20 December 2014

The Objective is National Cyber Warfare Defense

17/12/2014

Exclusive interview with Brig. Gen. (res.) Yair Cohen, who established the Cyber Division at Elbit Systems

We had met Brig. Gen. (res.) Yair Cohen, VP Intelligence & Cyber at Elbit Systems, about 5 years ago, when Elbit Systems entered the cyberspace field and decided to regard it as a growth engine. This move had been brought about, to a considerable extent, by the encouragement of MAFAT (IMOD's Weapon System & Future Technological Infrastructure Research & Development Administration) and the vision of the group's leadership. A lot has happened since then, and the vision has evolved into a reality. Cohen will be one of the primary speakers at the Israel HLS conference to be held in November 2014 at the initiative of the Israel Export & International Cooperation Institute with support and sponsorship provided by numerous national organizations. 

"Three things have happened," explains Cohen, formerly the commander of the IDF Intelligence Directorate's main SigInt element, Unit 8200. "First and foremost, many people have realized that the existing defensive measures are unsatisfactory. They are improving – but still unsatisfactory. The second element is the gap between the offensive measures and the defensive measures. This gap is growing constantly. You can see it through the incidents reported by the media, and especially through the incidents that are not publicized. A senior US official told me once: 'we built our future on the basis of capabilities that we do not know how to handle'. The third element is the interface between the defense/security sector and the public sector. The Prime Minister's decision to establish a national cyber authority is an example of the attempt to deal with it. It is an interesting decision. 

"There is a difference between the information security world and the cyber warfare world, which is sometimes hard to see. It lies in the different worldview. While information security is intended to provide pinpoint solutions to specific problems, cyber solutions are comprehensive. The cyber world we aim at deals with an integrated solution for a state or a military organization. In today's world they still rely on pinpoint defensive measures – and that is not enough." 

What is the difference between the situation today and the situation that has existed with regard to nuclear weapons? Back then they had also developed a technology that until this day they do not know how to handle 

"It is, without a doubt, an interesting analogy that keeps many people around the world preoccupied. A few years ago there was talk about the USA and Russia intending to set up a 'red phone' link for any eventuality of a cyber warfare attack, like the one set up to deal with a situation of the use of nuclear weapons," says Cohen. "At the same time, cyber warfare is more problematic, as the destructive potential of a cyber warfare attack is equal to or greater than that of an atom bomb. It involves damage to critical systems that control such basic resources as water, gas, electricity and so forth. The most substantial damage is inflicted mainly on civilian infrastructures – more than on military infrastructures. 


"Another point concerns the fact that numerous states have possessed nuclear weapons since 1945, and until 2014 there has been no nuclear war (some 2,400 nuclear weapon tests were conducted – but not a single war). The balance of terror has been maintained. In cyberspace, the destructive potential is not confined to state elements. Individuals, criminal groups or terrorist organizations can exploit cyber offensive tools in a way that no state can supervise or control. Additionally, the temptation to actually use cyber warfare weapons is substantial, as it is extremely difficult to incriminate the perpetrator. In fact, you can use cyber warfare weapons and get away with it." 

Does the state have to provide the citizens with cyber defense? 

"As far as the intelligence aspect is concerned, the state does not provide intelligence to the civilian sector at present. The establishment of the new authority alongside the National Cyber Bureau is a step in the right direction. The assumption is that critical infrastructures are supervised and guided by ISA, and are therefore more effectively protected. The gap concerns those that are not supervised as well as private citizens," explains Cohen. 

"The state cannot defend each and every house in Israel against missiles, and the same applies to cyber warfare. The state cannot finance an anti-virus software for every citizen. In the end, it is a matter of budget considerations. A good place to start is by educating the population and possibly giving the citizens a subsidy through tax exemptions in order to purchase cyber warfare protective measures. The intelligence aspect of cyber warfare is a highly complex issue. It starts with the setting of the national priorities. Who determines the priorities in the cyber world? Is protecting the Teva Corporation more important to the resilience of the Israeli economy than protecting a defense element of some kind or another? Who determines that?" 

Another aspect Cohen addressed in this context is the exchange of information between civilian organizations and security organizations and vice versa. 

"What business corporation will agree to allow someone to hack into its servers? Who will remain a client of a communication company or a bank whose servers were hacked and whose client data were stolen? There is a degree of complexity here that is very difficult to cope with. With regard to the intelligence aspect there is a vacuum that needs to be resolved using a method, tools and regulation," says Cohen. 

"Eventually, the element that will provide a cyber defense solution to the state is an element capable of setting up integrated systems. Our solution has all of the building blocks: C2, platforms, encryption, communication and information security. We at Elbit Systems have recruited people from all of the various disciplines. Some of them hailed from security agencies while others came from the technological world. This has yielded a synergy that is hard to find elsewhere. A critical point with regard to cyber warfare is the need for training. It is a new world, a new kind of intelligence and new methods of operation. The people involved in cyber defense must be trained. 

"Our CyberShield NCDS solution incorporates all of the entities of the state, both civilian and security. It includes an element that researches the world of threats to a standard that currently only commercial information security companies conform to – but not the state. It also includes a training and simulation element capable of providing solutions to an extensive range of scenarios, an enforcement element that is critical to the ability to cope with the threat and contain it, and a comprehensive cyber status picture of the state. 

"Such a center includes a professional entity and a decision-making entity. Eventually, someone has to decide whether to shut off the national water supply, as a damage to the conduit system is suspected, or shut off electrical power supply to the northern part of the country owing to a cyber warfare attack. This is not a matter for the technical elements. The cyber world should be connected to the decision makers." 

Is there a market for such a solution? 

"Worldwide, tenders have been issued for such solutions. There is talk about projects amounting to very sizable sums of money that are currently being run worldwide. A total of about 120 countries are discussing budget expenditure in the field of cyber warfare. We have already won specific elements of a tender of this type. At the same time, the hottest business activity in today's cyber warfare world is training intended to establish a pool of specialists. Such a transaction, involving a cyber warfare training center, has been finalized recently with the ST Electronics Company of Singapore," says Cohen. "There is also a demand for solutions in the field of SCADA, where we compete by offering a solution designated Fides. In the USA, regulation for this field is already in effect, and in the future it will begin to influence other countries as well." 

The interest of states in such solutions notwithstanding, one should bear in mind the fact that a primary characteristic of the cyber world is the high degree of suspiciousness on the part of parties purchasing defensive solutions. Consequently, the question arises whether a certain state will be willing to acquire a national cyber warfare defense system from another state. Those who follow the Snowden reports and articles dealing with cyberspace espionage know that a "back door" element may be incorporated in any system, and such an element will provide the selling country with access to all of the data of the purchasing country. 

"We can see Israeli companies that are very successful in the field of information security and cyber warfare. Some of those companies have been acquired by foreign corporations and now provide solutions to government agencies of states worldwide, despite the fact that their development centers remained in Israel. We at Elbit Systems also provide solutions in highly sensitive fields to foreign countries," explains Cohen. "If you are the best at what you do, and it is clear to that country that unless they use your solution they will be hacked, then they will choose you. 

"No state wants to grant foreign elements access to its core activities, but the considerations change when you supply the best solution in the field. This is also the reason why the State of Israel should reveal the capabilities and solutions of the local industry to the world, as if we fail to reveal them, we will not sell. Admittedly, we have an advantage, but the world is catching up. If we do not sell – others will." 

How do you establish a global leadership status in the field of cyber warfare? 

"The question is how to evolve from a start-up nation to a cyber nation. At the present time, we are investing in pinpoint technologies that should evolve into growth engines. But the State of Israel has always done that, with government or private support. Unless you have some Archimedean technology that sets you apart, you will have no advantage. The pinpoint activity is welcome, but what we are missing are large-scale national projects, in the spirit of what the world is currently seeking," says Cohen. 

"For this purpose, the export permit policy must be much more lenient than the current situation. When the state stops a transaction, it must do so with the understanding that it involves a technology that the world will only reach in a few years, and during that time the State of Israel could benefit from the head start. But that is not the current situation. The situation has improved, but we are still operating under severe restrictions. Along with those restrictions, there are no investments in national cyber warfare projects. If projects intended to defend the State of Israel, on a national scale, should be initiated, it will enable the Israeli industries to prove that they are capable of providing integrated solutions on that scale – not just pinpoint solutions. This will contribute to our evolution from a start-up nation to a cyber nation." 

Sharing of Information 

The solution Elbit Systems offers is based on the assumption that cooperation exists between security organizations and between security organizations and civilian organizations. Well – that is not the situation in Israel. ISA, Mossad, IDF, government ministries, the banks and the business sector all conduct themselves as islands. It's everyone for himself. Admittedly, the National Cyber Bureau is hard at work trying to change this state of affairs, but that will take time – a long time. Even in the USA, a country that employs dozens of security and defense agencies, they realized that without sharing information and knowledge, it will be impossible to provide effective national cyber warfare defense. 

"Unless this issue is resolved, do not invest in technology," states Cohen. "Essentially, the same Trojan horse that will attack the defense establishment will also attack the financial and business sectors. Unless you establish cooperation and information sharing, you will remain vulnerable all the time. This brings us back to the question of priorities. Who's more important, a military unit or a bank? The answers to these questions will determine the solution." 

Is it possible to establish such cooperation? 

"It is possible, and it under way to some extent, but in this country the critical issues still remain unresolved. Firstly – how to determine the priorities and who determines them. Secondly – how to produce intelligence in the cyber world, how to share information and how to enforce the decisions. All of these issues should be discussed even before the technological application. Unless the various elements share their information, you will remain vulnerable. In such a world, everyone looks only after himself, and you will not be able to utilize the information and the knowledge at the national level. 

"Cyber warfare has created a complexity that is similar to that of terrorism. These scenarios place the rear area in a state of vulnerability – contrary to the military concept that aspires to have the conflict transferred to the enemy's territory," adds Cohen. "One of the most important sectors, as far as the stability of the state is concerned, is the financial sector, for example. The banks currently face an extensive range of threats, including the subject of virtual currency – but not just that. The financial system can take the entire economy off balance. This brings us back, once again, to the question of priorities. What would happen if a bank collapsed? If the clients wake up to a morning of realizing that their accounts had been wiped clean? 

"The world wants to live normally. It aspires to achieve mutual deterrence between players. The defensive systems are only beginning to take shape at the state level. There are criminal and terrorist elements that operate in cyberspace unhindered. In the future, we will reach a situation where states will have a common interest of cooperating and sharing information in order to cope with cyber warfare threats, but we are still far away from that point."

No comments: