By DORON TAMIR

Israel is facing new strategic challenges as the result of international and regional geo-political developments, and events on the home front. The Israeli government should take note of these paradigm shifts and act systemically to counter them.

Globally, the Russian – Ukrainian war is increasingly a source of concern, together with challenges from China that are pulling the United States away from the Middle East, thereby negatively affecting Israel’s regional status.

With Russia escalating the war further, stability on the European continent is far from assured. The recent NATO-run multi-national air exercise is a late attempt by the West to boost deterrence against Russian President Vladimir Putin.

Disturbingly, the question of how far Putin is willing to go when pushed into a corner remains unanswered. These events have created shock waves for the global system and have also directly affected Israel’s hi-tech sector due to disruptions in supply chains.

The world’s banks and investment firms are anxiously looking at the conflict’s after-effects, coming so soon after the coronavirus pandemic.

Regionally, in the Middle East, paradigm shifts are underway: Saudi Arabia is talking to Iran, as is Egypt, and Syria’s President Bashar Assad, a mass murderer, has suddenly become a regional darling. Meanwhile, Israel is being increasingly endangered by the arsenal and actions of the Iranian-backed Hezbollah in Lebanon.

As the U.S. is focused on new tensions in the South China Sea and Russia, its weakness in the Middle East is the elephant in the room. The Biden administration’s successive failures in engaging with Arab allies like Saudi Arabia and Egypt plays directly into the hands of the Iranian led axis. 

In the Middle East, Israel’s traditional Arab partners – Egypt and Jordan – continue to maintain good cooperation with it, but Jordan’s ruler, King Abdullah II, is facing an increasingly difficult domestic position due to the Israeli – Palestinian conflict and sensitivities over Jerusalem.

Israel needs to be more attentive to Abdullah’s predicaments, since Jordan forms a crucial aspect of regional stability. This means ensuring the status quo remains unchallenged in the Temple Mount, for example, and avoiding irresponsible moves in this sector.

Egypt’s cooperation with Israel, despite the tragic terrorist attack launched by a rogue Egyptian border guard, remains a major strategic asset for both countries and a pillar of stability.

On the other hand, the fact that Saudi Arabia has established new ties with Iran is deeply troubling and is reflection America’s regional weakness.

Meanwhile, domestically, Israel has experienced unprecedented domestic instability and crisis over the government’s legal reform initiative. This has frightened American, European, and other investment firms.

Israel’s hi-tech sector, the main engine of the national economy, is robust, but it would be wrong to pretend that it has not suffered a major blow due to the domestic instability. Investment in Israeli hi-tech is at a five-year low.

In Europe, Israel’s situation is complex, with some countries, particularly in the center and east of the continent, supporting Israel, while others are growing increasingly critical of the Jewish state. The European Union in general is quite hostile to Israel, although Germany, the most powerful state in the EU, remains politically supportive, despite the erosion in Israel’s image there.

When taken together, a strategic deterioration is the inevitable conclusion.

To counteract these trends, the first and most important action that Israel should take is to strengthen its alliance with the United States. While ongoing cooperation in the military and intelligence spheres remain strong, political-diplomatic tensions between Washington and Jerusalem are eroding Israel’s overall strategic situation.

Bilateral defense ties can, over time, be affected by bad winds blowing from the relationship between the governments, and this is a risk that Israel should not take.

To be sure, the U.S. also gains from its military alliance with Israel, gleaning intelligence information that is supremely valuable for American security.

But the extraordinary alliance must be based not just on shared interests; it must also be based on shared values.

Be it access to world-leading F-35 jets, or to American support in the United Nations Security Council, the idea that Israel can get by without its alliance with America is simply detached from reality, despite the belief in this concept in some sections of the extreme Israeli Right.

Israel must take steps to stabilize its own political system and economy. It needs to resurrect the image of a strong, stable Israel, which knows what it wants and has clear strategic goals. To be seen again as a country with a prosperous hi-tech sector that is worthwhile allying with Israel must regain its stability. 

Moreover, Israel should pursue the goal of formalizing ties with Saudi Arabia, strengthening ties with Abraham Accord states, and decreasing tensions with Jordan.

Relations with these states are highly fragile and are subject to almost immediate changes each time significant developments occur in the Palestinian arena.

The Palestinian issue cannot, for its part, remain sidelined forever. Time is not on Israel’s side on this matter. Sooner or later, Israel will have to make strategic, fateful decisions on how it proceeds vis-à-vis the Palestinians.

The era of Palestinian Authority President Mahmoud Abbas is ending, and Israel must see what kind of leadership will take his place in Ramallah.

To be clear, there is no silver bullet solution to the Israeli – Palestinian conflict, particularly with Hamas ruling Gaza. But there are steps available to Israel and the PA that can neutralize and decrease much of the current tensions.

The Israeli government has much work at hand to reverse the current trend, and to begin improving Israel’s strategic situation.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

One of the most neglected strategic cyber threats existing today is the ability of attackers to target financial systems, central banks, stock exchanges, and financial clients.

The Russia-Ukraine war has served as an urgent reminder of this developing capability. Russia has said that it will target the West’s economic assets in response to Western sanctions on Kremlin-connected individuals and oligarchs.

When it comes to the cyber realm, there are three ways that attackers can do this.

The first involves the advanced persistent threat model, which can be used to strike targets such as a country’s central bank or stock exchange.

As of yet, no stock market has collapsed, but such attacks can be exceedingly destructive in the future due to the role played by stock exchanges as central financial pillars.

According to media reports, Russia created a list of hostile threats, and prioritized them – this could form a list of future cyber strikes. Countries in Western Europe led by Germany, as well as in the East - Poland, the Baltic States, Estonia and Finland, are prominent on the list.

Russia could be planning a major cyberattack against banking systems in these countries.

To build up such offensive cyber capabilities, Russia is boosting its cyber strike systems, while also recruiting as many people as possible to assault Western banking and military digital networks -- a lesson it has learned from past failures.

These developments mean that banks, stock exchanges, and civilian finances must today be considered as strategic and essential infrastructures.

If a stock exchange in a country that relies on it fails, trade and the economy will greatly suffer, potentially resulting in billions of dollars in losses.

Cyber attackers can reach stock exchanges through ‘back door’ access – via large and small banking online systems.

Another way to achieve such damage is through social engineering attacks, which involve manipulating people into allowing harmful actors access to online systems.

Phishing is another way to achieve this, targeting not only those who work at financial organizations but also their customers. Everyone needs to learn how to identify false requests for information or attempts to get hold of account information.

Many have fallen for such traps already. In order to reduce risks, many banks today encourage customers to access their accounts through mobile applications. This makes the attacker's job more difficult, but it does not entirely defend against the threat.

Banks in Singapore, for example, offer a good model of how to build active defenses. Banks in the east Asian country were compelled by the government to create backups of their customers' accounts to prepare for the event of a cyber-attack.

That’s because in the event of such attacks, all banks, digital payments, and credit card use can be suspended, much like pulling the plug out of the socket. If backup systems are in place, financial losses during such an incident will be low, assuming the assault is identified immediately. 

Among other safety measures put in place by Singapore is limiting electronic transactions to 5,000 dollars without a two-factor authentication by clients.

Credit card transactions are limited to 5,000 dollars under the new safety measures and banks must seek client approval twice before responding to inquiries. The banks are also required to perform coordination activity with an anti-fraud center.

These steps should serve as a model for the world.

Hundreds of millions of dollars or even billions could be at stake. Cyber attacks can paralyze massive clearance processes that require for vast sums to be transferred by a specific time. Any disturbance of this system can inflict enormous damage.

An adequate cyber-attack detection system can freeze processes as soon as an alert is sounded, preventing ransom attacks as well as making them unprofitable for attackers.

Russia, for its part, has been sorely disappointed with the outcome of its cyber strikes on Ukraine, but it has no intention to abandon this project. Russia is determined to exact revenge and achieve a “victory image.” In that context, it wishes to show the West, particularly Germany, that a price will be paid for its “treachery” against Russia.

Russia serves as a source of inspiration for Israel's adversaries and Israel has already experienced similar attempts to strike its financial system. Hackers from Malaysia launched cyber assaults in recent months targeting Israeli financial systems, though these were distributed denial of service type attacks that caused minor disruption.

They did, however, demonstrate how a few hundred hackers can band together and launch coordinated attacks against a single target. Israel’s defensive systems were good in this case to repel the incident. Nevertheless, the attack serves as a cautionary tale.

Every time there is an escalation in the Israeli-Palestinian conflict or any circumstance in which antagonism toward Israel spreads across parts of the Islamic world, cyber-attacks are launched against various Israeli civilian, government and military networks. 

Defacement-type incidents do not pose a severe risk. However, the infiltration of CCTV cameras in Jerusalem by Iranian hackers and the subsequent release of footage from a deadly November bus station bombing in the city was troubling and should have been prevented.

Israel must respond by beefing up defenses on all of its networks, including its central banking system, with the effort coordinated by its National Cyber Directorate.

These days, cyber defenders can also enjoy the added benefits of Artificial Intelligence, which is gradually taking increasing control over defenses of digital communications and network infrastructure. AI systems can learn on their own, issue recommendations, and prevent attacks, while investigating all aspects of hostile activity.

Israel became a major cyber power in part thanks to the Israeli government's investments in this field over the years.  The time has now come for the Israeli government to make similar investments in AI development and to link this field to cyber defenses – the sooner the better. 

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

As technological developments race ahead across the board, governments must take the initiative and create incentives for the private sector to develop those that serve the national interest -- or face being left behind.

The State of Israel’s initiatives to promote eco-systems of development in the cyber sphere are an example of what government-guided development can do for both national security and the national economy.

Societies that are not interested in leaving their wellbeing up to market forces alone need governments that clearly define national technological requirements, and chart ways to reach those objectives.

While governments cannot force companies to research and develop anything, they can certainly encourage them to do so through tax breaks and investments, as Israel’s Office of the Chief Scientist has been doing for over a decade.

Often, technological development comes in recognition of a requirement, and many of these requirements have their origins in wars. For example, mass train transport took on a new dimension after trains became key to moving troops in World War One.

During the Cold War, many defense-related technological developments, like satellite communications and global positioning systems, later revolutionized the civilian world as spinoff technologies emerged.

The emergence in the 20th century of nuclear power from the science behind the atomic bomb solved severe energy issues for many advanced countries, particularly among states lacking oil.

It took around forty years to develop advanced unmanned aerial vehicles to deliver battlefield intelligence in real-time, a process in which Israel played a pioneering role. Today, however, quadcopters deliver packages and monitor traffic.

Yet, despite the plethora of development, many countries are also seeing the appearance of technologies that have no obvious good use.

This deluge of technology without any guiding hand means that governments face dilemmas when they plan for times of crisis – times where falling back on national technological development can make the difference between getting through a crisis successfully or not.

This was the thinking that guided Israel’s establishment of its National Cyber Directorate in 2012 after the government completed a process of defining just what kind of technological objectives it wished to achieve.

Unfortunately, this is not a frequent or common pattern in state-level decision-making, particularly in the West. While states excel in forming institutions and academic infrastructure, they have not fared as well in providing a deliberate guiding hand to technological development.

Israel, a relatively new country, which was barely functional 70 years ago, is a technological hub that competes with major powers, specifically because it has encouraged industries like cyber-security.

The same is true of Israel’s domestic defense industries, which truly began to flourish after the French arms embargo against Israel in 1968; until that time Israel had relied on French weapons systems.

Israel’s lead in agricultural technological development is another case in point – and with the prospect of food insecurity being a larger threat globally than war, countries must urgently begin developing such technologies.

Impending climate change and disruption to food supplies created by events like Russia’s war on Ukraine risk the death of millions of people. Famine is not the only threat faced by vulnerable countries-- droughts are another peril, which is why developing national desalination infrastructure provides states with a shield (albeit an expensive one) against such dangers, as Israel has learned through its pioneering desalination technology.

These maneuvers require governments to take a strategic view of present and future requirements, and to position themselves in ways that enable technological developments to serve as a defense against major threats, be they the result of natural phenomena or be they manmade.

Such a guiding government hand also yields significant economic dividends. When Israel established the National Cyber Directorate a decade ago, at the time it exported just hundreds of millions of dollars worth of cyber security solutions. Today, those exports surpass ten billion dollars a year – not including billions in investment by international companies in the local cyber industry. Today, that pace of growth is slowing down, but its economic and national achievements remain prominent.

Looking ahead, artificial intelligence will be a major sector for deliberate government-fueled development, for any country that wishes to be influential and relevant in the 21st century.  A failure to set such objectives will result in huge resources being poured into the research and development of projects that may yield negligible tangible results on the national level.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

Russia’s ongoing war against Ukraine serves as a global reminder that economic factors can be even more decisive than military campaigns in achieving long-term victory., Nevertheless, the economic dimension is rarely factored into war planning.

Usually, when states plan for the option of war, militaries conduct headquarters planning, including intelligence on the latest situation on the adversary’s side, its order of battle, weapons, air force, personnel, and technological capabilities. This data is then compared with one’s own order of battle. Planning groups then form to determine the objectives of a military campaign, which can be both military or political, and are usually the latter.

During such planning, military officials will examine two to three main scenarios that could develop, in which the campaign could prove successful, indecisive, or end in failure. The planners seek to utilize their own side’s advantages and exploit the enemy’s disadvantages. The end result of this process is the production of a war plan.

Yet states often forget that the military domain is not the only decisive factor when it comes to winning wars. The political and economic elements are very influential today too – now perhaps more than ever.

While planners seek to account for political factors, they rarely look at the economic-financial dimension of war.

This, even though such calculations touch on the widest of circles, affecting national economies, and in the case of Russia and Ukraine the lives of hundreds of millions of people beyond the battlefield itself,

Ukraine is a powerhouse of corn, potatoes, and steel exports, as well as sunflower oil, and other agricultural and natural resources.

Since the start of the war, Ukraine’s GDP has crashed by 45%, a disastrous figure, while Russia’s has declined by 12%, which is extremely damaging and will be felt in every Russian home.  Russia could soon be going back to pre-Cold War scenes of empty supermarket shelves. This will have a deep impact on the fabric of society and could undermine support for the war.

Russia and Ukraine combined are responsible for some 30% of the world’s wheat supplies, while much of Europe and beyond became hooked over the years on Russian oil and gas. As the West implements unprecedented sanctions on Moscow, both Russia and the countries that relied on its natural resources will experience severe shockwaves.

None of this economic fallout was planned. Russia was focused on winning military battles and did not invest much thought in the economic war. It is clear that Russia did not plan for such a harsh fallout, or for a scenario in which Germany stops importing Russian oil and gas, and the United States halts oil imports too.

Chinese energy imports from Russia will not be able to compensate for this damage, though the Saudis will pump up their exports by 50% and reap the dividends.

All of this is a warning sign about the consequences of failing to plan for economics in war, even though the longer a war draws on, the more decisive economic factors become. The influence of these factors takes on even greater significance when economics start to impact weapons and ammunition production, something that has a direct knock-on effect on the battlefield.

If war becomes a campaign of attrition, no clear winners emerge, and then the importance of raw materials becomes even more influential, affecting a state’s ability to sustain a war effort, including even the production of vehicles.

In Israel’s experience, short wars can lead to periods of economic prosperity, as the Six-Day War did in 1967, ending a period of lengthy stagnation, and creating an atmosphere of development, production, and the formation of new companies. But the War of Attrition that followed it knocked economic performance back down again.

Today, Israel faces adversaries that have the potential to immediately disrupt its economy, particularly Hezbollah, which can paralyze the home front and economic activity with massive rocket attacks.

This means that Israel must stockpile food, medicine, and energy sources, and ensure that every sector can function, requiring planning that goes far beyond military strategy and tactics.

It is difficult for states to plan the military, political, and economic domains in an integrated manner and sew them together into a single coherent plan.

Most cognitive resources end up being invested in the military side. Russia planned for a three-week war of victory in Ukraine, and the decision-making echelon did not account for the broad economic chain reactions of a lengthy war.

The lesson to draw is that military headquarters preparations must undergo a revolution. At the state and strategic level, it is vital to ensure that economic experts take an active role in the full military planning process.

This also helps ensure that civilian morale levels in a warring state remain reasonably high -- a factor that directly influences the morale of soldiers. If a state fighting a complex war fails to achieve this, it is practically guaranteed to run into serious trouble.

Looking ahead, it is clear that Russia will feel the pain of economic crisis for a very long time. Even if it makes new military progress in the field, Russia can still lose because of economics, and the influence of economics on politics.

Russia provides a classic case study of what happens when planners fail to include worst-case scenarios in their possible courses of action.

Any life-affirming state that finds itself having to plan for wars should learn from Russia’s costly mistake.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

As Russia’s war on Ukraine enters a new phase, Western countries are on heightened alert for Russian state-sponsored hacking attacks. Yet, while Moscow is capable of unleashing considerable disruption and damage through the cybersphere against Ukraine and its Western adversaries, there is no evidence to suggest that current cyber capabilities, as possessed by any state, can win wars.

Russia has developed its cyber capabilities over decades, using its large concentration of high-quality mathematicians and physicists. It only takes 20 to 30 top-level cyber attackers to build up advanced, persistent cyberattack capabilities. Russia has a tradition of doing this well — as well as it excels in the related fields of signals intelligence, encryption, and electronic intelligence.

The Russian private cyber sector is also well known around the world. The cyber capabilities of the Russian military feature one of the most advanced technological arrays of its kind. The Ukrainians are also good at cyberwarfare, due to their access to high-quality, advanced personnel, who have been “leased” by companies all over the world in recent years.

And yet, despite the above, the war in Ukraine has made clear a simple fact: Cyberwarfare won’t decide the conflict. Russia’s less-than-sweeping achievements on this front may have helped encourage it to rely increasingly on devastating conventional firepower.

It is important to address what cyber domain activities can do during a war. During Russia’s 2008 war with Georgia, the Russians disrupted their adversary’s ability to function by attacking communications systems. These systems can be blocked, but when an attacker does this, they are also blocking their own intelligence units’ ability to eavesdrop on the enemy, which can no longer communicate.

This represents a fixed dilemma when it comes to cyberattacks on communications systems. It is usually resolved by finding a balance — through the right “dosage” between cyberattacks and eavesdropping — to avoid harming the interests of those initiating the attack.

Other targets for cyberwarfare during conflicts are a state’s critical infrastructure, such as electricity networks and other sensitive core systems. Harming these targets disrupts the enemy’s ability to function and supply itself.

Transport forms another attractive target in the cyber domain. The long Russian military convoys traveling great distances in Ukraine could form a cyber target, particularly when it comes to vehicles built in the past 20 years, which have many computers onboard. Modern vehicles come with 30 to 40 computers onboard, making them highly vulnerable to cyber disruption, which in turn can significantly damage an adversary.

During wartime, states are more likely to activate state-level attacks, which require deeper technological, analytical and research capabilities than those possessed by ordinary groups of hackers. And yet the conflict in Europe demonstrates that the ability of militaries to conduct ground maneuvers remains the most influential factor in deciding the outcome of wars. Cyberattacks can disrupt and harm, but alone, they cannot win, much like an air force cannot win a war by itself, although it can play a significant role. Ultimately, even in 2022, boots on the ground are what decides armed conflicts.

There is a substantial difference between pulling a trigger and pushing “Enter.” Without the trigger, concepts of battlefield victory remain disconnected from reality. The Ukraine war has taught us that wars for territory are not a thing of the past.

One of the key lessons from the Russian invasion of Ukraine for other militaries is to not abandon land-maneuvering capabilities in favor of investing too much in technology. Both abilities are needed, but not at the expense of one or the other.

The fact of the matter is that until today, we have not seen dramatic, historic, game-changing use of cyberwarfare. No cyberattacks have sparked comparisons with the 1917 deployment of tanks by the British Army at the Battle of the Somme in World War I, or the appearance of fighter jets in 20th century combat decades later.

Rather, the cybersphere has become an additional domain together with another new domain: space. These have joined the three traditional domains of land, air and sea. Each domain requires intelligent use of tool kits, and a suitable command structure, to prove effective.

Just as there are no easy wars, there is no easy cyberattack solution that shuts down an enemy overnight.

When it comes to the West, heightened alert and readiness are certainly necessary at this time. Russian cyberattacks can target banks, hospitals and other key civilian infrastructures. But simple, basic preventative actions can solve some 70% of these problems. Basic steps, like changing passwords and software, can create real hurdles for attackers. This is particularly true if a large number of defenders change their passwords and software at the same time.

Another key lesson rapidly emerging from the war in Europe is the centrality of the cognitive struggle — or as it is more commonly known, psychological warfare. Such campaigns have very significant value in war and are easier than ever to conduct today in the digital age of social media networks.

As a result, many units from Russia and Ukraine are engaged in this struggle. It is a parallel effort to the cyber campaigns currently raging, and its significance on the battlefield, the motivation of soldiers and the understanding of each side of the general picture should not be underestimated.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

The recent cyber-attack by the Black Shadow hacking group on Israeli websites – among them the LGBT dating application Atraf which was subject to  a ransom demand and then a leak of account usernames when that demand wasn’t met – could be part of a larger Iranian cyber attrition campaign.

 It is important to clarify what precisely was targeted in this attack, and why the lack of an official cyber law in Israel is generating  confusion over the division of labor regarding data protection in the vulnerable private sector.

In the cyber world, internet service providers (ISPs) like NetVision, whose servers are used by the company that created Atraf’s website, are similar to a hotel or pizza franchise: The ISP ‘rents’ out its servers, enabling others to host their websites on them to create a logistical communications infrastructure.

Next in the cyber chain are the companies that create websites and applications – in this case, a company called CyberServe.

CyberServe was, in fact, the target of Black Shadow’s attack. These types of companies build websites according to the tailored needs of clients and hosts them on its servers.

Clients who request such websites, – be they dating websites or motorcycle stores –  often don’t understand the cyber world and therefore turn to companies to outsource their online needs.

Black Shadow conducted a double infiltration in this incident: Firstly, of CyberServe’s servers, and secondly of Atraf’s apps and websites (as well as other Israeli websites).

CyberServe provided the ‘structure’ for Atraf, and it was CyberServe’s servers that were infiltrated, meaning that the internet service provider, NetVision, is not responsible for the situation.

This, then highlights, a real problem when it comes to cyber security in Israel at this time. Despite Israel being the ‘start-up nation,’ and a world leader in cyber technology, the country’s private sector lacks clear directives over how to set up fortified cyber defense.

Just as a dentist can’t legally obligate someone to brush their teeth or to be vaccinated, the same is true regarding private sector entities and cyber defense. When Israel set up its National Cyber Security Authority, it began supplying lots of advisory material to the private sector, but none of it was binding.

Similarly, the Justice Ministry’s Law, Information and Technology Authority, which even has the power to raid homes in connection with cyber-crime investigations, does not have enforcement capability when it comes to cyber defenses.

Ultimately, this means that chaos characterizes private sector cyber defenses in Israel and, and only a cyber law can address this problem adequately.

Currently, only a few states like Singapore and the United States have such cyber laws, which delegate explicit cyber defense responsibilities to various actors.

In Israel, cyber security is more in oral law format than written law. As a result, it is not totally clear who is responsible for enforcing cyber security standards. The Israeli National Cyber Security Authority can define strategy, policy, budgets, objectives, and desirable levels of protection. But it cannot deal with each individual company or business organization. This creates gaps that can be exploited by malicious actors.

The ability to break into tens of thousands of private accounts on a dating site is a terrible breach of privacy. It does not require hugely sophisticated capabilities, but rather, the ability to exploit standard weak locations.

Unlike the cyber-attack on Israel’s Hillel Yaffe hospital, which involved the encryption of the hospital’s website, and an attack on the option to cancel the encryption, this latest attack was much less sophisticated.

Attackers breached a company whose job is to defend its customers. Now, CyberServe is facing collective legal action, and its chances of winning in court are not high.

Still, CyberServe could argue, based on the absence of a cyber security law, that the company is not legally responsible for security.

As for the perpetrators, it is reasonable to assume that Black Shadow is an Iranian cyber group, which, like other such groups, operates under Iranian supervision.

It is safe to assess that the groups divide up attacking roles among themselves, with the overall goal being to harass the State of Israel as much as possible. This won’t lead to a collapse of the state, but it will disturb it.

Such incidents also harm Israel’s image as a cyber power.

Now, the most important mission is to track the incident back forensically and identify the attackers. This is a difficult process with its own operational doctrine. It is, simply put, a major headache, and one that not all companies have the ability to undertake.

The incident ultimately underscores the conclusion that the time has come to beef up Israel’s current, and partial, cyber defense regulations.  

Clear legislation will stipulate what web service providers must deliver for their clients, and will make it more difficult for groups like Black Shadow to exploit indifference to the issue of cyber defense.

Not every company needs nuclear power plant-level cyber defenses, but between that and having no defense in place there is a large spectrum of security solutions.

The question of how much each company is willing to pay for this capability boils down to a question of cost-benefit considerations.

As time goes by, increasing numbers of companies will realize, as banks already have, that a percentage of their income must go into cyber security, because the cost of failure is far higher.

The latest attack on an LGBT dating application is not the attack that can bring down a state. But it is another razor cut, in a wider Iranian strategy of ‘a thousand cuts,’ that is designed to harm Israel.

On the other hand, when compared to the cyber strike on gas stations around Iran, which some reports have attributed to Israel, it would seem that the two countries do not have equal cyber offensive capabilities, are not even in the same league.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

The recent cyber ransom attack on the Hillel Yaffe Medical Center in Hadera should not be mistaken as just another cyber incident.

The group behind the attack, Deep Blue Magic, is a top-level cyber-offensive outfit that is well versed in bits and bytes and has caused havoc around the world.

While previous high-profile cyber-strikes on Israeli targets, such as the November, 2020 ransom attack on the Shirbit insurance company, were widely believed to be Iranian proxy attacks on Israel disguised as criminal incidents, in the case of Hillel Yaffe, the ransom attack appears to be authentic – and likely a game changer.

Hillel Yaffe is a government-owned hospital, meaning that it is the government – in this case the Health Ministry backed by the Israel National Cyber Directorate –  that is responsible for responding. The attackers likely were not aware that a government-owned hospital would  opt to not pay the ransom, unlike some privately-owned hospitals that might be tempted to choose a faster solution.  

The hospital remains under attack, and it appears as if not all of the details about this incident have come to light.

Until now, most ransom attacks in Israel have either been tests of capabilities, or decoys to distract attention from larger cyber operations. There have been few instances of actual ransom attacks, in which attackers usually ask for small amounts of money to return critical servers and files to the victim. Usually, in such cases, the attackers ask for a few thousand dollars – and they do this from many victims, rather than seeking millions from a single target.

Within hospitals, there are two types of computing systems. The first system is a logistical system, which handles functions such as registrations, the monitoring of drug distribution, and other activities. These activities represent around half of all patient care. The networks also contain the private medical details of patients.

The second type of system – the more ‘frightening’ kind of target – is operative, and is used to keep surgery theaters, life support,  dialysis, and medical robotic machines running. Some hospitals disconnect such systems from one another, creating independent computing systems – but this is far more difficult to defend against cyber events. Other systems run on a single, holistic cloud server, and here, defense is easier.

Yet neither of these models are immune to cyber-attacks in any way. Over the past five years, health systems have been the number one  target of cyber-attacks in the United States.  Those attacks have mostly seen data privacy breaches, but there have also been more severe types of incidents.

The Hillel Yaffe hospital attack falls under the category of a severe attack.

The importance of awareness

In the immediate timeframe after the incident, a hospital can switch to manual care for patients, and this is likely what Hillel Yaffe chose as its initial response. Surgeons can still operate and doctors can still prescribe medicines without computers. But in the modern world, this set up cannot continue for more than a day or two.

The hospital’s back-up computer system also appears to have been taken out, meaning that this option for returning to normal is not available.

As a result, the Hillel Yaffe incident is a serious source of concern, and does not represent ‘more of the same’ in cyber security incidents. The level of disruption is extensive, and not easily neutralized.

Many of the medical computing systems are used by personnel who are simply not aware of the security world. This lack of awareness constitutes a serious problem. Nurses who hit ‘enter’ after distributing blood pressure pills need training on how to keep the system secure.  

Financial organizations like banks have already grasped the importance of awareness, and know that without it, they lose money. Hospitals can lose patients without sufficient awareness.

It seems reasonable to assume that cyber authorities in Israel are now gathering forensic information in an effort to track down the attackers.

Yet days after the incident began, it has not ended, and this is a reflection of how extraordinarily disruptive the attack has been.

Incident management is a key area in the cybersecurity world, and it is an area organizations must be prepared for in the event that prevention efforts fail.

An Israeli company called Demisto enables automated responses to cyber-attacks, and is an example of where cutting-edge technology is headed in this regard. Demisto’s system, once activated, scans the attacked computer system, identifies weaknesses and locates the presence of malicious programs, thwarting them – all without human intervention.

The fact that the Health Ministry, which is responsible for hospital cybersecurity, did establish a solid protection system, backed by the Israel National Cyber Directorate, and that the attack still occurred is evidence of the severity of this event.

In addition, the fact that the attack has yet to be resolved also testifies to the seriousness of the event.

As the forensic investigation into the attackers makes progress, Israel and other countries around the world will have to be on even higher alert for such incidents.

The Hillel Yaffe incident has generated significant public relations for ransomware attackers, and could serve as encouragement for more.

We have reached an important junction. A powerful hacking group created chaos in a government-owned hospital, and even when Hillel Yaffe returns to normal, the cyber war will not end. The next incident is just a matter of time.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.

By Doron Tamir

All countries today face a common dilemma: How to best protect critical national assets, in the age of ever more effective cyber warfare?

The importance of a country’s ability to defend key sites, such as power companies, ports, and airports cannot be overstated, since a successful cyber-attack on such sites can paralyze any modern state.

 The dilemma doesn’t stop at critical infrastructure. Banks, hospitals, health clinics, public transport, communications, trade, and agriculture systems all require robust defenses. All of these systems are computerized from start to finish, meaning that they are vulnerable.

In some cases, attackers can exploit one vulnerability to move around the system and harm other areas, much like entering a corridor and finding multiple interconnected corridors. An attack on a bank’s clearing system won’t hit the entire bank, but could still lead to massive damages as it could cause the bank to fail to make transfers in time, and as a result face enormous fines.

Even mid to low-level public and commercial computer networks need updated defenses. And states cannot neglect the ability of adversaries to use social media to attack them with disinformation campaigns. The ability to manipulate public perception is more powerful than any missile.

The solution, for both states and private organizations, is to create a synergy of defenses, rather than to keep adding one cyber defense product after another.

In the example of the bank, the institution’s chief information officer could, after the first attack, search out a product that defends clearing systems. But after five days, a second type of attack could hit the bank, this time targeting VIP savings accounts. Now, the CIO is out looking for a second defense product, with no synergy between them. More harm is caused this way than good.

The need for a comprehensive solution is the basis for the setting up of the Israeli National Cyber Directorate in 2012 (originally known as the National Cyber Bureau).

The Directorate is a regulator that ensures that critical private and public sector sites are sufficiently protected, and that they share information on the characteristics of the attack. It has mandated, for example, that banks must report cyber-attacks to a central element – such as the Bank of Israel – without being exposed.

Yet keeping a major attack on a bank under wrap would harm the entire banking system, leading the National Cyber Directorate to pass regulation ordering banks to share details of attacks.

The Directorate sets the standards, defining the minimum bottom line of defense for all critical infrastructure and private sector companies. They must buy or develop systems that meet the defined standard.

 The regulation applies to hospitals, transport, or agriculture – a successful attack on any of them could be catastrophic on a national level. Imagine how a country’s road system might look like if its traffic light computer network is infiltrated.

As time goes by, the effort to raise security standards is becoming more effective, thanks in part to the fact that cyber security has become a recognized profession in academia, just like computer science, math, and electrical engineering.

With this mind, one of the Directorate’s goal is to create an ecosystem that promotes national cyber security, and it has done just that in the Negev city of Beersheba.

A state lacking a cyber defense ecosystem will continue to purchase individual products, much like an enterprise desperate to defend itself but always remaining a step behind.

To overcome this challenge, a national program is essential, complete with state budgets and resources, as well as the need to draw in private industry firms and state-owned companies.

The Directorate’s job is to define what the state wants and needs in the world of cyber defense, and then to set up the ecosystem to realize this vision.

To its credit, the State of Israel has created just such an ecosystem. Beginning in 2012, when Prime Minister Benjamin Netanyahu declared that cyber security is not just a challenge but also a major opportunity, the government earmarked Beersheba as the location of the new ecosystem.

The fact that IDF is moving south to the city, creating training, intelligence, and other key campuses, sparked the idea of creating a new cyber security hotspot as well.

To achieve this vision, the Ben Gurion University of the Negev took on the role of academic anchor for the new initiative, training cyber security professionals. Deutsche Telekom, an enormous telecommunications company, set up a research center at the university’s campus dedicated to cyber security. The Soroka Medical Center hospital joined forces as well.

Then, a high-speed rail line linking the city to central Israel was established.

From this stage on, groups of entrepreneurs began setting up shop at Beersheba’s hi-tech park. They were soon joined by large tech companies, and real estate in parts of this desert city rose by 70 percent.

At this same park, the National Cyber Security Directorate set up its Cyber Emergency Response Team (CERT), made up of groups of responders who kick into action in the event of major cyber-attacks. CERT provides key backing for the finance, transport, and critical infrastructure fields.  

The Shin Bet runs a superb cyber defense unit that developed a range of top line defense systems before the Directorate was established and took over many of its national cyber roles.  The Shin Bet remains responsible for preventing terrorist activity in the cyber domain, as well as tackling foreign political subversion, using the most cutting-edge technology.

It is not enough to create an ecosystem – recruiting skilled cyber defenders must start at the high school level. Israel is one of just two states in the world that has cyber defense as a high school matriculation subject.  

Ultimately, only a holistic approach can prevent chaos when it comes to cyber security. For states, this means a national cyber system, which acts as both the regulator, and as the body that writes the field manual on cyber security.

Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.