TEL AVIV – No other country on earth has successfully integrated private, academic, government, and military cyber-expertise as Israel has done at its new cyber-city in the desert, a report by the Washington Post claims.
Covering just a few square miles in the middle of the Negev desert, this fast-growing cyber-city is cementing Israel’s place as a major digital power, second only to the U.S.
According to Capt. Rotem Bashi, a commander in an IDF cyber-defense unit, the “next war will be in cyberspace.”
Half a billion dollars of private investments are funneled into Israeli cyber-security firms annually. Israel and the U.S. are jointly responsible for what the Post termed “the world’s most destructive cyber-weapon known to date, Stuxnet, which was let loose on Iran’s Natanz nuclear enrichment facility to devastating effect.”
“The United States has more capabilities than Israel in cyberspace,” said Gabi Siboni, director of the cyber-security program at the Institute for National Security Studies in Tel Aviv. “But we are small. We are very anxious, and it’s the difference between a speedboat and an aircraft carrier. We go very fast.”
Israel also realized the potential of leveraging cyber-threats to create an economic powerhouse, establishing a central body called the National Cyber Security Authority to that end, in which different sectors of society are able to collaborate.
“You will not find it in the United States,” said Eviatar Matania, the head of the National Cyber Bureau. “First, we have more enemies than others. We understand that the cyber-threat is here and now. Second, a lot of Israel’s high-tech and innovation culture is in cyber. This is where we can gain an advantage over other countries in defending ourselves. And thus, we see cyber not just as a threat to mitigate, but also as one of our economic engines.”
The cyber-city already houses cyber incubators and global giants such as PayPal, Lockheed Martin, and Deutsche Telekom, and now it plans to set up a headquarters for the IDF’s cyber-defenders and the elite army unit 8200.
The Shin Bet, Israel’s internal security agency, which has been a key player in the cyber arena, will also set up shop there, as will Ben-Gurion University of the Negev, the country’s top university for cyber-security.
“What you get out of that is the research capabilities that academia brings, the real-world knowledge that the [tech firms] bring, the hands-on experience that the military brings, alongside the entrepreneurial ability that the start-ups bring,” said Nadav Zafrir, a former head of Israel’s Unit 8200, who is himself now a tech entrepreneur. “You put all that together, it sparks magic.”
The country’s main electric utility, Israel Electric Corp, is one of its most targeted entities. But due to the contrasts in attitudes toward privacy, the modus operandi of thwarting cyber-attacks is very different in Israel than it is in the U.S.
A successful attack could disrupt power to virtually all of Israel, said Yosi Shneck, the company spokesman. But to date, none has succeeded. His engineers have help from an outside source: Shin Bet. Besides thwarting physical terrorist attacks, the security agency is responsible for protecting 30 or so critical entities from cyber-attack. The list was drawn up by Israel’s parliament and includes the Bank of Israel, oil refineries and the blood bank. That is the equivalent of the FBI regulating major U.S. businesses or private entities for cyber-security — an authority that would alarm American companies and civil libertarians and could not secure support in Congress.
But in Israel, the fear of a major attack is greater than concern for privacy, said Rami Efrati, a former National Cyber Bureau official.
The Shin Bet does not monitor the companies’ networks. It sniffs out threats before they hit the firms. It also relies on sensors the companies install in their systems to gather information that is then fed back to the security agency. In turn, Unit 8200 and Mossad, the foreign intelligence agency, also share cyber-threat data with Shin Bet. By contrast, in the United States, it took years to pass a law to encourage — not compel — companies to share computer data with the government.