As the 2019 edition of Cybertech concludes, we look in satisfaction on yet another successful year for the Israeli cybersecurity sector, having attracted more than $1 billion in private investments, a figure representing a 22% increase from 2017. Dozens of new startup companies have joined the existing plethora of hundreds of corporations and multinationals dealing with cybersecurity in Israel, making it the second richest cyber ecosystem globally.
Innovation, of course, has strategic importance: it improves economic performance, it enables the defenders to keep pace with the ever-expanding threat landscape and it also enriches the toolbox and maneuvering ability of policymakers. These insights are trivial. What's less trivial is how to implement them from the government perspective.
Consider the cyber protection of critical sectors. Most of these sectors are going through massive digital disruption: the energy, transportation, health, and similar sectors are getting "smarter," more interconnected and dependent upon data, automation and digital communication. These developments erode the already thin border between the physical and digital and will necessarily exacerbate the price of cyber vulnerability.
Innovation faces several roadblocks in these cases, mainly because most countries, including Israel, don't house all the necessary stakeholders needed to promote innovation. For example, even though the cyber threat to smart cars is substantial in theory, both OEMs, infrastructure operators, regulators, and cyber vendors are required in order to even ask the correct questions, let alone working on solutions. To that end, the Israel National Cyber Directorate (INCD) promotes open innovation arenas, each with a critical theme. These arenas will be modeled along private-public partnership lines, forming unique cooperation between government and academia in industry.
A national ICS-Energy lab is already in the implementation phase and the financial-cyber arena will be announced soon. Transportation in health is in line with additional projects planned in the coming years. All of these arenas will enjoy a unique combination of public sector resources and expertise, supporting the dynamism and entrepreneurship of the private sector. Together, we hope to see these arenas as an "innovation reactor," positively influencing the startup R&D scene, giving it substantial value and honing its advantages.
Working on the offering, however, isn't enough. Incentives need to be created for large conservative organizations to adopt innovative products and help them mature and become more effective. The INCD has recently launched two important initiatives in that regard. First, the "Meteor" scheme designated to streamline government acquisition of innovative cyber solutions, through a centralized professional evaluation process. Second, a pilot incentive program which supports financially the ability of vendors and customers to conduct PoC projects for the benefit of both sides.
But what is to be done when the private sector is not ready to lead? A good example is the civil aviation sector. The threat landscape is growing fast, but commercial methodologies and technologies are very far from keeping up. For various reasons, the market's reaction is slow and more dramatic government intervention is warranted. Due to this, the INCD has designated the cyber protection of civilian aviation as a national project in which the government will take the lead. A national steering committee, combining all relevant stakeholders, oversees a wide effort of analyzing the risks and initiating R&D efforts to start the journey of mitigating the problems and demonstrating viable countermeasures, all the while collaborating with peer governments and other partners worldwide. Similar efforts are being promoted regarding the security of hospitals and digital healthcare in general.
Conversely, there are areas in which the public functions of regulation and operation await a technological breakthrough in order to be relevant. A prime example is "influence campaigns," the use of cyberspace by nation-states and other malicious actors in order to weaken morale, manipulate public opinion and subvert liberal-democratic institutions. This phenomenon poses major challenges to policymakers as all policy choices at the moment seem risky, shaky and lack a solid cost-effect. Can AI-driven forensics analytics allow, in time, for better options? Possibly. When confronting forward-looking "hard" problems such as these, deep and expansive R&D efforts are needed. The INCD "cyber breakthrough" program is aimed at encouraging ultra-high-risk private R&D projects geared towards these problems. Failure is a natural part of this program. The government's role here is to guide and support ventures which no private VC will dare back, but has a true dramatic "game-changing" potential to tilt the balance towards the defenders.
Yigal Unna is the Director-General of the Israel National Cyber Directorate