In May 2011 the Israeli government appointed a National Cybernetic Taskforce led by Isaac Ben-Israel, a professor at Tel Aviv University, reserve major general, and former head of the Administration for the Development of Weapons and Technological Infrastructure at the Israeli Defense Ministry. The task force submitted a report last month that made a series of recommendations for defending Israel’s strategic infrastructure from cyber attack.
The measures recommended include the establishment of a national cyber authority to oversee the protection of Israel’s critical systems, the development of an Israeli research supercomputer, protocols to identify attacks in progress and repair any damage caused, and the creation of a simulation center to train and certify engineers who will specialize in system protection.
Ben-Israel told the conference that while Israeli military and intelligence networks are well protected, the country currently has “no defense for critical installations such as the electricity network.” He warned, “You have systems that each one by itself is not critical, but someone who wants to attack Israel can attack three or four of these sub-critical systems in parallel and together will achieve the effect of paralyzing the country.”
Ben-Israel also hinted that the government may be considering mounting an offense. “It’s not enough to remain passive and defend yourself. You also have to do all sorts of things, but I won’t talk about that,” he said.
Danny Dolev, a professor at the Hebrew University of Jerusalem and a member of the task force, agreed that Israel’s civilian computer systems are “wide open, a weak point.” He said, “To defend Israel, we need to develop sensing of many things happening at once, which individually may seem unimportant but as soon as we look at their correlation, suddenly something happens.”
Other experts urged the adoption of new kinds of security measures, observing that technologies such as the firewall, which identifies potentially malicious inbound network traffic, cannot guard against attacks by people or malicious programs already within an organization’s security cordon.
Nimrod Kozlovski, an adjunct professor at Tel Aviv University and chairman of Altal Security, said current security protocols were based on the outdated concept of “trusted” and “untrusted” people trying to access a system. But today’s threats may come from a “trusted” person within the system—like Bradley Manning, who is accused of downloading thousands of U.S. diplomatic cables and passing them to WikiLeaks.
William Beer, director of the OneSecurity Practice at PricewaterhouseCoopers London and an adviser to the British government, said, “The current approach to cyber security is failing. People engaged in securing cyberspace face the challenge of continuing to raise their game faster than the attackers.”