Israel's cyber front - News,Pictures, and Videos.

[DavidSling]

Guidelines for a National Cyber Strategy

Memorandum No. 153, Tel Aviv: Institute for National Security Studies, March 2016
Gabi Siboni, Ofer Assaf


In recent years, activity in cyberspace has developed at a rapid and intense pace. In 2002, the government of Israel addressed this challenge by establishing the National Information Security Authority. Since then, Israel’s functional continuity has become even more dependent on technology in general, and on cyberspace activity in particular. As a consequence of this dependence, the threats to Israel’s functional continuity have intensified. Numerous states and enemies are systematically developing capabilities and acting against various systems and elements in Israel. In January 2012, the Israeli government established the National Cyber Bureau to regulate activity in cyberspace. The subsequent establishment of a National Cyber Defense Authority represents another step in this direction. In parallel, Israel must work to consolidate and outline a national strategy for activity in cyberspace, which will serve as the cornerstone of national growth in cyberspace. The primary document should be a national policy framework for cyberspace activity, which will define the overall national goals in the field of cyber activity and the methods for integrating them in defense, the economy, and other national efforts. Thereafter, each state entity will be required to formulate its own organizational strategy for cyber activity.

Topics:
Israel, Civilian Front, Society and Security, Cyber Security, Military Technology


(Click here for the full text)
Executive Summary
In the past few years, activity in cyberspace in the State of Israel has developed at a rapid and intense pace. In 2002, the government of Israel addressed this challenge by establishing the National Information Security Authority. Since then, Israel’s functional continuity has become increasingly dependent on technology in general, as have other countries worldwide, and on cyberspace activity in particular. As a consequence of this dependence, the threats to Israel’s functional continuity have intensified. Numerous states and enemies are systematically developing capabilities and acting against various systems and elements in Israel.
Several years ago, the Israeli government established the National Cyber Bureau to promote and regulate activity in cyberspace. The establishment of a National Cyber Defense Authority represents another step in this direction.
In parallel, Israel must work to consolidate and outline a national strategy for activity in cyberspace, which will serve as the cornerstone of national growth in cyberspace. The document outlining the national strategy should be one of several documents. The primary document should be the national policy
framework for cyberspace activity, which will define the overall national goals in the field of cyber activity and the methods for integrating them in the defense, economy, and other national efforts. Finally, each state entity operating in this space will be required to formulate its own organizational strategy for cyber activity.
Activity in cyberspace includes a number of components: one is defense, which is a fundamental element. The following entities in Israel require defense: institutions responsible for state security; institutions supplying essential services, and those responsible for administrative procedures and everyday life; and the institutions for which an attack would influence morale and the general sense of order, governance, and sovereignty. The sources of the cyber threat are multiple, and include hostile states, enemy states, terror organizations, hacktivists, and even private individuals. In parallel, the State of Israel is also exposed to criminal activity in cyberspace, including business espionage and intellectual property theft, financial crime, and other types of crime that take advantage of the cybernetic space (drug dealing, pedophilia, arms dealing, and so forth).
In addition to the defense component, Israel also must address the offensive component on a national level. Naturally, the ability to cover these components in this paper is extremely limited. Rather, the goal of this document is to propose guidelines for formulating a national cyber strategy in the field of defense and offense. These guidelines do not encompass all aspects of the field; they do not relate to the legal features nor to issues relating to Israel’s cyber industry.
The primary objective of a national cyber defense strategy is to maintain the state’s functional continuity. A second goal is to enable the relevant Israeli authorities to decide upon and implement operations against enemies in the cybernetic and kinetic space, with confidence in the state’s ability to withstand a cyberattack. In the defense strategy, we propose to differentiate between three types of attacks: 1) advanced persistent threat (APT) – penetration into the depth of an organization’s computer system; 2) rapid, superficial attack, which has immediately recognizable results, and aims to change the site or prevent access to it and to the services it provides in the cybernetic space (Defacing, DDoS); 3) infrastructure attack – by damaging hardware components.
We suggest the following recommendations for preventing and defending against the three types of attacks:
1. Construct the system with a combination of tools and capabilities that do not require previous information and knowledge of attack components and methods, with an advanced capabilities system based on previous knowledge, specifically for defense against APT attacks.
2. Implement inter-organizational information exchange of reports on attacks.
3. Formulate a continuous and broad national cybernetic status assessment by organizations such as a national Computer Emergency Response Team (CERT).
4. Establish rapid response teams, using research and data on attack tools and attack groups.
5. Cooperate with commercial defense and intelligence organizations, as well as international bodies.
6. Develop ongoing intelligence collection about enemies and opponents for the purpose of warning.
7. Formulate a plan for cybernetic response as part of a possible means of deterrence.
8. Develop the ability to recover from an attack when possible, with the understanding that the line of defense is bound to be breached, and thus Israel must organize for rapid recovery following successful enemy attacks.
9. For superficial attacks – establish the ability to recover rapidly and provide the bandwidth that overcomes blocks, by integrating with internet suppliers in the civilian sector.
10. Use ability to rapidly transfer attacked sites to alternative, temporary host sites.
11. Establish a national capability for analyzing hardware attacks due to the technological difficulty of identifying hardware attacks. This should be done in parallel to the use of locally manufactured hardware in cases requiring an exceptional level of security.
We analyzed additional issues in the chapter on defense. The need to develop a national capability to recover from a cyberattack is critical, in the understanding that the “line of defense is bound to be breached” as a determined enemy will succeed in penetrating any defense, no matter how sophisticated. Therefore, Israel will need to construct appropriate mechanisms for recovery and return to routine as soon as possible. In addition, we examined the organizational issue, through an understanding that the State of Israel should be able to provide a response, both for the security sector and for civilian sector. The security organizations must continue to manage the cyber defense of the state’s security sector, while cyber activity targeting the civilian sector will be handled by Israel’s law enforcement bodies, headed by the Israel Police. The National Cyber Defense Authority will demand cooperation and synchronization between all entities and monitor the existence and enforcement of regulation in the civil arena, which is most exposed to cyberattacks. In this context, we recommend adopting a regulatory approach in the civil sector that will mandate the cyber defense field as a component integrated within existing statutory processes, both in the founding stages for business initiatives (licenses from the various statutory planning committees) and in their operational process (business licensing law). We suggest that in this framework, businesses should be required to issue a cyber resilience report. This document will serve as the main statutory tool for identifying and analyzing the vulnerability of a business to a cyberattack, and for formulating processes of defense of these vulnerable points.
This document also relates briefly to cyberattacks and examines several attack scenarios, including attack in overt and obscure situations; attack as a method of communicating a message; and attack as part of a covert campaign. The main recommendations in this context are as follows:
1. Israel’s security organizations should be required to integrate tools for cyberattacks in their operative plans and in the actual use of force in battle, in both emergency and routine situations.
2. Cyberattack should not stand alone. It must be part of a general plan in order to wield influence in a comprehensive, overt conflict.
3. An effective attack is not necessarily a sophisticated APT attack. We recommend to fully utilize the ability to implement an effective cyberattack on a specific target through superficial, rapid, broad attacks on targets, even if these are not so-called “gold targets” (military targets, national infrastructure).
4. An effective cyberattack can be implemented through proxies, without the need to take responsibility.
5. A significant cyberattack requires build-up of force, knowledge of the target, and advanced planning.
6. A cyberattack can represent a stage in “dialogue” between countries, when the goal of the attack is to communicate a message.
7. Attackers should be integrated within Israel’s central cyber defense system, as part of the regular planning and operation of the defense system.
In conclusion, this document recommends leveraging the informality of Israeli culture. Israeli society enjoys inherent characteristics of broad personal connections through social networking, a casual manner of interaction, desire to help others, willingness to participate in activities of a national and patriotic nature, and a need to be “at the center of things” and to prove personal and professional relevance. These attributes enable recruitment of many individuals when needed, whether to assist friends or for a national goal, and all the more so in cases that combine these two motives. This type of informal activity is constant and occurs in a high percentage of cases that require it. Because it is voluntary, based on good will, and reinforced by Israeli culture, it is more intense and sometimes of even higher quality than cooperation due to structured, legal, or regulatory obligation. This type of activity can make a significant contribution to cyber defense in Israel, and should be utilized.
Finally, a substantial part of the strategy document should remain open to the public. Such a document should also include sections for classified issues that should remain undisclosed and that will assist in coordination and synchronization of the defense organizations operating in Israel, as far as this is possible. Formulating the document is an important and achievable challenge that can determine Israel’s status as a global leader in the cyber field.

http://www.inss.org.il/index.aspx?id=4538&articleid=11669

Related links

https://defence.pk/pdf/threads/cyber-attack-aimed-at-over-120-israeli-targets-thwarted.492053/
https://defence.pk/pdf/threads/how-israel-is-thinking-outside-the-box-to-stop-cyber-terror.490489/
https://defence.pk/pdf/threads/israel-second-to-us-for-cyber-defender-firms.486833/
https://defence.pk/pdf/threads/idf-...in-pokemon-inspired-training-exercise.484634/
https://defence.pk/pdf/threads/israels-cyber-dimension.477499/
https://defence.pk/pdf/threads/excl...israel-security-agency-cyber-division.473139/
https://defence.pk/pdf/threads/israel-eases-cyber-sales-restrictions.461184/
https://defence.pk/pdf/threads/israeli-missile-boats-reinforced-against-cyber-attacks.461125/
https://defence.pk/pdf/threads/iai-signs-a-strategic-cyber-deal-in-asia.459709/
https://defence.pk/pdf/threads/israel-to-assist-nigeria-in-combating-cyber-crime.459707/
https://defence.pk/pdf/threads/idf-...ers-in-game-of-thrones-inspired-world.450663/
https://defence.pk/pdf/threads/us-israel-to-sign-agreement-to-cooperate-in-cyber-defense.436243/
https://defence.pk/pdf/threads/what-israel-could-teach-the-u-s-about-cyber-security.423031/
https://defence.pk/pdf/threads/about-the-nature-of-cyber-warfare.418986/
https://defence.pk/pdf/threads/israel-air-force-cyber-security.418835/
https://defence.pk/pdf/threads/israel-beersheva-goes-cyber.411568/

@Penguin @500 @Natan @Archdemon @GBU-28 @F-15I @mike2000 is back @Blue Marlin @Mountain Jew @Beny Karachun @Adir-M @Ilay @theman111

 

[DavidSling]

Cyber Security in Israel Shines Bright
MAY 2, 2017, 11:18 AM

Rotem GitlinRotem Gitlin is a Ad-Tech expert with special dedication to technology & innovation. He is the CEO of Simoti, working … [More]

Despite increasing global volatility, Israel’s economy is positively thriving, experiencing Q4 China-like growth. Weathering the Great Financial Crisis of 2008 with grace, Israel has since been able to maintain a stable economy that seems to be improving with time. The New Israeli Shekel has remained strong in global markets, and Israel was even ranked 2016’s third best economyin the world.

A core local sector that has continuously bolstered Israel’s recent economy is that of cybersecurity. Israel has a strong affinity to this industry for multiple reasons, and shows a promising future when it comes to protecting its technology. The cybersecurity industry is an essential part of Israel’s economic success, and has been envied by countries all over the world. Let’s take a closer look at how cybersecurity not only sustains as a pillar of Israel’s economy, but thrives as a local enterprise.

Unique Defensive Needs

High instability in the Middle East and local afflictions of domestic terror have for years forced Israel to maintain strong and ever-persistent defense and security. As aggression has evolved over the years from the field of battle to digital arenas, Israel has adapted and cybersecurity has taken a vital role in her plan of defense. Just as the prospect of physical assailment prompts much investment and preparedness in military advances, so too does the threat of an electronic attack in cybersecurity.

Indeed, Israel’s cybersecurity concerns are quite legitimate. International cyber terror has recently taken center stage in the public news. Between accusations of Russian hackers influencing the 2016 US election as well as the current French elections for prime minister, and claims that North Korea’s latest missile test failed due to a cyber attack, it is clear that Cyber terror is a crucial national concern when it comes to security.

Being as prone as Israel is to terror and considering increasing regional volatility, Israel has recognized its unique needs for Cyber safety when it comes to the country’s security. To prevent attacks that may cripple the economy, military, and even just everyday life, Israel remains at the forefront of this sector.

Recession Proof

When global winds of economic trouble begin to blow, security and defense sectors have always been considered a “recession proof” industry. An economic downturn does not limit national or private requirements for safety, and as such, these fields remain relatively unscathed during recessions. Cyber threats may even become more likely in unfavorable economic conditions and nations as well as businesses remain just vulnerable. Take the 2015 cyber attack on the dating website Ashley Madison, for example. While recession and economic unrest may translate into budget cuts for marketing, sales, HR, and development, among other departments, companies and countries alike think twice before cutting security costs.

The Rise of the Internet of Things (IOT)

In the 80’s and 90’s security experts were mainly tasked with securing servers, internal systems, and maybe even certain employees’ PCs. Since 2000, laptops and cellphones have widened the realm of secure devices that companies need to concern themselves with. As IOT is on a steady rise, security needs are expanding tremendously as well. More smart devices means more digital components that need to be protected.

For products within the IOT sphere, cybersecurity is critical. Just imagine how a malicious hijacking of your future autonomous level 5 car will affect you. You would not trust the automaker you purchased from again, and word will quickly spread that their product is not safe. Even one or two cases of penetration might bring trust in the industry crashing to its knees. If the autonomous car industry would like to have any chance of attracting people and growing its assets, it must be just bulletproof when it comes to cybersecurity.

Recently, hackers harnessed 1.5 million internet connected cameras to enable distributed denial of service attacks on KrebsOnSecurity.com. With the world of IOT enmeshing itself in the average person’s daily life, cyber threats become more dangerous than ever, and Israel has taken note.

Unique defensive needs, immunity to economic recession, and the new vulnerability created by IOT has made cybersecurity special within the entire tech sector. Israel has especially initiated development of cybersecurity for these reasons and promises to keep this field strong and thriving for a long time to come.

http://blogs.timesofisrael.com/cyber-security-in-israel-shines-bright/

@DavidSling

 

[DavidSling]

Israel, Japan Sign Cyber Cooperation Agreement
The agreement calls for increased investments and joint activity in the cyber security sector, including a joint training program, collaborative workshops and the contribution of Israeli experts to Japan’s Center of Excellence in Cyber Security

IsraelDefense | 4/05/2017

Send to a friend
A+A-Size
Share on
Share on

PM Netanyahu and PM of Japan Shinzo Abe‏. (photo :Kobi Gideon / GPO)

The Israeli and Japanese economy ministers on Wednesday signed two agreements in Jerusalem that call for collaboration on both business and cyber security ventures in a bid to double the trade volume between the two countries.

In the first agreement, Economy Minister Eli Cohen and his Japanese counterpart, Hiroshige Seko, signed a joint statement that calls for increased cooperation among government bodies, economic organizations and companies across a wide range of sectors.

The second agreement calls for increased investments and joint activity in the cyber security sector, including a joint training program, collaborative workshops and the contribution of Israeli experts to Japan’s Center of Excellence in Cyber Security. "We need Israeli support in the cyber field ahead of the 2020 Tokyo Olympics, and we look forward to fruitful cooperation," Seko said.

The agreements are a continuation of similar partnerships launched in East Asia with China and South Korea, all of which have as their goal the strengthening of the Israeli economy, Cohen explained.

On November 30, 2017, Cybertech Global Events will hold the Cybertech Tokyo Conference. The conference and exhibition will be the first of its kind in the region. In addition to the conference, Cybertech Tokyo will host an extensive exhibition for presenting companies and a startup pavilion for both Israeli and regional innovators.

[Source: The Jerusalem Post]

http://www.israeldefense.co.il/en/node/29481

 

[TruthHurtz]

hopefully debilitating cyber attacks are launched against satansrael and affects critical infrastructure such as water and power so the assraeli people can suffer etc

 

[DavidSling]

http://www.i24news.tv/en/tv/replay/STRICTLY-SECURITY/x5leeyy

 

[Aboud]

thanx

 

[DavidSling]

Army beefs up cyber-defense unit as it gives up idea of unified cyber command
Military Intelligence to keep collected intel with coveted Unit 8200; IDF’s Computer Service Directorate to be charged with protection and counter-attack, officer says
BY JUDAH ARI GROSS May 14, 2017, 10:44 pm

• Email
• Print
• Share

Illustrative. An IDF soldier from the C4I Corps types on a computer. (IDF Spokesperson's Unit)
Judah Ari GrossJudah Ari Gross is The Times of Israel's military correspondent.

• Follow or contact:
• Facebook
• Twitter
• Email
• RSS

Email the Newsroom

• Facebook

• Twitter

CYBER-DEFENSE

• IDF CYBER DEFENSE UNIT

• IDF ISRAEL DEFENSE FORCES

The Israel Defense Forces is officially abandoning plans for a unified Cyber Command meant to bring the military’s online activities under one roof, keeping its cyber-defense arm separate from its intelligence collection division, in a reorganization the army says reflects improved electronic warfare capabilities, a senior official said Sunday.

Get The Times of Israel's Daily Edition by email
and never miss our top stories FREE SIGN UP!

At the beginning of his tenure as IDF chief of staff in 2015, Lt. Gen. Gadi Eisenkot announced he would bring together the military’s cyber units under one body, a command unit on par with the Ground Forces, Navy or Air Forces.

The plan for the unified Cyber Command was conceived under the belief that the cybernetic front was a sufficiently independent area that it demanded its own consideration, as Eisenkot explained in 2015 in an unclassified document, known as “IDF Strategy,” that set out the army’s overall goals and methods to achieve them.

However, after two years of discussion and work, the military has opted to scrap that proposal and instead keep the existing dynamic of having the military’s defensive capabilities remain in the army’s Computer Service Directorate, also known as the C4I Directorate, and keeping the elite, secretive Unit 8200 inside Military Intelligence, the senior officer told reporters, speaking on condition of anonymity.

Under the new cyber plan, the role and methods of Unit 8200 will remain the same: both collecting signal intelligence, known as SIGINT, and — according to foreign reports — carrying out cyber attacks.


Illustrative. An IDF soldier from the C4I Corps works on a computer network. (IDF Spokesperson’s Unit)

On the defensive side, however, the military will undergo a number of changes to boost the capabilities of the C4I Directorate, turning its cyber defense unit into an “operational command,” with the authority to act and respond, according to the official.

Currently, the unit is only charged with building and maintaining the military’s online network.

The army expects the improved cyber defense unit to be up and running by September, the senior officer said.

The officer did not specify who specifically threatens Israel on the cyber front, but most experts consider Iran and the Hezbollah terrorist group to be Israel’s main foes in this realm, along with Hamas to a lesser extent.


Illustrative. An IDF soldier from the C4I Corps types on a computer. (IDF Spokesperson’s Unit)

According to some reports in the Hebrew press, the proposal to integrate Unit 8200 into the Cyber Command was opposed by senior Military Intelligence officers.

The highly secretive elite 8200 unit — roughly equivalent to the National Security Agency in the US — is well regarded for its computer prowess and seen as a major incubator of Israel’s hi-tech startup culture.

According to foreign reports, the Military Intelligence unit is believed to have collaborated with the United States to create the sophisticated Stuxnet virus, which hit Iranian nuclear facilities in 2010.

The senior cyber defense official did not discuss the specifics of why the plan was scrapped, but stressed that the C4I Directorate and Unit 8200 maintained an excellent relationship and were dependent on one another.

The army first announced it was considering abandoning the planned unified Cyber Command at the beginning of the year, but Sunday marked the first time the military presented the cyber warfare reshuffle.

“Reorganizing the IDF is more like going into a jungle and trying to garden it, than writing a white paper, where you draw [a plan] from scratch,” the officer said, referring to the difficulties faced.

‘Reorganizing the IDF is more like going into a jungle and trying to garden it’

Before this plan, the C4I was concerned with the functioning of the military’s technology and only then with the operational side of things, but now that will be reversed, the officer said.

“That’s a change of DNA, not just a change of words,” he said.

While responsible for the protection of military systems, as well as some national infrastructure during emergencies, the C4I Directorate will also be charged with counterattacks and “active defense,” measures designed to deter attacks before they happen, the officer said.

“Defense is not standing on the line and waiting [for an attack]. You’re responsible for beating [the enemy],” the officer said.

As part of the army’s multi-year Gideon Plan, which is meant to streamline the military and cut costs, the area of electronic warfare is meant to actually receive a boost in funding across the board — for manpower, equipment and training.

“Every year, we try to bring more and more funds into cyber,” he said.


Illustrative. An IDF antenna. (IDF Spokesperson’s Unit)

However, the C4I’s cyber defense unit will be smaller than initially planned, the officer said, owing to budget constraints.

“We wanted it to be bigger, but the money wasn’t there,” he said.

Under the original plan, Brig. Gen. Yaron Rosen was meant to head the Cyber Command, but that position has now been cut, leaving the C4I Directorate with three brigadier generals instead of four, the officer said.

The enhanced cyber defense unit in C4I will be coordinated by a so-called “Firewall Control” unit, the officer said.


Illustrative. IDF soldiers from the C4I Corps work in a command and control center. (IDF Spokesperson’s Unit)

The “Firewall Control” will oversee the military’s cyber defense efforts, as well as the cooperation with Military Intelligence.

The general strategy for the cyber defense unit will be to assign commanders a particular area of responsibility and allow them to determine the best way to protect it. These team leaders have already been chosen, he said.

The military’s cyber defense program is primarily responsible for protecting the army’s own systems from attack. Civilian networks are under the purview of the National Cyber Authority and the Shin Bet security service’s cyber unit. However, the specifics of which organization will be responsible for what in the case of emergency is currently being resolved in a proposed national law.

“If there were an attack on national infrastructure, the IDF will be there,” the officer said.

Israel was largely unaffected by the WannaCry ransomwar cyber attack that hit countries around the world over the weekend. Officials credited both the fact that the attack was unleashed on Saturday, when most systems in Israel were down for Shabbat, and the country’s advanced cyber-defense efforts.

The specifics of who would coordinate an effort were Israel hit in a major nationwide attack are still being discussed in the Knesset.

In August 2016, the Knesset proposed reforming the National Cyber Authority, which was designed to bring together country’s various cyber defense groups under one umbrella.

Last month, top members of Israel’s security establishment sent an angry letter to the prime minister warning against the establishment of the NCA, as it stood. A copy of the letter was then leaked to Channel 2 news.

The senior officer said the issue had been “sensationalized.”

“It was a question of how the law gets made,” he said. “I’m sure it will be resolved soon.”

http://www.timesofisrael.com/army-b...as-it-gives-up-idea-of-unified-cyber-command/









IDF OFFICIAL: CYBER ATTACK WOULD BE MORE HARMFUL THAN A MISSILE
BYANNA AHRONHEIM

MAY 14, 2017 16:52

"There is no civilian network as well protected as the army’s network," a senior IDF officer said.

C4i Branchs Cyber Control Center. (photo credit:IDF SPOKESMAN’S UNIT)


The IDF believes that a cyber attack targeting Israel's civil infrastructure would be more damaging than a missile attack by the Islamist terror organization Hezbollah.

"Hezbollah paralyzing Israel's infrastructure using cyber attacks, for example, is in effect more severe in effect than Hezbollah using missiles to attack the Hadera power plant," a senior IDF oficcial said, referring to coal-fired power station located in the coastal city.

"This would only cause a few hours of power outages, which can be stopped" relatively quickly, he added.

Over the weekend over 200,000 computers in over 150 companies were affected by a massive global cyberattack but according to the senior official, the IDF’s network was not affected.
“There is no civilian network as well protected as the army’s network,” he said.

Officials have warned that the attack could spread with copycat variants of #WannaCry, the malicious software behind the attack replicating, but according to the senior officer, the IDF’s capabilities to protect its internal networks are “much stronger than any civilian network.”

While it is not the responsibility of the army to protect civilian networks from such attacks, the IDF will intervene to help if requested, the senior officer said, adding that “it’s been done in the past and I expect that we will be asked to help in the future.”

National Infrastructure, Energy and Water Minister Yuval Steinitz on Saturday afternoon declared an increased state of cyber alert for the country’s energy and water infrastructure, taking preventative measures to protect and increase the readiness of the country’s infrastructure.

Prime Minister Benjamin Netanyahu on Sunday stated that Israel’s critical infrastructure remained untouched by the attack, highlighting the country’s ongoing efforts to combat the “new threats” posed by cyber attacks, the rate of which according to the senior officer are increasing dramatically.

“Low-tech attacks in great numbers is a major challenge and can cause great harm,” he said, adding that while there has not been any large-scale successful attack against the IDF’s network “our enemies are getting stronger” both in terms of technology and actual threat that they pose to the army’s networks.

The networks are therefore “dynamic” and always changing in order to stay ahead of Israel’s enemies, he said, adding that “the IDF and Israel in general are continuously updating our systems.”

According to a source within the Defense Ministry, their cyber network was under maintenance until 5pm. The source said that an email was sent this morning to all defense ministry employees stating that maintenance on the network would be occurring during the morning hours due to the massive cyber-attack, adding that it was interesting to note that this maintenance took until the late afternoon.

In June 2015 the IDF announced that Chief of Staff Lt.-Col. Gadi Eisenkot decided to establish a cyber command in light of the substantial challenges facing the army in the field of cyber but in January 2017 it was decided not to have a cyber command department, but to instead strengthen it with a new cyber intelligence processing doctrine.

Instead the entire domain of cyber counter-intelligence has been transferred to the IDF C4I division-which is also responsible for the construction and protection of computer networks-while the gathering of any other cyber-intelligence will remain the responsibility of the intelligence division.

According to the senior officer, the army will have a new Digital Operations Center by the fall of this year which will be in charge of planning, commanding and controlling operations in the world of cyber defense.

Some units in the military have their own defense elements, such as the Air Force and military intelligence, and will work in conjunction with the C4i division which remains the ultimate authority in cyber protection. Other Israeli agencies such as the Mossad and Shin Bet will also work in alongside the new center he said, adding that “there is a relative advantage to each of the relevant bodies who have years of experience in their relative fields.”

According to the senior officer, these changes will significantly improve the army’s preparedness and ability to protect its networks and have already made the army “better protected than we were before.”

"We have a year and a half to prove our capabilities, after that we will see whether we are going in the right direction or if we need to make additional changes,” he added.

http://www.jpost.com/Israel-News/IDF-cyber-network-not-affected-by-global-hacking-attack-490701

https://www.facebook.com/

In Israel, cyber experts joined forces to help foil massive attack
Private and government professionals set up virtual war room to stave off WannaCry cyberattack, which affected over 150 countries
BY SHOSHANNA SOLOMON May 14, 2017, 12:35 pm

3

Illustrative hacker image via Shutterstock

As businesses resumed activities after the weekend in Israel, the nation was still assessing how many organizations and companies had been compromised by a massive electronic attack that hit over 150 countries around the world. But quick and joint action by cyber experts in Israel helped keep the attack at bay, a cybersecurity expert said on Sunday.

“We are still assessing the damage,” Sharon Nimirovski, the founder and CEO of Tel Aviv based cyber firm White Hat said in a phone interview. “We are working on this event around the clock and Israeli firms have been hit but we still believe it is minor. We are still investigating. The systems have been infected, but we don’t see damage. The attack reached the computers but was blocked.”

“We have no idea what is going to happen today – it is still only the early hours of the day. We are already seeing a second version of the attack that was released yesterday because the first was blocked,” he said.

The cyber extortion attack, which locked up computers and held users’ files for ransom, was believed to be the biggest of its kind ever recorded, disrupting services from the US to Russia, the UK, Spain and India. It appeared to exploit a vulnerability purportedly identified for use by the US National Security Agency and later leaked to the internet.

The unprecedented global ransomware cyberattack has hit more than 200,000 victims in more than 150 countries, Europol executive director Rob Wainwright said Sunday.

Britain’s National Cyber Security Center said Saturday teams were working “round the clock” to restore hospital computer systems after the attack forced British hospitals to cancel and delay treatment for patients. In Russia, where a wide array of systems came under attack, officials said services had been restored or the virus contained.


Baruch Carmeli, Head of National Cyber Authority, attends a meeting of the Conference of Presidents of Major American Jewish Organizations at the Inbal Hotel in Jerusalem, on February 20, 2017. (Yonatan Sindel/Flash90)

Two security firms — Kaspersky Lab and Avast — said they had identified the malicious software behind the attack with Russia the hardest hit country.

“We are at the height of a world cyberattack, in which close to 100 nations have been hit. As of now, there has been no damage to Israel’s critical infrastructures,” Prime Minister Benjamin Netanyahu said at a weekly cabinet meeting in Jerusalem on Sunday. “The other damage is minor, as of now, but everything can change.”

Israel set up its cyberdefense systems, including the National Cyber Authority, “in the understanding that there is a new danger that is still ahead of us,” he said. Netanyahu called on all Israeli citizens to obey the directives of the cyber authority. “There will be more developments and we will need to invest more resources” to ensure that Israel’s civilian and military institutions are protected against such attacks, he said.

On Saturday, the nation’s top cybersecurity official said there was no evidence so far that Israel fell victim to the global cyberattack.

Baruch Carmeli, the head of the National Cyber Authority, said in a statement that there was “no indication” that Israeli bodies had been compromised in the massive electronic assault.

Carmeli noted, however, that many of the country’s computer networks were currently inactive due to the Sabbath, and thus a definite assessment could only be made Sunday. “We are preparing,” he noted.

He added that the authority was in contact with cyber officials in Israel and around the world in order to minimize any potential damage.


White Hat’s founder and CEO Sharon Nimirovski (Courtesy: Nadav Cohen)

Nimirovski – whose firm, White Hat, employs teams of hackers to scour the dark web in search of criminal activities aimed at its clients, which include hospitals, financial institutions in Israel and abroad and government institutions in Israel — said that on Friday afternoon its employees spotted an attack on 16 hospitals in the UK. “It was a widespread attack,” said Nimirovsky. The desk entered a high alert mode — which they call “DEFCON 2” — the second highest alert (the highest is when Israel is under attack.) And started to investigate the type of the attack, its spread, location and damage.

“We sent our customers the first vaccine against the attack within an hour,” he said. The “vaccine” included IP addresses, URLs and file names which its customers were told to block. Workers at firms in Israel went into work on Friday afternoon — when companies are generally closed for the weekend — or connected remotely to install the “vaccine,” Nimirovsky said.

As the attack spread even further globally, Israel’s National Cyber Bureau started communicating with the local cyber community and convened members of the Israeli cyber forum, which gathers 250 cybersecurity experts from the public and private cyber institutions. “It was a huge conversation which began Friday evening, with everyone pitching in and talking and giving advice and analyzing the event,” Nimirovsky said.

“We all joined forces and helped to block the attack,” Nimirovski said. “It was like a war, everyone put on their uniform and helped. The cyber bureau began coordinating everything.”

The National Cyber Bureau sent out documents to all major companies in Israel and to critical infrastructure utilities and posted instructions on its website on how to prevent the attack.

It was a cooperation that worked, Nimirovski said. But luck also played a huge part in the event, he said, because most of the businesses were closed for the weekend. “What would have happened if all this had happened on a Monday morning or any other day? That is a big question.”

White Hat was monitoring the dark net to determine who is behind the attacks and was using “sophisticated means” to catch them, he said.


Erez Kreiner, a former director of information security at Israel’s Shin Bet security service who now heads his own cybersecurity consultancy (Courtesy)

The scope of the cyberattack was unprecedented and future ones will only get bigger, said Erez Kreiner, a cybersecurity consultant and a former director of information security at the Shin Bet, Israel’s security agency. For 35 years he helped foil cyberattacks on Israel.

“The damage done by this attack is not worse than other attacks we have seen before, and is not more serious than others – the techniques and tools it uses are not different. What is different is its scope,” said Kreiner. “In future things will only get worse – the ability for such large-scale attacks exists. When they will happen again depends only on the intentions of the perpetrators.”

This attack apparently used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, which exploits a weakness in Microsoft’s Windows. Microsoft released a patch — a software update that fixes the problem — for the vulnerability in March, but computers that have not installed the security update remain vulnerable.

What is interesting about the attack is that the criminals appeared to exploit a vulnerability purportedly identified for use by the US National Security Agency and later leaked to the Internet, said Ofer Israeli, the CEO of Illusive Networks, an Israeli cybersecurity startup.

“What we are seeing is the tip of the iceberg,” said Israeli. “The attacker was not very sophisticated and hence the first wave of the attack was stopped, even if apparently a second version has already been released. But cyber criminals can take the lethal capability that has been exposed and strategically and surgically now go after an organization in a targeted and much more damaging way.”

“I have no doubt that over the next few months, down the road, we are going to see a more sophisticated and more targeted and more devastating attack. As we speak this is already happening. We will see it only in later months,” he said.

http://www.timesofisrael.com/in-israel-cyber-experts-joined-forces-to-help-foil-massive-assault/

 

[DavidSling]

IDF setting up new Cyber Command
Yaakov Lappin, Tel Aviv and Jeremy Binnie, London - IHS Jane's Defence Weekly
18 May 2017


The Israel Defense Forces (IDF) is in the process of creating a new Cyber Command that will be integrated with the existing C4i Directorate and be responsible for all defensive cyber operations and intelligence gathering, a senior IDF cyber official stated on 14 May.

In a departure from plans announced in 2015 by IDF chief of staff Lieutenant General Gadi Eizenkot to unify all cyber capabilities under a single command, Unit 8200, the Military Intelligence Directorate's signals intelligence unit, will not be integrated into the new command.

"We showed him [Lt Gen Eizenkot] what this [unification] would entail, and gave him an alternative, which resulted in a slower progress forward," the senior IDF cyber official said.

Want to read more? For analysis on this article and access to all our insight content, please enquire about our subscription options:　ihs.com/contact

http://www.janes.com/article/70496/idf-setting-up-new-cyber-command

 

[DavidSling]

"An IDF Cyber Arm – within Eighteen Months"
Maj. Gen. Nadav Padan, Head of the IDF C4I Directorate, announced at the 4th International C5I Conference that "we are Building the C4I Directorate as a Command Center for the Employment of the IDF Cyber Force"

Dan Arkin and Ami Rojkes Dombe | 19/05/2017

Send to a friend
A+A-Size
Share on
Share on

Maj. Gen. Nadav Padan (Photo: Meir Azulay)

Maj. Gen. Nadav Padan, Head of the IDF C4I Directorate, announced at the 4th International C5I Conference: "An IDF Cyber Arm – within Eighteen Months." The IDF C4I Directorate is in the process of establishing a command center for the employment of the IDF cyber force, and an officer has been appointed to head the new Intelligence Department within the C4I Directorate, charged with providing services to the IDF Intelligence Directorate. Are these General Padan's de-facto preparations for the establishment of an IDF Cyber Arm?

"The IDF C4I Directorate has evolved from a coordinating/connecting element to an element that leads and conducts operations," said Maj. Gen. Padan, Head of the IDF C4I Directorate at the 4th International C5I Conference. "It is not our intention to engage in intimidation or to attempt to say that cybernetics are the new kinetics, but merely to say that this is a new dimension that expands the existing dimensions. We should identify the potential of cyberspace and see where it is going. Since the 'Network IDF' program, another, different revolution has been under way. The human element does not wait for the technology. Technology is waiting for the human element to assimilate it. My personal challenge is to minimize the gap between the technology and the ability to assimilate it.

"The IDF Staff & Command College and the National Security Council (NSC) conduct a week-long cybersecurity seminar. It is an important process for the people. It was not like that in the past. An effort is also being made to make the technology more accessible to the operational warfighter. Only the things he actually needs should be made accessible to him. In some of the systems, dozens of processes can take place but no one does anything with them. You come to a C3 system and realize that the battalion commander only utilizes 40% of its capabilities. It happens because during the development process, they wanted to include more features that no one actually uses. Everything must be kept simple.

"We have divided the C4I activity into three elements: C4I infrastructures, operational occurrences (NCW = Network-Centric Warfare) and malicious occurrences, including cyber warfare. These are the Directorate's dimensions," explains Maj. Gen. Padan.

"We realized that the system is becoming highly centralized. It is the most important force multiplier in the IDF. It is a facilitating master capability in the context of the Gideon Long-Term Plan. No other IDF capability was defined as such. The fire loop cycle can no longer operate with target chits. The digital dimension has no alternative in the worlds of the past. That is our primary advantage. Such a capability requires redundancy and security with the objective being the continuity of the operational activity."

An IDF Cyber Arm – within Eighteen Months

"The Chief of Staff announced that he wanted a cyber arm. It was a long process with quite a few arm wrestling contests," says Maj. Gen. Padan. "We reached an interim product for the next eighteen months where the dimension is being divided between the Intelligence Directorate and the C4I Directorate.

"We are currently building our cybersecurity capability. The C4I Directorate currently has an Intelligence Department that provides services to the other arms and branches, including the Intelligence Directorate. The Challenge of the C4I Directorate and the security it requires cannot remain in passive or reactive areas. You cannot erect a fence around the web and think that everything is OK. A permanent secure field is the easiest thing to defend. A fixed fence and a fixed watchtower located at fixed points are the easiest to penetrate. If the fence and tower are dynamic, they will make life much more complicated for the attacker.

"We need proactive security. This is a very profound conceptual change. Today we have a security concept, security tools and elements that must be active all the time. We are making our first steps in this world. We are doing everything within carefully measured spaces. The extent of our activity and confidentiality – we should expand it as much as possible.

"In conclusion, the three primary vectors of the IDF C4I Directorate are: Network IDF – a common combined-arms space. The cloud computing worlds. Portfolios have been submitted in the context of a primary contractor tender. Another vector concerns the implementation of security capabilities within the Cybersecurity Division and the entire IDF.

"We are establishing within the C4I Directorate a command post for the employment of the IDF cyber force. To intervene in operational processes through the C2 elements. Traditionally, other elements were involved in these places. It is not simple, but that is the challenge."

"Every new system coming out of the factory must include a cyber control element – a cybernetic control. No system may be developed without considering cybersecurity for the system. The idea is not to add security patches later on, but to create a system that includes cybersecurity from the outset." These things were said by Oren Barat, Head of the Cyber Administration at IMI Systems, in a lecture at the C5I Conference.

Autonomous Networks

"Anyone stealing a doctoral degree or money from the bank through cyberspace – that would be a problem for the original owners of the degree and the money. But if a cyber attacker managed to divert a missile off course or disrupt a connectivity/interoperability network of autonomous vehicles, or set the gas cylinders of a hospital on fire – these would be attempts to disrupt normal life, and for this reason we need to prepare for cybersecurity." IMI Systems developed a solution presented at the exhibition accompanying the C5I Conference at the IDF Armored Corps Memorial: a decision-making box. It is a part of the system, and any command passing through the system will be examined by the wisdom contained in the box in an attempt to detect cyberattacks. In this way, the box protects the system against cyber events.

Aviram Zrahia, cybersecurity technology consultant at Juniper Networks, spoke along the same lines about the transition to autonomous computer networks, capable of responding to cyber events independently. "Computer networks are going in that direction," said Zrahia, "The system responds automatically to cyber events, thereby defending itself." Juniper Networks promotes the transition to autonomous networks, and the solution is to convert the entire network infrastructure into a single entity engaged in cybersecurity. These systems utilize cloud computing services and artificial intelligence, which is the factor that would lead, in a few years' time, to the development of autonomous computer networks. Artificial intelligence is the key. Zrahia: "At some point, computers will be smarter than humans. We do not know when it will happen and what exactly will happen, so it is intriguing and intimidating, but we are advancing in that direction."

A panel hosted by Amir Rapaport, Editor-in-Chief of Israel Defense, included three senior C5I specialists: Col. (res.) Assaf Shefi, former Head of Communications in the IDF Navy; Brig. Gen. (res.) Asher Wallach, Formerly the National Security Coordinator of the IDF Ground Arm, and Col. (res.) Boaz Kavina, former Head of the C4I Directorate's Weapons Development Department.

Assaf Shefi said that the exchange of information between a submarine at sea and its command center is a critical matter, and that today it is accomplished very promptly, which has been demonstrated in operations.

Asher Wallach admitted that in the evolution of the assimilation of combined-arms connectivity and interoperability, there is a gap between the vision and reality, but some of the objectives have been accomplished and the IDF is making progress. Connectivity/interoperability is a critical operational need, but it is not at all certain that everything and everyone must be interconnected, and these processes take time when sizable organizations are involved.

Boaz Kavina: "Tactical connectivity and interoperability have been accomplished to a considerable extent. There is a vision for the more distant future to which we currently aspire. There are culture and language differences but we are making progress. During Operation Protective Edge we already saw some progress of the Network IDF effort."

@Penguin @500 @Natan @Archdemon @GBU-28 @F-15I @mike2000 is back @Blue Marlin @Mountain Jew @Beny Karachun @Adir-M @Ilay @theman111

 

[DavidSling]

 

[DavidSling]

https://www.facebook.com/