Israel is perceived as a powerful cyber nation worldwide. Technology companies like Check Point, Argus, Verint, and NSO, to name just a few, promote Israeli technologies as well the narrative of a nation able to translate its prowess at the military field into marketable assets. Furthermore, alleged cyberattacks on terror organizations or rogue countries like Iran (e.g., Stuxnet—the joint US–Israeli operation also known by its American codename, “Olympic Games”) add to the narrative that Israel is a cyber power. So did President Clinton’s novel, The President is Missing. Indeed, Israel’s offensive cyber capabilities are better than those of most other nations. Yet, to become a truly powerful cyber nation Israel must be able to defend itself from cyberattacks. A critical review of the Israeli cyberspace reveals that in terms of civil resilience and defensive capabilities, it is not at all behind a firewall.
A critical review of the actual structure of cyberspace in Israel reveals flaws and vulnerabilities often exploited by adversaries or criminals, as discussed below. These vulnerabilities downgrade national security and especially civilian security since the whole civilian domain is less protected. Naturally, it is far less secure than the military cyber domain. The simple logic behind this argument was reflected in the films of Rocky Balboa when the main character addressed boxing matches: “It’s not about how hard you hit. It’s about how hard you can get hit and keep moving forward. How much you can take and keep moving forward.” Israel can indeed attack, but can it get hit and keep moving forward? Moreover, this question has now become very pertinent as the global pandemic shifted much of human life to the cyber domain.
Israeli Cyberspace Under Attack—Some Examples
What exactly is cyber warfare? It is the use of cyber weapons and other systems and means in cyberspace for the purpose of espionage, damage, destruction, and influence on others. Cyber warfare is not revolutionary in its underlying concepts of war and strategy; that is, people and nations have long battled each other over sovereignty, resources, or ideology. Cyber warfare is merely evolutionary in the sense that war among nations still takes place, yet now it is done with computer code and disinformation alongside other, more kinetic means. Thus, Israel and its adversaries will continue to battle each other, but with cyber means added to their traditional armories. The arsenal of cyber warfare tactics includes acts of illicit access to data, propaganda, denial of service (DDoS), data modification, and infrastructure manipulation or sabotage, all for the purpose of espionage, damage, destruction, and influence.
On January 7, 2019, Nadav Argaman, the director of Israel’s domestic security service, the Shin Bet, made an unusual public appearance. Argaman warned that foreign forces were planning to attack Israel and interfere with its upcoming elections. Although Argaman did not name the suspects explicitly, it was later speculated that Russia, China, Iran, Turkey, Hamas, Hezbollah, and even so-called “hacktivism” groups like “Anonymous” attacked Israel’s cyberspace, mainly with cyber influence campaigns and Distributed Denial of Service (DDoS) attacks on governmental and business services. It is yet unclear (and/or censored) whether the cyberattacks and influence campaigns had any effect on the elections.
A year and a half later, Israel continued to suffer from additional cyberattacks. For instance, in early 2020, Yuval Steinitz, then the minister of national infrastructures, energy and water resources, announced that Israel had foiled a significant and dangerous cyberattack on its power stations. In another example, Russian submarines were seen near the Israeli coastline. Did they eavesdrop on submarine internet cables? In August 2021, Western non-governmental entities, some of which were Israeli, blamed China for launching significant cyberattacks against Israeli public and private sector groups.
Facing this ongoing pattern of cyber operations against Israel, an obvious question arises: Is the Israeli cyberspace as secure and resilient as many perceive it to be, or as some of the country’s government officials (and cyber corporations) argue? How does Israel’s geopolitical position in the Middle East influence and shape cyber strategy? In this matter, Israel is a unique case, as it is surrounded by historical adversaries and unable to completely rely on the neighboring countries with which it has peace agreements. This physical, geographical, and political isolation puts Israel at a disadvantage in the cyber domain since it cannot widely distribute its connection points to the rest of the world.
Israeli Cyberspace: Structure, Vulnerabilities, and More Examples
Cyberspace is an interdependent network of information technology infrastructures and resident data. It includes the internet, other telecommunications networks, computer systems and other related controllers. Cyberspace is built of four key layers, each with different characteristics: the physical foundations (infrastructure), the logic layer, the information layer, and the user layer. Describing and analyzing these layers can shed light on vulnerabilities and specifically on how vulnerable Israeli cyberspace is altogether.
The physical layer is the actual infrastructure of hardware. It consists of fiber optic cables, nodes of cables, satellites, cellular towers, computers and servers, and any other related hardware. Approximately 95% of global internet connections run through submarine cables. With no current options of ground traffic in its northern, eastern or southern borders (despite peace with Jordan and Egypt, connectivity is unlikely), Israel’s internet connections are limited to vulnerable submarine fiber optic cables and problematic satellite connections. Cables can be cut, damaged, and eavesdropped. Furthermore, physical damage is difficult to repair as it requires special ships and equipment. In case of satellite damage, a new one would likely be required. Repairs are difficult and expensive. If a country were to lose its cables and communication with satellites, it would be (almost) disconnected from the rest of the world and would have to rely on other types of communication like radio.
With just two sea-to-shore internet ports near Haifa and Tel Aviv and several land cables spread throughout the country, hostile foreign forces could disconnect Israel from the internet and shut down most of its socioeconomic activities. The global coronavirus pandemic has forced Israel to shut its borders. Israel’s adversaries can also shut its cyber border, or at least manipulate it and eavesdrop on communications. A well-coordinated cyberattack could have a large impact on the Israeli market and society, especially in times of large-scale operations, and, as mentioned earlier, foreign submarines are always lurking in the depths near submarine cables. Military cyberspace would be less affected by damaged cables as it often relies on satellite communications or on closed-circuit intranets; however, civilian life and civilian emergency services would be significantly damaged.
Prime Minister Naftali Bennett at the Cyber Week conference at Tel Aviv University, in July. Photo credit: REUTERS/Amir Cohen
The next layer on top of the physical layer is the logic layer. Effectively, it is the central nervous system of cyberspace. It is responsible for routing information from clients to servers to clients through various types of communication protocols. The vulnerabilities of this layer are mainly manipulations to the communication systems and denial of service (DDoS). Since 2013 the decentralized hacking group “Anonymous” has organized annual DDoS attacks against Israeli websites, promoting its campaign on Twitter, Telegram, and the dark web using the hashtag #OpIsrael. The campaign has blocked mostly civilian websites of Israeli businesses and some publicly available governmental websites, used by Israeli citizens. Since the military networks are secure, hackers worldwide focus mainly on civilian websites; thus, it is the civilian domain of cyberspace that suffers the most damage.
The third layer of cyberspace is the information layer, which consists of information like encoded text, photos, videos, audio, and any other kind of stored data. The main vulnerability of this layer is the information itself can be leaked, falsified, or manipulated. This layer is deeply connected to the final layer, that of the users. The latter shapes the whole experience of cyberspace as most of the users are regular, peaceful, and harmless, but some are criminals, terrorists, or agents of foreign powers. Manipulative users who use cyberspace for crime, terror, or disinformation campaigns are extremely dangerous as they can steal information and shift public attention or public opinions using legal and legitimate platforms like social media or messaging application groups. In recent years Israel has been subject to a widespread influence campaign not only by its immediate adversaries such as terror organizations or Iran but also by global powers like China, Russia, and even Western countries that attempt to shift Israeli public opinion to reflect their perspectives on certain issues.
Attending to Vulnerabilities: Toward a Secure Cyberspace
A critical review of Israeli cyberspace reveals some significant flaws and vulnerabilities that mainly affect the civilian domain. In contrast, the military domain is more secure as it relies on various types of communications, satellites, and its own intranets that are better protected from external threats. For instance, if submarine cables were cut, military intranets would not be affected and communication within the military and the security services would remain intact. Yet, the very core that needs protection in a democratic and liberal nation is not the military but the citizens who should be able to engage in social, economic, and political life without concern.
Without any sufficient regulations on businesses and a lack of proper response from governmental bodies like the National Cyber Directorate, Israeli citizens are bound to suffer from more cyberattacks in the future. In recent espionage attacks on the Shirbit insurance company and Bar Ilan University, the entire Israeli security community was exposed—as the hackers knew beforehand that military and intelligence personnel were customers of Shirbit and studied at Bar Ilan University, which offers special programs to the abovementioned personnel. Thus, while Israel’s adversaries were not able to penetrate internal military or intelligence intranets, they managed to spy on high-ranking officials indirectly by attacking their service providers. This is only the tip of the iceberg as the personal data of more than 6 million Israeli citizens was exposed in previous election-related data leaks.
In general, neither Israeli civilians nor its military and intelligence communities are sufficiently protected from cyberattacks. Israel’s adversaries carefully chose which cyberspace layer to attack. Thus, which problems should be attended to immediately, to make Israeli cyberspace more secure? First, the Israeli government should make cybersecurity regulation a standard among businesses and institutions that handle large amounts of personal information. Second, Israel should look at nations like Finland, Denmark, Estonia, or Sweden, which have extensive education programs intended to increase digital orientation (and awareness of threats such as disinformation) among children. Young children might not be able to develop their own Stuxnet malware, but they will be able to identify an online fraud or a phishing attempt with malicious files. Third, Israel should invest and develop its infrastructure to make the scenario of cutting its cables and shutting down the whole country less likely. All these measures, in turn, are applicable to other countries facing similar challenges.
