(Photo: Ofer Zidon)
The IDF of 2013 is an army on the web. The Merkava Mark-IV tanks are on the web, the F–16 and F-15 fighters are on the web and even the Iron Dome batteries are on the web. If anyone should hack into this web, at the very least he would be able to familiarize himself with the secrets of the Iron Dome system. In a worst-case scenario, however, he would be able to cause the Iron Dome system to launch an interceptor missile not at a Grad rocket fired from Gaza, but at an IAF aircraft.
During the term of the previous Chief of Staff, Lt. Gen. Gabi Ashkenazi, the IDF authorities came to the realization that the future is in cyber, and that cyber is the fifth dimension, or medium, of warfare – in addition to the air, the sea, the ground and outer space. The responsibility for this dimension was divided in those days between two different GHQ Divisions: defensive operations were assigned to the C4I Division, and offensive operations were assigned to the Intelligence Division.
The people charged with the task of protecting the computer systems of the IDF are youngsters who have just completed their matriculation examinations in computer science.
They are here, taking the Cyber Defender course of the IDF C4I Division at the IDF Personnel Corps base in Ramat-Gan, “the home where Israeli high-tech was born”. They take pride in the old buildings where the first computers used by the IDF are stored.
It is a battlefield to all intents and purposes. The enemies are all the immediate suspects, but the thing is – even countries Israel has no direct conflict with, like Russia and China, possess impressive cyber capabilities, and they, too, are interested in prying into the intestines of the IDF. Instead of shells and missiles, the weapons used by the IDF cyber defenders are worms, viruses and silent Trojan Horses.
Silent is the Name of the Game
A good cyber attack is an attack nobody knows about. In the strange strategic era in which we live – neither peace nor war – where, according to foreign sources, Israel has been conducting a secret campaign against the Iranian nuclear program and another secret campaign against arms smuggling and the empowerment of terrorist organizations, cyber plays an increasingly more important role.
For this reason, the cyber layout has expanded physically with the addition of many new recruits, as well as budget-wise. An IDF cyber unit can easily snatch recruits with a clean bill of health (“Health Profile 97”) at the expense of the Golani infantry brigade, for example. If a cyber attack needs to be silent, the role of the cyber defenders is just the opposite: the idea is to identify attacks taking place at the earliest possible stage, block them, contain them, and just like the classic combat doctrine of the Ben-Gurion school – transfer the war into the enemy’s territory, or in this case, into the enemy’s computer.
2nd Lt. Liav is one of the commanders of the present Cyber Defender course – it is only the third class since the course was conceived. “Two and a half years ago they established the Cyber Defense Department at the C4I Division,” he tells Israel Defense. “I attended the first training course, went on to the officer training school and returned here as an instructor. About thirty trainees complete the annual Cyber Defender course.”
How do you define their role for them before they are assigned to the various units?
“The function of the Cyber Defender is to protect the networks of the IDF, which are different from the networks we are familiar with in civilian life, owing to all sorts of threats from outside and from within, from anything that can damage the IDF and their strength.”
What are the contents you deliver to the trainees during the course?
“The course lasts four months. They learn about infrastructure, information security and the systems used in the IDF, and I am unable to give you any examples regarding the systems used in the IDF. During the last part of the course they have training exercises where they practice attacks that are taking place and they need to counter them. The final examination takes place between 10:00 AM and 06:00 on the following morning. They sit in the classroom, in shifts of four-man teams that investigate the attacks on the classroom network. We have systems that simulate attacks. After three hours, the teams rotate and this goes on for 20 hours. The morning hours, between 04:00 AM and 06:00 AM are the most difficult. This activity is intended to prepare them for their actual work in the field, at the units they will be assigned to, which can be any IDF unit that has a sizeable computer center. Cyber attacks take place 24 hours a day. The Cyber Defenders’ duty is to protect each and every IDF unit that has computer networks. After the course, they are dispersed among the various units.”
It has recently been announced that Israel had been experiencing, over the last year, a sharp increase in the number of cyber attacks, mainly against government and military websites – an increase that peaked during Operation Pillar of Defense.
“I cannot go into that for information security reasons. The point is there has been an increase in detection, too. It is highly likely that things are happening and attacks are taking place and we are not aware of that. Our objective is to prevent that. The question is not what the attack is. It can be an attack against communications, an attack against our weaknesses, an attack against an application through which the attacker can gain access – it all depends on how you write the code and the main thing is that you managed to gain access.”
Are there attacks that we do not know about?
“We hope not.”
Is it possible for someone to attack us, be detected and subsequently repelled without him knowing that he has been repelled, as we did not want him to know?
“This is a part of the combat doctrine the IDF are developing in the realm of cyber. It is possible that for me, as the defender, it would not be right to shut everything off now. Instead, it may be more desirable to keep on loitering inside the enemy’s ‘territory’ and see what happens there, so that I may take advantage of the opportunity for the benefit of our objectives. This is called ‘Proactive Defense’. I will prefer to go outside the box. The question is how to turn a situation where he attacks me around, so that I may attack him; how to turn a situation where the opponent is ahead of you into a situation where you are ahead of him.”
How do you cope with the splitting of the efforts, when the offensive effort is assigned to the Intelligence Division?
“The defensive dimension is the most important. If your defenses are compromised – you will not be able to attack. This can affect armored formations where all of the systems will collapse; aircraft that will not be receiving the targets they are supposed to attack; it can affect the navy, where naval forces will not be receiving data on the targets they should engage and so forth. Today, cyber is a complete dimension and that is how it is regarded by the IDF. It is a human dimension, causing people to do all sorts of things, the physical dimension is the equipment itself, with which we can hack into applications and obtain information. There is also the logic dimension – the information being transferred.”
Foreign sources published the story of the Stuxnet worm, attributed to Israel and the USA, which had allegedly slowed down the centrifuges of the Iranian nuclear project.
“During the cold war they managed, through computer systems, to cause gas pipes to burst using a logic bomb that changed the pressure settings inside the gas pipes. The most famous example is the Stuxnet worm. You create it through cyber and it physically changes the Iranian nuclear project through the rotation of the centrifuges it stopped, thereby delaying the entire nuclear project.”
Who produced the Stuxnet worm?
“Foreign sources…” (laughing).
Who are the trainees of the course?
“They go through the IDF Computer Skills School – an IDF training school that works with MAMRAM, and then come to this course.”
Can someone with no computer background take this course?
“There are people who come here whose only computer background consists of Facebook and Youtube. We look for individuals who think outside the box. In this world of information security you need to cause a certain component to do something it was not intended to do. If you have an application that produces specific reports, you are supposed to hack into it and cause it to do other things for you, like provide you with intelligence about the organization that uses it. We talk to the candidates and see if they think in a different way. We present logic questions to them in order to test their way of thinking.”
Are you disappointed of dealing with defense all day long when the offensive dimension is situated elsewhere?
“Being on the defensive side is more important as without effective defense you will not have the other things. No one goes out of here as ‘exclusively defense’ or ‘exclusively attack’. You must be both, but eventually, you will not be equally proficient at both.”
Don’t you think that the division between you and the Intelligence Division should be abolished?
“I do not think so. The operations should be cooperative and fully coordinated, but operating through different units is not a problem.”
“Demand has Rocketed”
Sgt. David joins the conversation: “Like Liav, I have been here since the first Cyber Defender course. I have been introduced to a small portion of Israel’s cyber capabilities. This activity is occupying an increasingly more prominent position worldwide. You have seen the stories about the monitoring by the agencies of the USA. Everything is in cyberspace. The demand for information security professionals has rocketed. The IDF, as in everything else, adapt to the technological evolution. The heads of this state and the commanders of the military had said a long time ago that they regard cyber as a combat zone to all intents and purposes.”
Have you had a chance to attend a real-life cyber attack situation?
“I have seen how we train ourselves. We practice an attack and then stop and analyze the attack. The training kicks in and the guys know how to solve whatever takes place.”
What is the most troubling thing about cyber attacks by states? Is it the fact that these attacks cannot be detected?
Sgt. Yuval joins the conversation: “States, undoubtedly. They have more funds and budgets and resources and reasons to do it, whether they are enemy states or rival states, and they are much more dangerous than organizations”.
Theoretically, can cyber prevent a war?
“Theoretically, yes. The question is to prevent a war in what way. Let me give you an example. Cyber can shut down an entire country and prevent it from going to war. Cyber can prevent war and decide the outcome of a war. The beauty of cyber is that you can do anything you want with it. This is also one of the difficulties as far as cyber defense is concerned. It is very difficult to know where things are coming from.”
Is it possible for someone to stage a cyber attack against us, and we will think that the perpetrator is one country, while in fact it was another country?
“It is definitely possible to create a situation where someone attacks us and we think it has come from one direction while in fact it came from a totally different direction. An attacker will not leave any footprints of what he had done. A superpower will not leave footprints. With a superpower, it would be much more difficult to find a trail.
“Cyber can start a war, too. The President of the United States of America has already announced that anyone staging a cyber attack against them will be answered by conventional warfare. This war is going on all the time, with varying intensity”.
If a total war should break out tomorrow morning, will the IDF cyber capabilities be mature enough to assist and contribute?
“The cyber contributes all the time and the contribution it makes is substantial and evident. Those who need to know are aware of it, and the cyber is contributing even now. Because of the cyber world, the course is kept current all the time.”
Terrorists from Fatah’s Al Aqsa Martyrs Brigade
Iranian president Hassan Rouhani
AFP photo
WarSclerotic 
Recent Comments