forth. The research grants are more substantial (per researcher) in the case of research theses that are interdisciplinary originally.
It may be stated, even at this early stage, just three years following the establishment of ICRC, that it gradually consolidating a well-respected position within the international research community, along with the fact that it provides the Israeli cyber ecosystem with top-notch researchers, innovative ideas and original technologies.
This is one of the reasons why the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel-Aviv University has become a Mecca not just for researchers but also for captains of industry, government ministers, state governors and cyber technology companies from around the world. All of them intend to learn and understand how we managed, within such a short period of time, to position ourselves at the cutting edge of the global cyber industry.
Closing Remark
There is no better proof of the success of the national cyber project, which has been implemented over the last five years by the National Cyber Bureau headed by Dr. Eviatar Matania, than the statistics for 2016. These statistics indicate a dramatic increase in Israeli cybersecurity product and service exports. In the last five years, these exports have increased by four times, securing an almost 10% share of the world market and even exceeding the regular Israeli defense exports. A similar growth rate was observed with regard to the number of Israeli companies involved in cyber. As far as investments in cyber R&D are concerned, the figures are even more impressive and according to current estimates, the scope of investments in cyber R&D in Israel (mostly from overseas sources) has reached about 15% of the global market.
Israel is a small country that abounds with talent. The success story of the cyber field demonstrates what we can achieve when we really put our mind to something.
***
Maj. Gen. (ret.) Prof. Isaac Ben-Israel is Head of the Blavatnik Interdisciplinary Cyber Research Center (ICRC), Tel-Aviv University
